finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:f40fff587f009a08327f1d14f72a5a48126c6e97
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram
..
compare: finallycoffee:4af024e8d2c231fc9aebc8cd3aa67307ac9d26c7
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram

2 Commits
f40fff587f ... 4af024e8d2

Author SHA1 Message Date
transcaffeine
4af024e8d2
meta: move inventory structure to be more usable 2024-09-16 20:45:37 +02:00
jdreichmann
a74d6d3831
meta: add own inventory, add vault-unlock with GPG 2024-09-16 20:41:33 +02:00
127 changed files with 1451 additions and 2257 deletions
Show Stats Expand all files Collapse all files

44
CHANGELOG.md
View File

@ -1,19 +1,3 @@
# 2024-09-27
## (BC Break) Postgres & Traefik roles have been relocated and variable names need adjustments
Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration.
You need to do the following replacements:
- `devture_postgres_` -> `postgres_`
- `devture_traefik_` -> `traefik_`
As always, the playbook would let you know about this and point out any variables you may have missed.
# 2024-09-12 # 2024-09-12
## Support for baibot ## Support for baibot
@ -134,7 +118,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s
If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp). If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand. If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand.
### HTTP/3 is enabled by default ### HTTP/3 is enabled by default
@ -151,7 +135,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
To **disable HTTP/3**, you can use the following configuration: To **disable HTTP/3**, you can use the following configuration:
```yml ```yml
traefik_config_entrypoint_web_secure_http3_enabled: false devture_traefik_config_entrypoint_web_secure_http3_enabled: false
# Disabling HTTP/3 for the web-secure entrypoint (above), # Disabling HTTP/3 for the web-secure entrypoint (above),
# automatically disables it for the Matrix Federation entrypoint as well, # automatically disables it for the Matrix Federation entrypoint as well,
@ -473,9 +457,9 @@ Because [Traefik has an extra job now](#traefik-now-has-an-extra-job), you need
### People fronting Traefik with another reverse proxy need to do minor changes ### People fronting Traefik with another reverse proxy need to do minor changes
We've already previously mentioned that you need to do some minor [configuration changes related to `traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy). We've already previously mentioned that you need to do some minor [configuration changes related to `devture_traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
If you don't do these changes (switching from `traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job). If you don't do these changes (switching from `devture_traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job).
### Supported reverse proxy types are now fewer ### Supported reverse proxy types are now fewer
@ -588,17 +572,17 @@ I don't actively use all the ~100 components offered by the playbook (no one doe
If you're on the default setup (using the Traefik reverse-proxy as installed by the playbook), you don't need to do anything. If you're on the default setup (using the Traefik reverse-proxy as installed by the playbook), you don't need to do anything.
People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `traefik_additional_entrypoints_auto` in their `vars.yml` configuration. People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `devture_traefik_additional_entrypoints_auto` in their `vars.yml` configuration.
Such a full variable redefinion is intrustive, because it prevents the playbook from injecting additional entrypoints into the Traefik webserver. In the future, the playbook may have a need to do so. Such a full variable redefinion is intrustive, because it prevents the playbook from injecting additional entrypoints into the Traefik webserver. In the future, the playbook may have a need to do so.
For this reason, we no longer recommend completely redefining `traefik_additional_entrypoints_auto`. For this reason, we no longer recommend completely redefining `devture_traefik_additional_entrypoints_auto`.
The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `traefik_additional_entrypoints_auto`. The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `devture_traefik_additional_entrypoints_auto`.
Adapt your configuration as seen below: Adapt your configuration as seen below:
```diff ```diff
-traefik_additional_entrypoints_auto: -devture_traefik_additional_entrypoints_auto:
- - name: matrix-federation - - name: matrix-federation
- port: 8449 - port: 8449
- host_bind_port: '127.0.0.1:8449' - host_bind_port: '127.0.0.1:8449'
@ -727,7 +711,7 @@ From now on, the [Postgres Ansible role](https://github.com/devture/com.devture.
Our [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) documentation page has details about how you can turn auto-tuning off or adjust the automatically-determined Postgres configuration parameters manually. Our [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) documentation page has details about how you can turn auto-tuning off or adjust the automatically-determined Postgres configuration parameters manually.
People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `postgres_process_extra_arguments`). There's a new variable (`postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers. People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `devture_postgres_process_extra_arguments`). There's a new variable (`devture_postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers.
# 2023-08-31 # 2023-08-31
@ -1086,7 +1070,7 @@ Unless we have some regression, **existing `matrix-nginx-proxy` users should be
```yaml ```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik matrix_playbook_reverse_proxy_type: playbook-managed-traefik
traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
``` ```
You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed. You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed.
@ -1113,7 +1097,7 @@ As mentioned above, Traefik still reverse-proxies to some (most) services by goi
As Traefik support becomes complete and proves to be stable for a while, especially as a playbook default, we will **most likely remove `matrix-nginx-proxy` completely**. It will likely be some months before this happens though. Keeping support for both Traefik and nginx in the playbook will be a burden, especially with most of us running Traefik in the future. The Traefik role should do everything nginx does in a better and cleaner way. Users who use their own `nginx` server on the Matrix server will be inconvenienced, as nothing will generate ready-to-include nginx configuration for them. Still, we hope it won't be too hard to migrate their setup to another way of doing things, like: As Traefik support becomes complete and proves to be stable for a while, especially as a playbook default, we will **most likely remove `matrix-nginx-proxy` completely**. It will likely be some months before this happens though. Keeping support for both Traefik and nginx in the playbook will be a burden, especially with most of us running Traefik in the future. The Traefik role should do everything nginx does in a better and cleaner way. Users who use their own `nginx` server on the Matrix server will be inconvenienced, as nothing will generate ready-to-include nginx configuration for them. Still, we hope it won't be too hard to migrate their setup to another way of doing things, like:
- not using nginx anymore. A common reason for using nginx until now was that you were running other containers and you need your own nginx to reverse-proxy to all of them. Just switch them to Traefik as well. - not using nginx anymore. A common reason for using nginx until now was that you were running other containers and you need your own nginx to reverse-proxy to all of them. Just switch them to Traefik as well.
- running Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`). - running Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`).
### How do I help? ### How do I help?
@ -1123,7 +1107,7 @@ You can help by:
- **adding native Traefik support to a role** (requires adding Traefik labels, etc.) - for inspiration, see these roles ([prometheus_node_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter), [prometheus_postgres_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter)) and how they're hooked into the playbook via [group_vars/matrix_servers](group_vars/matrix_servers). - **adding native Traefik support to a role** (requires adding Traefik labels, etc.) - for inspiration, see these roles ([prometheus_node_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter), [prometheus_postgres_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter)) and how they're hooked into the playbook via [group_vars/matrix_servers](group_vars/matrix_servers).
- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server - **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server
# 2023-02-10 # 2023-02-10
@ -1248,14 +1232,14 @@ See our [Setting up matrix-bot-chatgpt](docs/configuring-playbook-bot-chatgpt.md
Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup). Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup).
You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `postgres_backup` prefix. You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix.
# 2022-11-28 # 2022-11-28
## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role ## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role
**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`). **TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability. The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability.

26
docs/configuring-playbook-bot-baibot.md
View File

@ -154,11 +154,6 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: "YO
# If you'd like to use another text-generation agent, uncomment and adjust: # If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620 # matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Anthropic agent.
# matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# See `defaults/main.yml` in the baibot role for more configuration options. # See `defaults/main.yml` in the baibot role for more configuration options.
``` ```
@ -181,11 +176,6 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key: "YOUR_AP
# Specify the text-generation agent you'd like to use # Specify the text-generation agent you'd like to use
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: "llama3-70b-8192" matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: "llama3-70b-8192"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Groq agent.
# matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# Uncomment and adjust if you're not happy with these speech-to-text defaults: # Uncomment and adjust if you're not happy with these speech-to-text defaults:
# #
# matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_enabled: true # matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_enabled: true
@ -212,11 +202,6 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: true
matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key: "YOUR_API_KEY_HERE" matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key: "YOUR_API_KEY_HERE"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Mistral agent.
# matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# Uncomment and adjust if you're not happy with these defaults: # Uncomment and adjust if you're not happy with these defaults:
# matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest # matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest
@ -243,13 +228,8 @@ matrix_bot_baibot_config_agents_static_definitions_openai_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_API_KEY_HERE" matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_API_KEY_HERE"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the OpenAI agent.
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust: # If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o-2024-08-06 # matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
# See `defaults/main.yml` in the baibot role for more configuration options. # See `defaults/main.yml` in the baibot role for more configuration options.
``` ```
@ -293,7 +273,7 @@ matrix_bot_baibot_config_agents_static_definitions_custom:
api_key: "YOUR_API_KEY_HERE" api_key: "YOUR_API_KEY_HERE"
text_generation: text_generation:
model_id: gpt-3.5-turbo-0125 model_id: gpt-3.5-turbo-0125
prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" prompt: You are a brief, but helpful bot.
temperature: 1.0 temperature: 1.0
max_response_tokens: 4096 max_response_tokens: 4096
max_context_tokens: 16385 max_context_tokens: 16385
@ -310,7 +290,7 @@ matrix_bot_baibot_config_agents_static_definitions_custom:
api_key: "" api_key: ""
text_generation: text_generation:
model_id: "llama3.1:8b" model_id: "llama3.1:8b"
prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" prompt: "You are an assistant based on the Llama3.1:8b model. Be brief in your responses."
temperature: 1.0 temperature: 1.0
max_response_tokens: 4096 max_response_tokens: 4096
max_context_tokens: 128000 max_context_tokens: 128000

70
docs/configuring-playbook-bot-draupnir.md
View File

@ -123,75 +123,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
## Usage ## Usage
You can refer to the upstream [documentation](https://the-draupnir-project.github.io/draupnir-documentation/) for additional ways to use and configure Draupnir and for a more detailed usage guide. You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/the-draupnir-project/Draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
Below is a **non-exhaustive quick-start guide** for the impatient.
### Making Draupnir join and protect a room
Draupnir can be told to self-join public rooms, but it's better to follow this flow which works well for all kinds of rooms:
1. Invite the bot to the room manually ([inviting Draupnir to rooms](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#inviting-draupnir-to-rooms)). Before joining, the bot *may* ask for confirmation in the Management Room
2. [Give the bot permissions to do its job](#giving-draupnir-permissions-to-do-its-job)
3. Tell it to protect the room (using the [rooms command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#using-the-draupnir-rooms-command)) by sending the following command to the Management Room: `!draupnir rooms add !ROOM_ID:DOMAIN`
To have Draupnir provide useful room protection, you need do to a bit more work (at least the first time around).
You may wish to [Subscribe to a public policy list](#subscribing-to-a-public-policy-list), [Create your own own policy and rules](#creating-your-own-policy-lists-and-rules) and [Enabling built-in protections](#enabling-built-in-protections).
### Giving Draupnir permissions to do its job
For Draupnir to do its job, you need to [give it permissions](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#giving-draupnir-permissions) in rooms it's protecting. This involves **giving it an Administrator power level**.
**We recommend setting this power level as soon as the bot joins your room** (and before you create new rules), so that it can apply rules as soon as they are available. If the bot is under-privileged, it may fail to apply protections and may not retry for a while (or until your restart it).
### Subscribing to a public policy list
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
#### Creating your own policy lists and rules
We also recommend **creating your own policy lists** with the [list create](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-list-create-command-to-create-a-policy-room) command.
You can do so by sending the following command to the Management Room: `!draupnir list create my-bans my-bans-bl`. This will create a policy list having a name (shortcode) of `my-bans` and stored in a public `#my-bans-bl:DOMAIN` room on your server. As soon as you run this command, the bot will invite you to the policy list room.
A policy list does nothing by itself, so the next step is **adding some rules to your policy list**. Policies target a so-called `entity` (one of: `user`, `room` or `server`). These entities are mentioned on the [policy lists](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists) documentation page and in the Matrix Spec [here](https://spec.matrix.org/v1.11/client-server-api/#mban-recommendation).
The simplest and most useful entity to target is `user`. Below are a few examples using the [ban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-ban-command) and targeting users.
To create rules, you run commands in the Management Room (**not** in the policy list room).
- (ban a single user on a given homeserver): `!draupnir ban @someone:example.com my-bans Rude to others`
- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server - all users are fake`
As a result of running these commands, you may observe:
- Draupnir creating `m.policy.rule.user` state events in the `#my-bans-bl:DOMAIN` room on your server
- applying these rules against all rooms that Draupnir is an Administrator in
You can undo bans with the [unban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-unban-command).
### Enabling built-in protections
You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.
To **see the configuration options for a given protection**, send a `!draupnir config get PROTECTION_NAME` (e.g. `!draupnir config get JoinWaveShortCircuit`).
To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).
## Extending the configuration
You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.

6
docs/configuring-playbook-bridge-mautrix-gmessages.md
View File

@ -14,12 +14,14 @@ matrix_mautrix_gmessages_enabled: true
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet ### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook. The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token ### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). **Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

6
docs/configuring-playbook-bridge-mautrix-meta-instagram.md
View File

@ -66,12 +66,14 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-instagram/templ
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet ### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook. The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token ### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). **Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

6
docs/configuring-playbook-bridge-mautrix-meta-messenger.md
View File

@ -77,12 +77,14 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-messenger/templ
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet ### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook. The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token ### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). **Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

2
docs/configuring-playbook-external-postgres.md
View File

@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit
If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this:
```yaml ```yaml
postgres_enabled: false devture_postgres_enabled: false
# Rewire Synapse to use your external Postgres server # Rewire Synapse to use your external Postgres server
matrix_synapse_database_host: "your-postgres-server-hostname" matrix_synapse_database_host: "your-postgres-server-hostname"

8
docs/configuring-playbook-jitsi.md
View File

@ -227,20 +227,20 @@ To make Traefik reverse-proxy to these additional JVBs (living on other hosts),
# Traefik proxying for additional JVBs. These can't be configured using Docker # Traefik proxying for additional JVBs. These can't be configured using Docker
# labels, like the first JVB is, because they run on different hosts, so we add # labels, like the first JVB is, because they run on different hosts, so we add
# the necessary configuration to the file provider. # the necessary configuration to the file provider.
traefik_provider_configuration_extension_yaml: | devture_traefik_provider_configuration_extension_yaml: |
http: http:
routers: routers:
{% for host in groups['jitsi_jvb_servers'] %} {% for host in groups['jitsi_jvb_servers'] %}
additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router:
entryPoints: entryPoints:
- "{{ traefik_entrypoint_primary }}" - "{{ devture_traefik_entrypoint_primary }}"
rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)"
service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service
{% if traefik_entrypoint_primary != 'web' %} {% if devture_traefik_entrypoint_primary != 'web' %}
tls: tls:
certResolver: "{{ traefik_certResolver_primary }}" certResolver: "{{ devture_traefik_certResolver_primary }}"
{% endif %} {% endif %}

8
docs/configuring-playbook-matrix-media-repo.md
View File

@ -123,7 +123,7 @@ To import the Synapse media store, you're supposed to invoke the `import_synapse
This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse). This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse).
Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file): Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
```sh ```sh
docker exec -it matrix-media-repo \ docker exec -it matrix-media-repo \
@ -132,7 +132,7 @@ docker exec -it matrix-media-repo \
-dbHost matrix-postgres \ -dbHost matrix-postgres \
-dbPort 5432 \ -dbPort 5432 \
-dbUsername matrix \ -dbUsername matrix \
-dbPassword postgres_connection_password -dbPassword devture_postgres_connection_password
``` ```
Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.
@ -145,7 +145,7 @@ If you're using the [Dendrite](configuring-playbook-dendrite.md) homeserver inst
To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`. To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`.
Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file): Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
```sh ```sh
docker exec -it matrix-media-repo \ docker exec -it matrix-media-repo \
@ -154,7 +154,7 @@ docker exec -it matrix-media-repo \
-dbHost matrix-postgres \ -dbHost matrix-postgres \
-dbPort 5432 \ -dbPort 5432 \
-dbUsername matrix \ -dbUsername matrix \
-dbPassword postgres_connection_password -dbPassword devture_postgres_connection_password
``` ```
Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.

18
docs/configuring-playbook-own-webserver.md
View File

@ -21,7 +21,7 @@ To have the playbook install and use Traefik, use configuration like this (as se
```yaml ```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik matrix_playbook_reverse_proxy_type: playbook-managed-traefik
traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
``` ```
Traefik will manage SSL certificates for all services seamlessly. Traefik will manage SSL certificates for all services seamlessly.
@ -38,7 +38,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container
# Adjust to point to your Traefik container # Adjust to point to your Traefik container
matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container
traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" devture_traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
# Uncomment and tweak the variable below if the name of your federation entrypoint is different # Uncomment and tweak the variable below if the name of your federation entrypoint is different
# than the default value (matrix-federation). # than the default value (matrix-federation).
@ -148,18 +148,18 @@ matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval. # Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval.
# This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint # This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint
# (by toggling `matrix_federation_traefik_entrypoint_tls`). # (by toggling `matrix_federation_traefik_entrypoint_tls`).
traefik_config_entrypoint_web_secure_enabled: false devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81` # If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
traefik_container_web_host_bind_port: '127.0.0.1:81' devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from # We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough. # a reverse-proxy running on the local machine is safe enough.
# If you're publishing the port (`traefik_container_web_host_bind_port` above) to a public network interface: # If you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interface:
# - remove the `traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below # - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below
# - uncomment and adjust the `traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below # - uncomment and adjust the `devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below
traefik_config_entrypoint_web_forwardedHeaders_insecure: true devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY'] # devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly). # Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly).
# #

16
docs/configuring-playbook-postgres-backup.md
View File

@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:
```yaml ```yaml
postgres_backup_enabled: true devture_postgres_backup_enabled: true
``` ```
Refer to the table below for additional configuration variables and their default values. Refer to the table below for additional configuration variables and their default values.
@ -18,13 +18,13 @@ Refer to the table below for additional configuration variables and their defaul
| Name | Default value | Description | | Name | Default value | Description |
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| |`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| |`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`postgres_backup_keep_days`|`7`|Number of daily backups to keep| |`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| |`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`postgres_backup_keep_months`|`12`|Number of monthly backups to keep| |`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` | |`devture_postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` |
|`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups | |`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
## Installing ## Installing

26
docs/configuring-playbook-ssl-certificates.md
View File

@ -12,7 +12,7 @@ For testing purposes, you may wish to use staging certificates provide by Let's
You can do this with the following configuration: You can do this with the following configuration:
```yaml ```yaml
traefik_config_certificatesResolvers_acme_use_staging: true devture_traefik_config_certificatesResolvers_acme_use_staging: true
``` ```
@ -23,7 +23,7 @@ For testing or other purposes, you may wish to install services without SSL term
You can do this with the following configuration: You can do this with the following configuration:
```yaml ```yaml
traefik_config_entrypoint_web_secure_enabled: false devture_traefik_config_entrypoint_web_secure_enabled: false
``` ```
@ -46,16 +46,16 @@ To use your own SSL certificates with Traefik, you need to:
```yaml ```yaml
# Disable ACME / Let's Encrypt support. # Disable ACME / Let's Encrypt support.
traefik_config_certificatesResolvers_acme_enabled: false devture_traefik_config_certificatesResolvers_acme_enabled: false
# Disabling ACME support (above) automatically disables the creation of the SSL directory. # Disabling ACME support (above) automatically disables the creation of the SSL directory.
# Force-enable it here, because we'll add our certificate files there. # Force-enable it here, because we'll add our certificate files there.
traefik_ssl_dir_enabled: true devture_traefik_ssl_dir_enabled: true
# Tell Traefik to load our custom configuration file (certificates.yml). # Tell Traefik to load our custom configuration file (certificates.yml).
# The file is created below, in `aux_file_definitions`. # The file is created below, in `aux_file_definitions`.
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it! # The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
providers: providers:
file: file:
filename: /config/certificates.yml filename: /config/certificates.yml
@ -66,7 +66,7 @@ traefik_configuration_extension_yaml: |
aux_file_definitions: aux_file_definitions:
# Create the privkey.pem file on the server by # Create the privkey.pem file on the server by
# uploading a file from the computer where Ansible is running. # uploading a file from the computer where Ansible is running.
- dest: "{{ traefik_ssl_dir_path }}/privkey.pem" - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
src: /path/on/your/Ansible/computer/to/privkey.pem src: /path/on/your/Ansible/computer/to/privkey.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level. # Note the indentation level.
@ -76,7 +76,7 @@ aux_file_definitions:
# Create the cert.pem file on the server # Create the cert.pem file on the server
# uploading a file from the computer where Ansible is running. # uploading a file from the computer where Ansible is running.
- dest: "{{ traefik_ssl_dir_path }}/cert.pem" - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
src: /path/on/your/Ansible/computer/to/cert.pem src: /path/on/your/Ansible/computer/to/cert.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level. # Note the indentation level.
@ -86,7 +86,7 @@ aux_file_definitions:
# Create the custom Traefik configuration. # Create the custom Traefik configuration.
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them! # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
- dest: "{{ traefik_config_dir_path }}/certificates.yml" - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
content: | content: |
tls: tls:
certificates: certificates:
@ -109,12 +109,12 @@ You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt
This is an example for how to edit the `vars.yml` file if you're using Cloudflare: This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
```yaml ```yaml
traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare" devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60 devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers: devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
- "1.1.1.1:53" - "1.1.1.1:53"
traefik_environment_variables_additional_variables: | devture_traefik_environment_variables_additional_variables: |
CF_API_EMAIL=redacted CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted

2
docs/configuring-playbook-synapse.md
View File

@ -75,7 +75,7 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and
#### Effect of enabling workers on the rest of your server #### Effect of enabling workers on the rest of your server
When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable. When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `devture_postgres_max_connections` variable.
A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly. A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.

36
docs/configuring-playbook-traefik.md
View File

@ -12,7 +12,7 @@ See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl
## Increase logging verbosity ## Increase logging verbosity
```yaml ```yaml
traefik_config_log_level: DEBUG devture_traefik_config_log_level: DEBUG
``` ```
## Disable access logs ## Disable access logs
@ -20,7 +20,7 @@ traefik_config_log_level: DEBUG
This will disable access logging. This will disable access logging.
```yaml ```yaml
traefik_config_accessLog_enabled: false devture_traefik_config_accessLog_enabled: false
``` ```
## Enable Traefik Dashboard ## Enable Traefik Dashboard
@ -28,23 +28,23 @@ traefik_config_accessLog_enabled: false
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`). This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`).
```yaml ```yaml
traefik_dashboard_enabled: true devture_traefik_dashboard_enabled: true
traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}" devture_traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}"
traefik_dashboard_basicauth_enabled: true devture_traefik_dashboard_basicauth_enabled: true
traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
``` ```
**WARNING**: Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts. **WARNING**: Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts.
## Additional configuration ## Additional configuration
Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
```yaml ```yaml
# This is a contrived example. # This is a contrived example.
# You can enable and secure the Dashboard using dedicated variables. See above. # You can enable and secure the Dashboard using dedicated variables. See above.
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
api: api:
dashboard: true dashboard: true
``` ```
@ -66,8 +66,8 @@ First, we have to adjust the static configuration of Traefik, so that we can add
```yaml ```yaml
# We enable all config files in the /config/ folder to be loaded. # We enable all config files in the /config/ folder to be loaded.
# `/config` is the path as it appears in the Traefik container. # `/config` is the path as it appears in the Traefik container.
# On the host, it's actually `/matrix/traefik/config` (as defined in `traefik_config_dir_path`). # On the host, it's actually `/matrix/traefik/config` (as defined in `devture_traefik_config_dir_path`).
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
providers: providers:
file: file:
directory: /config/ directory: /config/
@ -79,7 +79,7 @@ If you are using a self-signed certificate on your webserver, you can tell Traef
```yaml ```yaml
# We enable all config files in the /config/ folder to be loaded and # We enable all config files in the /config/ folder to be loaded and
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
providers: providers:
file: file:
directory: /config/ directory: /config/
@ -90,11 +90,11 @@ traefik_configuration_extension_yaml: |
``` ```
Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates. Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates.
```yaml ```yaml
aux_file_definitions: aux_file_definitions:
- dest: "{{ traefik_config_dir_path }}/provider_my_fancy_website.yml" - dest: "{{ devture_traefik_config_dir_path }}/provider_my_fancy_website.yml"
content: | content: |
http: http:
routers: routers:
@ -117,7 +117,7 @@ If you do not want to terminate SSL at the Traefik instance (for example, becaus
```yaml ```yaml
aux_file_definitions: aux_file_definitions:
- dest: "{{ traefik_config_dir_path }}/providers_my_fancy_website.yml" - dest: "{{ devture_traefik_config_dir_path }}/providers_my_fancy_website.yml"
content: | content: |
tcp: tcp:
routers: routers:
@ -134,9 +134,9 @@ aux_file_definitions:
``` ```
Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP. Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP.
With these changes, all TCP traffic will be reverse-proxied to the target system. With these changes, all TCP traffic will be reverse-proxied to the target system.
**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```. **WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```.
## Traefik behind a `proxy_protocol` reverse-proxy ## Traefik behind a `proxy_protocol` reverse-proxy
@ -144,7 +144,7 @@ With these changes, all TCP traffic will be reverse-proxied to the target system
If you run a reverse-proxy which speaks `proxy_protocol`, add the following to your configuration file: If you run a reverse-proxy which speaks `proxy_protocol`, add the following to your configuration file:
```yaml ```yaml
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
entryPoints: entryPoints:
web-secure: web-secure:
proxyProtocol: proxyProtocol:

34
docs/howto-srv-server-delegation.md
View File

@ -58,29 +58,29 @@ We cannot just disable the default resolver as that would disable SSL in quite a
```yaml ```yaml
# 1. Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects # 1. Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
certificatesResolvers: certificatesResolvers:
dns: dns:
acme: acme:
# To use a staging endpoint for testing purposes, uncomment the line below. # To use a staging endpoint for testing purposes, uncomment the line below.
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ traefik_config_certificatesResolvers_acme_email | to_json }} email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }}
dnsChallenge: dnsChallenge:
provider: cloudflare provider: cloudflare
resolvers: resolvers:
- "1.1.1.1:53" - "1.1.1.1:53"
- "8.8.8.8:53" - "8.8.8.8:53"
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }}
# 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare) # 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare)
traefik_environment_variables: | devture_traefik_environment_variables: |
CF_API_EMAIL=redacted CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted
LEGO_DISABLE_CNAME_SUPPORT=true LEGO_DISABLE_CNAME_SUPPORT=true
# 3. Instruct the playbook to use the new ACME configuration # 3. Instruct the playbook to use the new ACME configuration
traefik_certResolver_primary: dns devture_traefik_certResolver_primary: dns
``` ```
## Adjust Coturn's configuration ## Adjust Coturn's configuration
@ -105,16 +105,16 @@ matrix_coturn_container_additional_volumes: |
( (
[ [
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt', 'dst': '/certificate.crt',
'options': 'ro', 'options': 'ro',
}, },
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key', 'dst': '/privatekey.key',
'options': 'ro', 'options': 'ro',
}, },
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
) )
}} }}
``` ```
@ -124,7 +124,7 @@ matrix_coturn_container_additional_volumes: |
```yaml ```yaml
# Choosing the reverse proxy implementation # Choosing the reverse proxy implementation
matrix_playbook_reverse_proxy_type: playbook-managed-traefik matrix_playbook_reverse_proxy_type: playbook-managed-traefik
traefik_config_certificatesResolvers_acme_email: redacted@example.com devture_traefik_config_certificatesResolvers_acme_email: redacted@example.com
# To serve the federation from any domain, as long as the path matches # To serve the federation from any domain, as long as the path matches
matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/federation`) matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/federation`)
@ -135,25 +135,25 @@ matrix_synapse_container_labels_additional_labels: |
traefik.http.routers.matrix-synapse-federation-api.tls.domains.sans="*.example.com" traefik.http.routers.matrix-synapse-federation-api.tls.domains.sans="*.example.com"
# Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects # Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects
traefik_configuration_extension_yaml: | devture_traefik_configuration_extension_yaml: |
certificatesResolvers: certificatesResolvers:
dns: dns:
acme: acme:
# To use a staging endpoint for testing purposes, uncomment the line below. # To use a staging endpoint for testing purposes, uncomment the line below.
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ traefik_config_certificatesResolvers_acme_email | to_json }} email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }}
dnsChallenge: dnsChallenge:
provider: cloudflare provider: cloudflare
resolvers: resolvers:
- "1.1.1.1:53" - "1.1.1.1:53"
- "8.8.8.8:53" - "8.8.8.8:53"
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }}
# Instruct thep laybook to use the new ACME configuration # Instruct thep laybook to use the new ACME configuration
traefik_certResolver_primary: "dns" devture_traefik_certResolver_primary: "dns"
# Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare) # Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare)
traefik_environment_variables: | devture_traefik_environment_variables: |
CF_API_EMAIL=redacted CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted
@ -168,16 +168,16 @@ matrix_coturn_container_additional_volumes: |
( (
[ [
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt', 'dst': '/certificate.crt',
'options': 'ro', 'options': 'ro',
}, },
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key', 'dst': '/privatekey.key',
'options': 'ro', 'options': 'ro',
}, },
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
) )
}} }}
``` ```

8
docs/maintenance-postgres.md
View File

@ -107,12 +107,12 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"`
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/.
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable. You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable.
Most users should be fine with the automatically-done tuning. However, you may wish to: Most users should be fine with the automatically-done tuning. However, you may wish to:
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable - **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []` - **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []`
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration - **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration

2
docs/maintenance-upgrading-services.md
View File

@ -9,7 +9,7 @@ To upgrade services:
- update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using: - update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
- either: `just update` - either: `just update`
- or: a combination of `git pull` and `just roles` (or `make roles`) - or: a combination of `git pull` and `just role` (or `make roles`)
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of

4
examples/vars.yml
View File

@ -34,13 +34,13 @@ matrix_playbook_reverse_proxy_type: playbook-managed-traefik
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
# #
# Example value: someone@example.com # Example value: someone@example.com
traefik_config_certificatesResolvers_acme_email: '' devture_traefik_config_certificatesResolvers_acme_email: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default). # A Postgres password to use for the superuser Postgres user (called `matrix` by default).
# #
# The playbook creates additional Postgres users and databases (one for each enabled service) # The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account. # using this superuser account.
postgres_connection_password: '' devture_postgres_connection_password: ''
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file. # By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section. # If this value is an external IP address, you can skip this section.

1025
group_vars/matrix_servers
View File

File diff suppressed because it is too large Load Diff

38
requirements.yml
View File

@ -16,22 +16,22 @@
version: 129c8590e106b83e6f4c259649a613c6279e937a version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.2.5-0 version: v2.2.2-0
name: etherpad name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98-r0-1-1 version: v4.98-r0-1-0
name: exim_relay name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.1.7-0 version: v11.1.4-0
name: grafana name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v9753-0 version: v9646-0
name: jitsi name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
version: v6.3.4-3 version: v6.3.4-2
name: keydb name: keydb
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.10.0-2 version: v2.10.0-1
name: ntfy name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 201c939eed363de269a83ba29784fc3244846048 version: 201c939eed363de269a83ba29784fc3244846048
@ -42,26 +42,26 @@
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: v17.0-1 version: v16.3-2
name: postgres name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: v16-0 version: 8c3585fb4857dbac026b2974bb6525289240effb
name: postgres_backup name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.54.1-1 version: v2.54.1-0
name: prometheus name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.8.2-1 version: v1.8.2-0
name: prometheus_node_exporter name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.14.0-6 version: v0.14.0-5
name: prometheus_postgres_exporter name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-redis.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-redis.git
version: v7.2.5-1 version: v7.2.5-0
name: redis name: redis
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.3.0-0 version: v1.2.0-0
name: systemd_docker_base name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-4 version: v1.0.0-4
@ -69,9 +69,9 @@
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.0.0-0 version: v1.0.0-0
name: timesync name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v3.1.3-2 version: v3.1.2-1
name: traefik name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.3-5 version: v2.8.3-4
name: traefik_certs_dumper name: traefik_certs_dumper

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@ -6,7 +6,7 @@
matrix_alertmanager_receiver_enabled: true matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2024.10.2 matrix_alertmanager_receiver_version: 2024.8.28
matrix_alertmanager_receiver_scheme: https matrix_alertmanager_receiver_scheme: https

3
roles/custom/matrix-alertmanager-receiver/tasks/install.yml
View File

@ -63,7 +63,7 @@
cmd: |- cmd: |-
{{ devture_systemd_docker_base_host_command_docker }} buildx build {{ devture_systemd_docker_base_host_command_docker }} buildx build
--tag={{ matrix_alertmanager_receiver_container_image }} --tag={{ matrix_alertmanager_receiver_container_image }}
--file={{ matrix_alertmanager_receiver_container_src_path }}/Dockerfile --file={{ matrix_alertmanager_receiver_container_src_path }}/contrib/Dockerfile
{{ matrix_alertmanager_receiver_container_src_path }} {{ matrix_alertmanager_receiver_container_src_path }}
changed_when: true changed_when: true
@ -72,7 +72,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_alertmanager_receiver_container_network }}" name: "{{ matrix_alertmanager_receiver_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-alertmanager-receiver.service installed - name: Ensure matrix-alertmanager-receiver.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
View File

@ -80,7 +80,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_draupnir_for_all_container_network }}" name: "{{ matrix_appservice_draupnir_for_all_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-draupnir-for-all.service installed - name: Ensure matrix-appservice-draupnir-for-all.service installed
ansible.builtin.template: ansible.builtin.template:

10
roles/custom/matrix-base/defaults/main.yml
View File

@ -216,15 +216,15 @@ matrix_metrics_exposure_http_basic_auth_users: ''
# #
# - `playbook-managed-traefik` # - `playbook-managed-traefik`
# - the playbook will run a managed Traefik instance (matrix-traefik) # - the playbook will run a managed Traefik instance (matrix-traefik)
# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`) # - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email` # - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
# #
# - `other-traefik-container` # - `other-traefik-container`
# - this playbook will not install Traefik # - this playbook will not install Traefik
# - nevertheless, the playbook expects that you would install Traefik yourself via other means # - nevertheless, the playbook expects that you would install Traefik yourself via other means
# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
# - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network # - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
# - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`) # - Traefik certs dumper will be enabled by default (`devture_traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`)
# #
# - `none` # - `none`
# - no reverse-proxy will be installed # - no reverse-proxy will be installed
@ -244,7 +244,7 @@ matrix_playbook_reverse_proxyable_services_additional_network: "{{ matrix_playbo
# Controls if various services think if SSL is enabled or not. # Controls if various services think if SSL is enabled or not.
# Disabling this does not actually disable Treafik's web-secure entrypoint and TLS termination settings. # Disabling this does not actually disable Treafik's web-secure entrypoint and TLS termination settings.
# For that, you'd need to use another variable (`traefik_config_entrypoint_web_secure_enabled`). # For that, you'd need to use another variable (`devture_traefik_config_entrypoint_web_secure_enabled`).
# This variable merely serves as an indicator if SSL is used or not. # This variable merely serves as an indicator if SSL is used or not.
matrix_playbook_ssl_enabled: true matrix_playbook_ssl_enabled: true
@ -302,7 +302,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition:
# #
# Routers enabled on this entrypoint should use Traefik rules which do NOT do Host-matching (Host/HostRegexp), # Routers enabled on this entrypoint should use Traefik rules which do NOT do Host-matching (Host/HostRegexp),
# because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making # because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making
# requests to the endpoint's address (e.g. `http://matrix-traefik:8008/`). # requests to the endpoint's address (e.g. `http://devture-traefik:8008/`).
# This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API. # This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API.
matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api

17
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.2.0 matrix_bot_baibot_version: latest
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}" matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}"
matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}" matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}"
@ -155,7 +155,6 @@ matrix_bot_baibot_config_agents_static_definitions_auto: |-
}} }}
matrix_bot_baibot_config_agents_static_definitions_custom: [] matrix_bot_baibot_config_agents_static_definitions_custom: []
matrix_bot_baibot_config_agents_static_definitions_prompt: "{% raw %}You are a brief, but helpful bot called {{ baibot_name }} powered by the {{ baibot_model_id }} model. The date/time now is: {{ baibot_now_utc }}.{% endraw %}"
######################################################################################## ########################################################################################
# # # #
@ -196,7 +195,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generat
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
# The prompt text to use (can be null or empty to not use a prompt). # The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting # See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text. # The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_temperature: 1.0 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_temperature: 1.0
@ -249,7 +248,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_e
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: "" matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: ""
# The prompt text to use (can be null or empty to not use a prompt). # The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting # See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text. # The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_temperature: 1.0 matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_temperature: 1.0
@ -268,7 +267,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_mo
######################################################################################## ########################################################################################
# # # #
# Mistral agent configuration # # Mistral agent configuration #
# # # #
######################################################################################## ########################################################################################
@ -305,7 +304,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generatio
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest
# The prompt text to use (can be null or empty to not use a prompt). # The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting # See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text. # The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_temperature: 1.0 matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_temperature: 1.0
@ -314,7 +313,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generatio
######################################################################################## ########################################################################################
# # # #
# /Mistral agent configuration # # /Mistral agent configuration #
# # # #
######################################################################################## ########################################################################################
@ -356,10 +355,10 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
# For valid model choices, see: https://platform.openai.com/docs/models # For valid model choices, see: https://platform.openai.com/docs/models
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o-2024-08-06 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
# The prompt text to use (can be null or empty to not use a prompt). # The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting # See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text. # The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0

3
roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
View File

@ -15,7 +15,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
dst: "{{ matrix_bot_buscarron_database_connection_string }}" dst: "{{ matrix_bot_buscarron_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -97,7 +97,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_buscarron_container_network }}" name: "{{ matrix_bot_buscarron_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-buscarron.service restarted, if necessary - name: Ensure matrix-bot-buscarron.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:

1
roles/custom/matrix-bot-chatgpt/tasks/install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_chatgpt_container_network }}" name: "{{ matrix_bot_chatgpt_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-chatgpt.service installed - name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
View File

@ -75,7 +75,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_draupnir_container_network }}" name: "{{ matrix_bot_draupnir_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-draupnir.service installed - name: Ensure matrix-bot-draupnir.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bot-go-neb/tasks/install.yml
View File

@ -48,7 +48,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_go_neb_container_network }}" name: "{{ matrix_bot_go_neb_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-go-neb.service installed - name: Ensure matrix-bot-go-neb.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
View File

@ -15,7 +15,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
dst: "{{ matrix_bot_honoroit_database_connection_string }}" dst: "{{ matrix_bot_honoroit_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -91,7 +91,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_honoroit_container_network }}" name: "{{ matrix_bot_honoroit_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-honoroit.service installed - name: Ensure matrix-bot-honoroit.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_matrix_registration_bot_container_network }}" name: "{{ matrix_bot_matrix_registration_bot_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-matrix-registration-bot.service installed - name: Ensure matrix-bot-matrix-registration-bot.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -89,7 +89,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_matrix_reminder_bot_container_network }}" name: "{{ matrix_bot_matrix_reminder_bot_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-matrix-reminder-bot.service installed - name: Ensure matrix-bot-matrix-reminder-bot.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bot-maubot/tasks/setup_install.yml
View File

@ -75,7 +75,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_maubot_container_network }}" name: "{{ matrix_bot_maubot_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-maubot.service installed - name: Ensure matrix-bot-maubot.service installed
ansible.builtin.template: ansible.builtin.template:

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@ -5,7 +5,7 @@
matrix_bot_mjolnir_enabled: true matrix_bot_mjolnir_enabled: true
# renovate: datasource=docker depName=matrixdotorg/mjolnir # renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_bot_mjolnir_version: "v1.8.0" matrix_bot_mjolnir_version: "v1.7.0"
matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

1
roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
View File

@ -64,7 +64,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_mjolnir_container_network }}" name: "{{ matrix_bot_mjolnir_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-mjolnir.service installed - name: Ensure matrix-bot-mjolnir.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
View File

@ -12,7 +12,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
dst: "{{ matrix_bot_postmoogle_database_connection_string }}" dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -84,7 +84,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_postmoogle_container_network }}" name: "{{ matrix_bot_postmoogle_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-postmoogle.service installed - name: Ensure matrix-bot-postmoogle.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
dst: "{{ matrix_appservice_discord_database_connString }}" dst: "{{ matrix_appservice_discord_database_connString }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -109,7 +109,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_discord_container_network }}" name: "{{ matrix_appservice_discord_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-discord.service installed - name: Ensure matrix-appservice-discord.service installed
ansible.builtin.template: ansible.builtin.template:

6
roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
View File

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled - name: Fail if Postgres not enabled
ansible.builtin.fail: ansible.builtin.fail:
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate." msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not postgres_enabled | bool" when: "not devture_postgres_enabled | bool"
# Defaults # Defaults
@ -16,7 +16,7 @@
- name: Ensure Postgres is started - name: Ensure Postgres is started
ansible.builtin.service: ansible.builtin.service:
name: "{{ postgres_identifier }}" name: "{{ devture_postgres_identifier }}"
state: started state: started
daemon_reload: true daemon_reload: true
register: postgres_service_start_result register: postgres_service_start_result

1
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@ -193,7 +193,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_irc_container_network }}" name: "{{ matrix_appservice_irc_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-irc.service installed - name: Ensure matrix-appservice-irc.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
View File

@ -102,7 +102,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_kakaotalk_container_network }}" name: "{{ matrix_appservice_kakaotalk_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-kakaotalk-node.service installed - name: Ensure matrix-appservice-kakaotalk-node.service installed
ansible.builtin.template: ansible.builtin.template:

6
roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
View File

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled - name: Fail if Postgres not enabled
ansible.builtin.fail: ansible.builtin.fail:
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate." msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not postgres_enabled | bool" when: "not devture_postgres_enabled | bool"
# Defaults # Defaults
@ -16,7 +16,7 @@
- name: Ensure Postgres is started - name: Ensure Postgres is started
ansible.builtin.service: ansible.builtin.service:
name: "{{ postgres_identifier }}" name: "{{ devture_postgres_identifier }}"
state: started state: started
daemon_reload: true daemon_reload: true
register: postgres_service_start_result register: postgres_service_start_result

1
roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
View File

@ -87,7 +87,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_slack_container_network }}" name: "{{ matrix_appservice_slack_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-slack support files installed - name: Ensure matrix-appservice-slack support files installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
View File

@ -86,7 +86,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_webhooks_container_network }}" name: "{{ matrix_appservice_webhooks_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-webhooks support files installed - name: Ensure matrix-appservice-webhooks support files installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View File

@ -88,7 +88,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_beeper_linkedin_container_network }}" name: "{{ matrix_beeper_linkedin_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-beeper-linkedin.service installed - name: Ensure matrix-beeper-linkedin.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
dst: "{{ matrix_go_skype_bridge_database_connection_string }}" dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -131,7 +131,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_go_skype_bridge_container_network }}" name: "{{ matrix_go_skype_bridge_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-go-skype-bridge.service installed - name: Ensure matrix-go-skype-bridge.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
View File

@ -44,7 +44,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_heisenbridge_container_network }}" name: "{{ matrix_heisenbridge_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-heisenbridge.service installed - name: Ensure matrix-heisenbridge.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View File

@ -153,7 +153,6 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr
# No need to change these # No need to change these
matrix_hookshot_generic_enabled: true matrix_hookshot_generic_enabled: true
matrix_hookshot_generic_outbound: true
matrix_hookshot_generic_enableHttpGet: false # noqa var-naming matrix_hookshot_generic_enableHttpGet: false # noqa var-naming
# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/webhook" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/webhook"

1
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
View File

@ -112,7 +112,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_hookshot_container_network }}" name: "{{ matrix_hookshot_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-hookshot support files installed - name: Ensure mautrix-hookshot support files installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
View File

@ -74,7 +74,6 @@ generic:
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
# #
enabled: {{ matrix_hookshot_generic_enabled | to_json }} enabled: {{ matrix_hookshot_generic_enabled | to_json }}
outbound: {{ matrix_hookshot_generic_outbound | to_json }}
enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }} enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }} urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }} userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}

3
roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_discord_database_connection_string }}" dst: "{{ matrix_mautrix_discord_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -98,7 +98,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_discord_container_network }}" name: "{{ matrix_mautrix_discord_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-discord.service installed - name: Ensure matrix-mautrix-discord.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_facebook_database_connection_string }}" dst: "{{ matrix_mautrix_facebook_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_facebook_container_network }}" name: "{{ matrix_mautrix_facebook_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-facebook.service installed - name: Ensure matrix-mautrix-facebook.service installed
ansible.builtin.template: ansible.builtin.template:

23
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.5.0 matrix_mautrix_gmessages_version: v0.4.3
# See: https://mau.dev/mautrix/gmessages/container_registry # See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@ -25,12 +25,6 @@ matrix_mautrix_gmessages_homeserver_address: ""
matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
matrix_mautrix_gmessages_backfill_enabled: true
matrix_mautrix_gmessages_backfill_max_initial_messages: 50
matrix_mautrix_gmessages_backfill_max_catchup_messages: 500
matrix_mautrix_gmessages_backfill_unread_hours_threshold: 720
matrix_mautrix_gmessages_backfill_threads_max_initial_messages: 50
matrix_mautrix_gmessages_command_prefix: "!gm" matrix_mautrix_gmessages_command_prefix: "!gm"
matrix_mautrix_gmessages_container_network: "" matrix_mautrix_gmessages_container_network: ""
@ -138,23 +132,18 @@ matrix_mautrix_gmessages_appservice_database_uri: "{{
}[matrix_mautrix_gmessages_database_engine] }[matrix_mautrix_gmessages_database_engine]
}}" }}"
matrix_mautrix_gmessages_double_puppet_secrets: "{{ matrix_mautrix_gmessages_double_puppet_secrets_auto | combine(matrix_mautrix_gmessages_double_puppet_secrets_custom) }}" # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
matrix_mautrix_gmessages_double_puppet_secrets_auto: {} matrix_mautrix_gmessages_login_shared_secret: ''
matrix_mautrix_gmessages_double_puppet_secrets_custom: {} matrix_mautrix_gmessages_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"
# Enable End-to-bridge encryption # Enable End-to-bridge encryption
matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_gmessages_bridge_encryption_require: false
matrix_mautrix_gmessages_bridge_encryption_appservice: false
matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}}{% endraw %}"
matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}{% endraw %}"
matrix_mautrix_gmessages_public_media_signing_key: ''
matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
matrix_mautrix_gmessages_bridge_mute_bridging: true
matrix_mautrix_gmessages_bridge_permissions: | matrix_mautrix_gmessages_bridge_permissions: |
{{ {{

3
roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}" src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_gmessages_database_connection_string }}" dst: "{{ matrix_mautrix_gmessages_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -147,7 +147,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_gmessages_container_network }}" name: "{{ matrix_mautrix_gmessages_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary - name: Ensure matrix-mautrix-gmessages.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:

3
roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml
View File

@ -22,6 +22,3 @@
when: "item.old in vars" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'} - {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'}
- {'old': 'matrix_mautrix_gmessages_bridge_mute_bridging', 'new': '<removed>'}
- {'old': 'matrix_mautrix_gmessages_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_gmessages_bridge_login_shared_secret_map', 'new': 'matrix_mautrix_gmessages_double_puppet_secrets_custom'}

588
roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
View File

@ -1,172 +1,20 @@
#jinja2: lstrip_blocks: "True" #jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Displayname template for SMS users.
# {% raw %}{{.FullName}}{% endraw %} - Full name provided by the phone
# {% raw %}{{.FirstName}}{% endraw %} - First name provided by the phone
# {% raw %}{{.PhoneNumber}}{% endraw %} - Formatted phone number provided by the phone
displayname_template: {{ matrix_mautrix_gmessages_network_displayname_template | to_json }}
# Settings for how the bridge appears to the phone.
device_meta:
# OS name to tell the phone. This is the name that shows up in the paired devices list.
os: mautrix-gmessages
# Browser type to tell the phone. This decides which icon is shown.
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
browser: OTHER
# Device type to tell the phone. This also affects the icon, as well as how many sessions are allowed simultaneously.
# One web, two tablets and one PWA should be able to connect at the same time.
# Valid types: WEB, TABLET, PWA
type: TABLET
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
# If this is disabled, the user must manually use the `set-active` command to reactivate the bridge.
aggressive_reconnect: false
# Number of chats to sync when connecting to Google Messages.
initial_chat_sync_count: 25
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!gm'
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: []
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details. # Homeserver details.
homeserver: homeserver:
# The address that this appservice can use to connect to the homeserver. # The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine, address: {{ matrix_mautrix_gmessages_homeserver_address }}
# but https also works if they run on different machines.
address: {{ matrix_mautrix_gmessages_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc). # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_gmessages_homeserver_domain | to_json }} domain: {{ matrix_mautrix_gmessages_homeserver_domain }}
# What software is the homeserver running? # What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard software: standard
# The URL to push real-time bridge status to. # The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. # If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes.
# The bridge will use the appservice as_token to authorize requests. # The bridge will use the appservice as_token to authorize requests.
status_endpoint: status_endpoint: null
# Endpoint for reporting per-message status. # Endpoint for reporting per-message status.
# If set, the bridge will make POST requests to this URL when processing a message from Matrix. message_send_checkpoint_endpoint: null
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false async_media: false
@ -178,19 +26,33 @@ homeserver:
ping_interval_seconds: 0 ping_interval_seconds: 0
# Application service host/registration related details. # Application service host/registration related details.
# Changing these values requires regeneration of the registration (except when noted otherwise) # Changing these values requires regeneration of the registration.
appservice: appservice:
# The address that the homeserver can use to connect to this appservice. # The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_gmessages_appservice_address }} address: {{ matrix_mautrix_gmessages_appservice_address }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0 hostname: 0.0.0.0
port: 8080 port: 8080
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice. # The unique ID of this appservice.
id: gmessages id: gmessages
# Appservice bot details. # Appservice bot details.
@ -202,223 +64,229 @@ appservice:
displayname: Google Messages bridge bot displayname: Google Messages bridge bot
avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb
# Whether to receive ephemeral events via appservice transactions. # Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true ephemeral_events: true
# Should incoming events be handled asynchronously? # Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through. # This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in. # However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_gmessages_appservice_token | to_json }} as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
hs_token: {{ matrix_mautrix_gmessages_homeserver_token | to_json }} hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
# Localpart template of MXIDs for remote users. # Segment API key to track some events, like provisioning API login and encryption errors.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user. segment_key: null
username_template: {{ matrix_mautrix_gmessages_appservice_username_template | to_json }} # Optional user_id to use when sending Segment events. If null, defaults to using mxID.
segment_user_id: null
# Config options that affect the Matrix connector of the bridge. # Prometheus config.
matrix: metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: 0.0.0.0:8001
google_messages:
# OS name to tell the phone. This is the name that shows up in the paired devices list.
os: mautrix-gmessages
# Browser type to tell the phone. This decides which icon is shown.
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
browser: OTHER
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
# If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge.
aggressive_reconnect: false
# Bridge config
bridge:
# Localpart template of MXIDs for SMS users.
# {{ '{{.}}' }} is replaced with an identifier of the recipient.
username_template: "{{ 'gmessages_{{.}}' }}"
# Displayname template for SMS users.
# {{ '{{.FullName}}' }} - Full name provided by the phone
# {{ '{{.FirstName}}' }} - First name provided by the phone
# {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone
displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}"
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
# Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event. # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge. # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true message_error_notices: true
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
portal_message_buffer: 128
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false sync_direct_chat_list: false
# Whether created rooms should have federation enabled. If false, created portal rooms # Number of chats to sync when connecting to Google Messages.
# will never be federated. Changing this option requires recreating rooms. initial_chat_sync_count: 25
federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms | to_json }} # Backfill settings
# The threshold as bytes after which the bridge should roundtrip uploads via the disk backfill:
# rather than keeping the whole file in memory. # Number of messages to backfill in new chats.
upload_file_threshold: 5242880 initial_limit: 50
# Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message.
missed_limit: 100
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. # Servers to always allow double puppeting from
analytics: double_puppet_server_map:
# API key to send with tracking requests. Tracking is disabled if this is null. "{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }}
token: null # Allow using double puppeting from any server with a valid client .well-known file.
# Address to send tracking requests to. double_puppet_allow_discovery: false
url: https://api.segment.io/v1/track # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_gmessages_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_gmessages_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_gmessages_backfill_max_initial_messages | to_json }}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_gmessages_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_gmessages_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_gmessages_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_gmessages_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_gmessages_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_gmessages_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_gmessages_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
# #
# Valid levels: # If set, double puppeting will be enabled automatically for local users
# unverified - Send keys to all device in the room. # instead of users having to find an access token and run `login-matrix`
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. # manually.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }}
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible. # Whether to explicitly set the avatar and room name for private chat portal rooms.
# verified - Require manual per-device verification # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# (currently only possible by modifying the `trust` column in the `crypto_device` database table). # If set to `always`, all DM rooms will have explicit names and avatars set.
verification_levels: # If set to `never`, DM rooms will never have names and avatars set.
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. private_chat_portal_meta: default
receive: unverified # Should Matrix m.notice-type messages be bridged?
# Minimum level that the bridge should accept for incoming Matrix messages. bridge_notices: true
send: unverified # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# Minimum level that the bridge should require for accepting key requests. # This field will automatically be changed back to false after it, except if the config file is not writable.
share: cross-signed-tofu resend_bridge_info: false
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. # When using double puppeting, should muted chats be muted in Matrix?
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }}
rotation: # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
# Enable custom Megolm room key rotation settings. Note that these # This can be set to a tag (e.g. m.lowpriority), or null to disable.
# settings will only apply to rooms created after this option is set. archive_tag: null
enable_custom: false # Same as above, but for pinned chats. The favorite tag is called m.favourite
# The maximum number of milliseconds a session should be used pinned_tag: null
# before changing it. The Matrix spec recommends 604800000 (a week) # Should mute status and tags only be bridged when the portal room is created?
# as the default. tag_only_on_create: true
milliseconds: 604800000 # Whether or not created rooms should have federation enabled.
# The maximum number of messages that should be sent with a given a # If false, created portal rooms will never be federated.
# session before changing it. The Matrix spec recommends 100 as the federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }}
# default. # Should the bridge never send alerts to the bridge management room?
messages: 100 # These are mostly things like the user being logged out.
# Disable rotating keys when a user's devices change? disable_bridge_alerts: false
# You should not enable this option unless you understand all the implications. # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
disable_device_change_key_rotation: false # This is currently not supported in most clients.
caption_in_message: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!gm"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Google Messages bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to link their own Google Messages on android.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
# Logging config. See https://github.com/tulir/zeroconfig for details. # Logging config. See https://github.com/tulir/zeroconfig for details.
logging: logging:
min_level: {{ matrix_mautrix_gmessages_logging_level }} min_level: {{ matrix_mautrix_gmessages_logging_level }}
writers: writers:
- type: stdout - type: stdout
format: pretty format: pretty-colored

3
roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_googlechat_container_network }}" name: "{{ matrix_mautrix_googlechat_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-googlechat.service installed - name: Ensure matrix-mautrix-googlechat.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" dst: "{{ matrix_mautrix_hangouts_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_hangouts_container_network }}" name: "{{ matrix_mautrix_hangouts_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-hangouts.service installed - name: Ensure matrix-mautrix-hangouts.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
View File

@ -80,7 +80,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_instagram_container_network }}" name: "{{ matrix_mautrix_instagram_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-instagram.service installed - name: Ensure matrix-mautrix-instagram.service installed
ansible.builtin.template: ansible.builtin.template:

38
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.4.0 matrix_mautrix_meta_instagram_version: v0.3.2
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config" matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@ -194,15 +194,10 @@ matrix_mautrix_meta_instagram_bridge_displayname_suffix: |-
matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}' matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}'
# The prefix for commands. Only required in non-management rooms. # The prefix for commands. Only required in non-management rooms.
matrix_mautrix_meta_instagram_bridge_command_prefix: |- # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_instagram_meta_mode`):
{{ # - "!ig" for instagram
({ # - "!fb" for facebook
'facebook': '!fb', matrix_mautrix_meta_instagram_bridge_command_prefix: default
'facebook-tor': '!fb',
'messenger': '!fb',
'instagram': '!ig',
})[matrix_mautrix_meta_instagram_meta_mode]
}}
# Whether or not created rooms should have federation enabled. # Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated. # If false, created portal rooms will never be federated.
@ -219,9 +214,9 @@ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_ma
matrix_mautrix_meta_instagram_bridge_encryption_appservice: false matrix_mautrix_meta_instagram_bridge_encryption_appservice: false
matrix_mautrix_meta_instagram_bridge_encryption_require: false matrix_mautrix_meta_instagram_bridge_encryption_require: false
matrix_mautrix_meta_instagram_double_puppet_secrets: "{{ matrix_mautrix_meta_instagram_double_puppet_secrets_auto | combine(matrix_mautrix_meta_instagram_double_puppet_secrets_custom) }}" matrix_mautrix_meta_instagram_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_meta_instagram_double_puppet_secrets_auto: {} matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_meta_instagram_double_puppet_secrets_custom: {} matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_meta_instagram_bridge_permissions: "{{ matrix_mautrix_meta_instagram_bridge_permissions_default | combine(matrix_mautrix_meta_instagram_bridge_permissions_custom) }}" matrix_mautrix_meta_instagram_bridge_permissions: "{{ matrix_mautrix_meta_instagram_bridge_permissions_default | combine(matrix_mautrix_meta_instagram_bridge_permissions_custom) }}"
@ -236,15 +231,16 @@ matrix_mautrix_meta_instagram_bridge_permissions_custom: {}
# Enable bridge relay bot functionality # Enable bridge relay bot functionality
matrix_mautrix_meta_instagram_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" matrix_mautrix_meta_instagram_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
matrix_mautrix_meta_instagram_bridge_relay_admin_only: true matrix_mautrix_meta_instagram_bridge_relay_admin_only: true
matrix_mautrix_meta_instagram_bridge_relay_default_relays: []
matrix_mautrix_meta_instagram_backfill_enabled: true matrix_mautrix_meta_instagram_bridge_management_room_text_welcome: |-
matrix_mautrix_meta_instagram_backfill_max_initial_messages: 50 {{
matrix_mautrix_meta_instagram_backfill_max_catchup_messages: 500 ({
matrix_mautrix_meta_instagram_backfill_unread_hours_threshold: 720 'facebook': "Hello, I'm a Facebook bridge bot.",
matrix_mautrix_meta_instagram_backfill_threads_max_initial_messages: 50 'facebook-tor': "Hello, I'm a Facebook bridge bot which uses Tor.",
'messenger': "Hello, I'm a Messenger bridge bot.",
matrix_mautrix_meta_instagram_public_media_signing_key: '' 'instagram': "Hello, I'm an Instagram bridge bot.",
})[matrix_mautrix_meta_instagram_meta_mode]
}}
# Specifies the default log level. # Specifies the default log level.
# This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace # This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace

3
roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_meta_instagram_sqlite_database_path_local }}" src: "{{ matrix_mautrix_meta_instagram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_meta_instagram_database_connection_string }}" dst: "{{ matrix_mautrix_meta_instagram_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -107,7 +107,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_meta_instagram_container_network }}" name: "{{ matrix_mautrix_meta_instagram_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-meta-instagram.service installed - name: Ensure mautrix-meta-instagram.service installed
ansible.builtin.template: ansible.builtin.template:

2
roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml
View File

@ -23,5 +23,3 @@
when: "item.old in vars" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret', 'new': '<removed>'} - {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_meta_instagram_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_meta_instagram_bridge_management_room_text_welcome', 'new': '<removed>'}

632
roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
View File

@ -1,168 +1,7 @@
#jinja2: lstrip_blocks: "True" #jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Which service is this bridge for? Available options:
# * unset - allow users to pick any service when logging in (except facebook-tor)
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_instagram_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_instagram_meta_ig_e2ee | to_json }}
# Displayname template for FB/IG users. Available variables:
# .DisplayName - The display name set by the user.
# .Username - The username set by the user.
# .ID - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_instagram_bridge_displayname_template | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Minimum interval between full reconnects in seconds, default is 1 hour
min_full_reconnect_interval_seconds: 3600
# Interval to force refresh the connection (full reconnect), default is 20 hours. Set 0 to disable force refreshes.
force_refresh_interval_seconds: 72000
# Disable fetching XMA media (reels, stories, etc) when backfilling.
disable_xma_backfill: true
# Disable fetching XMA media entirely.
disable_xma_always: false
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_mautrix_meta_instagram_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_instagram_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_meta_instagram_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_meta_instagram_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_instagram_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_instagram_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_instagram_appservice_database_uri | to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details. # Homeserver details.
homeserver: homeserver:
# The address that this appservice can use to connect to the homeserver. # The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_meta_instagram_homeserver_address | to_json }} address: {{ matrix_mautrix_meta_instagram_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc). # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_meta_instagram_homeserver_domain | to_json }} domain: {{ matrix_mautrix_meta_instagram_homeserver_domain | to_json }}
@ -171,15 +10,11 @@ homeserver:
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard software: standard
# The URL to push real-time bridge status to. # The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. # If set, the bridge will make POST requests to this URL whenever a user's meta connection state changes.
# The bridge will use the appservice as_token to authorize requests. # The bridge will use the appservice as_token to authorize requests.
status_endpoint: status_endpoint: null
# Endpoint for reporting per-message status. # Endpoint for reporting per-message status.
# If set, the bridge will make POST requests to this URL when processing a message from Matrix. message_send_checkpoint_endpoint: null
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false async_media: false
@ -191,19 +26,33 @@ homeserver:
ping_interval_seconds: 0 ping_interval_seconds: 0
# Application service host/registration related details. # Application service host/registration related details.
# Changing these values requires regeneration of the registration (except when noted otherwise) # Changing these values requires regeneration of the registration.
appservice: appservice:
# The address that the homeserver can use to connect to this appservice. # The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }} address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0 hostname: 0.0.0.0
port: 29319 port: 29319
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_instagram_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_instagram_appservice_database_uri | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice. # The unique ID of this appservice.
id: {{ matrix_mautrix_meta_instagram_appservice_id | to_json }} id: {{ matrix_mautrix_meta_instagram_appservice_id | to_json }}
# Appservice bot details. # Appservice bot details.
@ -213,225 +62,268 @@ appservice:
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is. # to leave display name/avatar as-is.
displayname: {{ matrix_mautrix_meta_instagram_appservice_displayname | to_json }} displayname: {{ matrix_mautrix_meta_instagram_appservice_displayname | to_json }}
# You can use mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv for an Instagram avatar,
# or mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak for Facebook Messenger
avatar: {{ matrix_mautrix_meta_instagram_appservice_avatar | to_json }} avatar: {{ matrix_mautrix_meta_instagram_appservice_avatar | to_json }}
# Whether to receive ephemeral events via appservice transactions. # Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true ephemeral_events: true
# Should incoming events be handled asynchronously? # Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through. # This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in. # However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_meta_instagram_appservice_token | to_json }} as_token: {{ matrix_mautrix_meta_instagram_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_meta_instagram_homeserver_token | to_json }} hs_token: {{ matrix_mautrix_meta_instagram_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users. # Prometheus config.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user. metrics:
username_template: {{ matrix_mautrix_meta_instagram_bridge_username_template | to_json }} # Enable prometheus metrics?
enabled: {{ matrix_mautrix_meta_instagram_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: "0.0.0.0.0:8000"
# Config options that affect the Matrix connector of the bridge. meta:
matrix: # Which service is this bridge for? Available options:
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_instagram_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_instagram_meta_ig_e2ee | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Bridge config
bridge:
# Localpart template of MXIDs for FB/IG users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the FB/IG user.
username_template: {{ matrix_mautrix_meta_instagram_bridge_username_template | to_json }}
# Displayname template for FB/IG users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {% raw %}{{.DisplayName}}{% endraw %} - The display name set by the user.
# {% raw %}{{.Username}}{% endraw %} - The username set by the user.
# {% raw %}{{.ID}}{% endraw %} - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_instagram_bridge_displayname_template | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event. # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge. # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true message_error_notices: true
# Whether the bridge should update the m.direct account data event when double puppeting is enabled. # Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic and is therefore prone to race conditions.
sync_direct_chat_list: false sync_direct_chat_list: false
# Whether created rooms should have federation enabled. If false, created portal rooms # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# will never be federated. Changing this option requires recreating rooms. # This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Send captions in the same message as images. This will send data compatible with both MSC2530.
# This is currently not supported in most clients.
caption_in_message: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_meta_instagram_bridge_federate_rooms | to_json }} federate_rooms: {{ matrix_mautrix_meta_instagram_bridge_federate_rooms | to_json }}
# The threshold as bytes after which the bridge should roundtrip uploads via the disk # Should mute status be bridged? Allowed options: always, on-create, never
# rather than keeping the whole file in memory. mute_bridging: on-create
upload_file_threshold: 5242880 # Servers to always allow double puppeting from
double_puppet_server_map: {}
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. # Allow using double puppeting from any server with a valid client .well-known file.
analytics: double_puppet_allow_discovery: false
# API key to send with tracking requests. Tracking is disabled if this is null. # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_meta_instagram_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_meta_instagram_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_meta_instagram_backfill_max_initial_messages | to_json}}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_meta_instagram_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_meta_instagram_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_meta_instagram_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_meta_instagram_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_meta_instagram_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_meta_instagram_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
# #
# Valid levels: # If set, double puppeting will be enabled automatically for local users
# unverified - Send keys to all device in the room. # instead of users having to find an access token and run `login-matrix`
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. # manually.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). login_shared_secret_map: {{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map | to_json }}
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible. # The prefix for commands. Only required in non-management rooms.
# verified - Require manual per-device verification # If set to "default", will be determined based on meta -> mode, "!ig" for instagram and "!fb" for facebook
# (currently only possible by modifying the `trust` column in the `crypto_device` database table). command_prefix: {{ matrix_mautrix_meta_instagram_bridge_command_prefix | to_json }}
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. backfill:
receive: unverified # If disabled, old messages will never be bridged.
# Minimum level that the bridge should accept for incoming Matrix messages. enabled: true
send: unverified # By default, Meta sends info about approximately 20 recent threads. If this is set to something else than 0,
# Minimum level that the bridge should require for accepting key requests. # the bridge will request more threads on first login, until it reaches the specified number of pages
share: cross-signed-tofu # or the end of the inbox.
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. inbox_fetch_pages: 0
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. # By default, Meta only sends one old message per thread. If this is set to a something else than 0,
rotation: # the bridge will delay handling the one automatically received message and request more messages to backfill.
# Enable custom Megolm room key rotation settings. Note that these # One page usually contains 20 messages. This can technically be set to -1 to fetch all messages,
# settings will only apply to rooms created after this option is set. # but that will block bridging messages until the entire backfill is completed.
enable_custom: false history_fetch_pages: 0
# The maximum number of milliseconds a session should be used # Same as above, but for catchup backfills (i.e. when the bridge is restarted).
# before changing it. The Matrix spec recommends 604800000 (a week) catchup_fetch_pages: 5
# as the default. # Maximum age of chats to leave as unread when backfilling. 0 means all chats can be left as unread.
milliseconds: 604800000 # If non-zero, chats that are older than this will be marked as read, even if they're still unread on Meta.
# The maximum number of messages that should be sent with a given a unread_hours_threshold: 0
# session before changing it. The Matrix spec recommends 100 as the # Backfill queue settings. Only relevant for Beeper, because standard Matrix servers
# default. # don't support inserting messages into room history.
messages: 100 queue:
# Disable rotating keys when a user's devices change? # How many pages of messages to request in one go (without sleeping between requests)?
# You should not enable this option unless you understand all the implications. pages_at_once: 5
disable_device_change_key_rotation: false # Maximum number of pages to fetch. -1 to fetch all pages until the start of the chat.
max_pages: -1
# How long to sleep after fetching a bunch of pages ("bunch" defined by pages_at_once).
sleep_between_tasks: 20s
# Disable fetching XMA media (reels, stories, etc) when backfilling.
dont_fetch_xma: true
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: {{ matrix_mautrix_meta_instagram_bridge_management_room_text_welcome | to_json }}
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_meta_instagram_bridge_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_meta_instagram_bridge_encryption_require | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from FB/IG to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Meta account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_instagram_bridge_permissions | to_json }}
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_instagram_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: {{ matrix_mautrix_meta_instagram_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to Meta via the relaybot.
message_formats:
m.text: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* {{ .Sender.Displayname }} {{ .Message }}{% endraw %}"
m.file: "{% raw %}{{ .Sender.Displayname }} sent a file{% endraw %}"
m.image: "{% raw %}{{ .Sender.Displayname }} sent an image{% endraw %}"
m.audio: "{% raw %}{{ .Sender.Displayname }} sent an audio file{% endraw %}"
m.video: "{% raw %}{{ .Sender.Displayname }} sent a video{% endraw %}"
m.location: "{% raw %}{{ .Sender.Displayname }} sent a location{% endraw %}"
# Logging config. See https://github.com/tulir/zeroconfig for details. # Logging config. See https://github.com/tulir/zeroconfig for details.
logging: logging:
min_level: {{ matrix_mautrix_meta_instagram_logging_min_level | to_json }} min_level: {{ matrix_mautrix_meta_instagram_logging_min_level | to_json }}
writers: writers:
- type: stdout - type: stdout
format: pretty format: pretty

38
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.4.0 matrix_mautrix_meta_messenger_version: v0.3.2
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config" matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@ -194,15 +194,10 @@ matrix_mautrix_meta_messenger_bridge_displayname_suffix: |-
matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}' matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}'
# The prefix for commands. Only required in non-management rooms. # The prefix for commands. Only required in non-management rooms.
matrix_mautrix_meta_messenger_bridge_command_prefix: |- # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_messenger_meta_mode`):
{{ # - "!ig" for instagram
({ # - "!fb" for facebook
'facebook': '!fb', matrix_mautrix_meta_messenger_bridge_command_prefix: default
'facebook-tor': '!fb',
'messenger': '!fb',
'instagram': '!ig',
})[matrix_mautrix_meta_messenger_meta_mode]
}}
# Whether or not created rooms should have federation enabled. # Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated. # If false, created portal rooms will never be federated.
@ -219,9 +214,9 @@ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_ma
matrix_mautrix_meta_messenger_bridge_encryption_appservice: false matrix_mautrix_meta_messenger_bridge_encryption_appservice: false
matrix_mautrix_meta_messenger_bridge_encryption_require: false matrix_mautrix_meta_messenger_bridge_encryption_require: false
matrix_mautrix_meta_messenger_double_puppet_secrets: "{{ matrix_mautrix_meta_messenger_double_puppet_secrets_auto | combine(matrix_mautrix_meta_messenger_double_puppet_secrets_custom) }}" matrix_mautrix_meta_messenger_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_meta_messenger_double_puppet_secrets_auto: {} matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_meta_messenger_double_puppet_secrets_custom: {} matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_meta_messenger_bridge_permissions: "{{ matrix_mautrix_meta_messenger_bridge_permissions_default | combine(matrix_mautrix_meta_messenger_bridge_permissions_custom) }}" matrix_mautrix_meta_messenger_bridge_permissions: "{{ matrix_mautrix_meta_messenger_bridge_permissions_default | combine(matrix_mautrix_meta_messenger_bridge_permissions_custom) }}"
@ -236,15 +231,16 @@ matrix_mautrix_meta_messenger_bridge_permissions_custom: {}
# Enable bridge relay bot functionality # Enable bridge relay bot functionality
matrix_mautrix_meta_messenger_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" matrix_mautrix_meta_messenger_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
matrix_mautrix_meta_messenger_bridge_relay_admin_only: true matrix_mautrix_meta_messenger_bridge_relay_admin_only: true
matrix_mautrix_meta_messenger_bridge_relay_default_relays: []
matrix_mautrix_meta_messenger_backfill_enabled: true matrix_mautrix_meta_messenger_bridge_management_room_text_welcome: |-
matrix_mautrix_meta_messenger_backfill_max_initial_messages: 50 {{
matrix_mautrix_meta_messenger_backfill_max_catchup_messages: 500 ({
matrix_mautrix_meta_messenger_backfill_unread_hours_threshold: 720 'facebook': "Hello, I'm a Facebook bridge bot.",
matrix_mautrix_meta_messenger_backfill_threads_max_initial_messages: 50 'facebook-tor': "Hello, I'm a Facebook bridge bot which uses Tor.",
'messenger': "Hello, I'm a Messenger bridge bot.",
matrix_mautrix_meta_messenger_public_media_signing_key: '' 'instagram': "Hello, I'm an Instagram bridge bot.",
})[matrix_mautrix_meta_messenger_meta_mode]
}}
# Specifies the default log level. # Specifies the default log level.
# This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace # This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace

3
roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_meta_messenger_sqlite_database_path_local }}" src: "{{ matrix_mautrix_meta_messenger_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_meta_messenger_database_connection_string }}" dst: "{{ matrix_mautrix_meta_messenger_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -107,7 +107,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_meta_messenger_container_network }}" name: "{{ matrix_mautrix_meta_messenger_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-meta-messenger.service installed - name: Ensure mautrix-meta-messenger.service installed
ansible.builtin.template: ansible.builtin.template:

2
roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml
View File

@ -23,5 +23,3 @@
when: "item.old in vars" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret', 'new': '<removed>'} - {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_meta_messenger_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_meta_messenger_bridge_management_room_text_welcome', 'new': '<removed>'}

632
roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
View File

@ -1,168 +1,7 @@
#jinja2: lstrip_blocks: "True" #jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Which service is this bridge for? Available options:
# * unset - allow users to pick any service when logging in (except facebook-tor)
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_messenger_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_messenger_meta_ig_e2ee | to_json }}
# Displayname template for FB/IG users. Available variables:
# .DisplayName - The display name set by the user.
# .Username - The username set by the user.
# .ID - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_messenger_bridge_displayname_template | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Minimum interval between full reconnects in seconds, default is 1 hour
min_full_reconnect_interval_seconds: 3600
# Interval to force refresh the connection (full reconnect), default is 20 hours. Set 0 to disable force refreshes.
force_refresh_interval_seconds: 72000
# Disable fetching XMA media (reels, stories, etc) when backfilling.
disable_xma_backfill: true
# Disable fetching XMA media entirely.
disable_xma_always: false
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_mautrix_meta_messenger_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_messenger_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_meta_messenger_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_meta_messenger_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_messenger_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_messenger_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_messenger_appservice_database_uri | to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details. # Homeserver details.
homeserver: homeserver:
# The address that this appservice can use to connect to the homeserver. # The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_meta_messenger_homeserver_address | to_json }} address: {{ matrix_mautrix_meta_messenger_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc). # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_meta_messenger_homeserver_domain | to_json }} domain: {{ matrix_mautrix_meta_messenger_homeserver_domain | to_json }}
@ -171,15 +10,11 @@ homeserver:
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard software: standard
# The URL to push real-time bridge status to. # The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. # If set, the bridge will make POST requests to this URL whenever a user's meta connection state changes.
# The bridge will use the appservice as_token to authorize requests. # The bridge will use the appservice as_token to authorize requests.
status_endpoint: status_endpoint: null
# Endpoint for reporting per-message status. # Endpoint for reporting per-message status.
# If set, the bridge will make POST requests to this URL when processing a message from Matrix. message_send_checkpoint_endpoint: null
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false async_media: false
@ -191,19 +26,33 @@ homeserver:
ping_interval_seconds: 0 ping_interval_seconds: 0
# Application service host/registration related details. # Application service host/registration related details.
# Changing these values requires regeneration of the registration (except when noted otherwise) # Changing these values requires regeneration of the registration.
appservice: appservice:
# The address that the homeserver can use to connect to this appservice. # The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }} address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0 hostname: 0.0.0.0
port: 29319 port: 29319
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_messenger_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_messenger_appservice_database_uri | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice. # The unique ID of this appservice.
id: {{ matrix_mautrix_meta_messenger_appservice_id | to_json }} id: {{ matrix_mautrix_meta_messenger_appservice_id | to_json }}
# Appservice bot details. # Appservice bot details.
@ -213,225 +62,268 @@ appservice:
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is. # to leave display name/avatar as-is.
displayname: {{ matrix_mautrix_meta_messenger_appservice_displayname | to_json }} displayname: {{ matrix_mautrix_meta_messenger_appservice_displayname | to_json }}
# You can use mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv for an Instagram avatar,
# or mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak for Facebook Messenger
avatar: {{ matrix_mautrix_meta_messenger_appservice_avatar | to_json }} avatar: {{ matrix_mautrix_meta_messenger_appservice_avatar | to_json }}
# Whether to receive ephemeral events via appservice transactions. # Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true ephemeral_events: true
# Should incoming events be handled asynchronously? # Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through. # This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in. # However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_meta_messenger_appservice_token | to_json }} as_token: {{ matrix_mautrix_meta_messenger_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_meta_messenger_homeserver_token | to_json }} hs_token: {{ matrix_mautrix_meta_messenger_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users. # Prometheus config.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user. metrics:
username_template: {{ matrix_mautrix_meta_messenger_bridge_username_template | to_json }} # Enable prometheus metrics?
enabled: {{ matrix_mautrix_meta_messenger_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: "0.0.0.0.0:8000"
# Config options that affect the Matrix connector of the bridge. meta:
matrix: # Which service is this bridge for? Available options:
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_messenger_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_messenger_meta_ig_e2ee | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Bridge config
bridge:
# Localpart template of MXIDs for FB/IG users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the FB/IG user.
username_template: {{ matrix_mautrix_meta_messenger_bridge_username_template | to_json }}
# Displayname template for FB/IG users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {% raw %}{{.DisplayName}}{% endraw %} - The display name set by the user.
# {% raw %}{{.Username}}{% endraw %} - The username set by the user.
# {% raw %}{{.ID}}{% endraw %} - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_messenger_bridge_displayname_template | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event. # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge. # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true message_error_notices: true
# Whether the bridge should update the m.direct account data event when double puppeting is enabled. # Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic and is therefore prone to race conditions.
sync_direct_chat_list: false sync_direct_chat_list: false
# Whether created rooms should have federation enabled. If false, created portal rooms # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# will never be federated. Changing this option requires recreating rooms. # This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Send captions in the same message as images. This will send data compatible with both MSC2530.
# This is currently not supported in most clients.
caption_in_message: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_meta_messenger_bridge_federate_rooms | to_json }} federate_rooms: {{ matrix_mautrix_meta_messenger_bridge_federate_rooms | to_json }}
# The threshold as bytes after which the bridge should roundtrip uploads via the disk # Should mute status be bridged? Allowed options: always, on-create, never
# rather than keeping the whole file in memory. mute_bridging: on-create
upload_file_threshold: 5242880 # Servers to always allow double puppeting from
double_puppet_server_map: {}
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. # Allow using double puppeting from any server with a valid client .well-known file.
analytics: double_puppet_allow_discovery: false
# API key to send with tracking requests. Tracking is disabled if this is null. # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_meta_messenger_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_meta_messenger_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_meta_messenger_backfill_max_initial_messages | to_json}}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_meta_messenger_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_meta_messenger_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_meta_messenger_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_meta_messenger_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_meta_messenger_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_meta_messenger_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
# #
# Valid levels: # If set, double puppeting will be enabled automatically for local users
# unverified - Send keys to all device in the room. # instead of users having to find an access token and run `login-matrix`
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. # manually.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). login_shared_secret_map: {{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map | to_json }}
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible. # The prefix for commands. Only required in non-management rooms.
# verified - Require manual per-device verification # If set to "default", will be determined based on meta -> mode, "!ig" for instagram and "!fb" for facebook
# (currently only possible by modifying the `trust` column in the `crypto_device` database table). command_prefix: {{ matrix_mautrix_meta_messenger_bridge_command_prefix | to_json }}
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. backfill:
receive: unverified # If disabled, old messages will never be bridged.
# Minimum level that the bridge should accept for incoming Matrix messages. enabled: true
send: unverified # By default, Meta sends info about approximately 20 recent threads. If this is set to something else than 0,
# Minimum level that the bridge should require for accepting key requests. # the bridge will request more threads on first login, until it reaches the specified number of pages
share: cross-signed-tofu # or the end of the inbox.
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. inbox_fetch_pages: 0
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. # By default, Meta only sends one old message per thread. If this is set to a something else than 0,
rotation: # the bridge will delay handling the one automatically received message and request more messages to backfill.
# Enable custom Megolm room key rotation settings. Note that these # One page usually contains 20 messages. This can technically be set to -1 to fetch all messages,
# settings will only apply to rooms created after this option is set. # but that will block bridging messages until the entire backfill is completed.
enable_custom: false history_fetch_pages: 0
# The maximum number of milliseconds a session should be used # Same as above, but for catchup backfills (i.e. when the bridge is restarted).
# before changing it. The Matrix spec recommends 604800000 (a week) catchup_fetch_pages: 5
# as the default. # Maximum age of chats to leave as unread when backfilling. 0 means all chats can be left as unread.
milliseconds: 604800000 # If non-zero, chats that are older than this will be marked as read, even if they're still unread on Meta.
# The maximum number of messages that should be sent with a given a unread_hours_threshold: 0
# session before changing it. The Matrix spec recommends 100 as the # Backfill queue settings. Only relevant for Beeper, because standard Matrix servers
# default. # don't support inserting messages into room history.
messages: 100 queue:
# Disable rotating keys when a user's devices change? # How many pages of messages to request in one go (without sleeping between requests)?
# You should not enable this option unless you understand all the implications. pages_at_once: 5
disable_device_change_key_rotation: false # Maximum number of pages to fetch. -1 to fetch all pages until the start of the chat.
max_pages: -1
# How long to sleep after fetching a bunch of pages ("bunch" defined by pages_at_once).
sleep_between_tasks: 20s
# Disable fetching XMA media (reels, stories, etc) when backfilling.
dont_fetch_xma: true
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: {{ matrix_mautrix_meta_messenger_bridge_management_room_text_welcome | to_json }}
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_meta_messenger_bridge_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_meta_messenger_bridge_encryption_require | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from FB/IG to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Meta account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_messenger_bridge_permissions | to_json }}
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_messenger_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: {{ matrix_mautrix_meta_messenger_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to Meta via the relaybot.
message_formats:
m.text: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* {{ .Sender.Displayname }} {{ .Message }}{% endraw %}"
m.file: "{% raw %}{{ .Sender.Displayname }} sent a file{% endraw %}"
m.image: "{% raw %}{{ .Sender.Displayname }} sent an image{% endraw %}"
m.audio: "{% raw %}{{ .Sender.Displayname }} sent an audio file{% endraw %}"
m.video: "{% raw %}{{ .Sender.Displayname }} sent a video{% endraw %}"
m.location: "{% raw %}{{ .Sender.Displayname }} sent a location{% endraw %}"
# Logging config. See https://github.com/tulir/zeroconfig for details. # Logging config. See https://github.com/tulir/zeroconfig for details.
logging: logging:
min_level: {{ matrix_mautrix_meta_messenger_logging_min_level | to_json }} min_level: {{ matrix_mautrix_meta_messenger_logging_min_level | to_json }}
writers: writers:
- type: stdout - type: stdout
format: pretty format: pretty

8
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.7.1 matrix_mautrix_signal_version: v0.7.0
# See: https://mau.dev/mautrix/signal/container_registry # See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}" matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@ -100,12 +100,6 @@ matrix_mautrix_signal_logging_level: 'warn'
# If false, created portal rooms will never be federated. # If false, created portal rooms will never be federated.
matrix_mautrix_signal_federate_rooms: true matrix_mautrix_signal_federate_rooms: true
matrix_mautrix_signal_backfill_enabled: true
matrix_mautrix_signal_backfill_max_initial_messages: 50
matrix_mautrix_signal_backfill_max_catchup_messages: 500
matrix_mautrix_signal_backfill_unread_hours_threshold: 720
matrix_mautrix_signal_backfill_threads_max_initial_messages: 50
# Whether or not metrics endpoint should be enabled. # Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them. # Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.

3
roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_signal_sqlite_database_path_local }}" src: "{{ matrix_mautrix_signal_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_signal_database_connection_string }}" dst: "{{ matrix_mautrix_signal_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -141,7 +141,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_signal_container_network }}" name: "{{ matrix_mautrix_signal_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-signal.service installed - name: Ensure matrix-mautrix-signal.service installed
ansible.builtin.template: ansible.builtin.template:

10
roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View File

@ -280,18 +280,18 @@ direct_media:
# See https://docs.mau.fi/bridges/general/backfill.html for more details. # See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill: backfill:
# Whether to do backfilling at all. # Whether to do backfilling at all.
enabled: {{ matrix_mautrix_signal_backfill_enabled | to_json }} enabled: false
# Maximum number of messages to backfill in empty rooms. # Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_signal_backfill_max_initial_messages | to_json }} max_initial_messages: 50
# Maximum number of missed messages to backfill after bridge restarts. # Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_signal_backfill_max_catchup_messages | to_json }} max_catchup_messages: 500
# If a backfilled chat is older than this number of hours, # If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network. # mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_signal_backfill_unread_hours_threshold| to_json }} unread_hours_threshold: 720
# Settings for backfilling threads within other backfills. # Settings for backfilling threads within other backfills.
threads: threads:
# Maximum number of messages to backfill in a new thread. # Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_signal_backfill_threads_max_initial_messages | to_json }} max_initial_messages: 50
# Settings for the backwards backfill queue. This only applies when connecting to # Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history. # Beeper as standard Matrix servers don't support inserting messages into history.
queue: queue:

11
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}" matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
matrix_mautrix_slack_version: v0.1.1 matrix_mautrix_slack_version: v0.1.0
# See: https://mau.dev/mautrix/slack/container_registry # See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}" matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
@ -55,12 +55,6 @@ matrix_mautrix_slack_homeserver_token: ''
matrix_mautrix_slack_appservice_bot_username: slackbot matrix_mautrix_slack_appservice_bot_username: slackbot
matrix_mautrix_slack_backfill_enabled: true
matrix_mautrix_slack_backfill_max_initial_messages: 50
matrix_mautrix_slack_backfill_max_catchup_messages: 500
matrix_mautrix_slack_backfill_unread_hours_threshold: 720
matrix_mautrix_slack_backfill_threads_max_initial_messages: 50
# Minimum severity of journal log messages. # Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal # Options: debug, info, warn, error, fatal
matrix_mautrix_slack_logging_level: 'warn' matrix_mautrix_slack_logging_level: 'warn'
@ -148,9 +142,6 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml |
matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
# This pickle key value is backward-compatible with the old bridge.
# See: https://github.com/mautrix/slack/releases/tag/v0.1.0
matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsapp
matrix_mautrix_slack_provisioning_shared_secret: '' matrix_mautrix_slack_provisioning_shared_secret: ''
matrix_mautrix_slack_public_media_signing_key: '' matrix_mautrix_slack_public_media_signing_key: ''

3
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}" src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_slack_database_connection_string }}" dst: "{{ matrix_mautrix_slack_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -98,7 +98,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_slack_container_network }}" name: "{{ matrix_mautrix_slack_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-slack.service installed - name: Ensure matrix-mautrix-slack.service installed
ansible.builtin.template: ansible.builtin.template:

16
roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2
View File

@ -244,7 +244,9 @@ appservice:
hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }} hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users. # Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user. # {% raw %}
# {{.}} is replaced with the internal ID of the user.
# {% endraw %}
username_template: "{% raw %}slack_{{.}}{% endraw %}" username_template: "{% raw %}slack_{{.}}{% endraw %}"
# Config options that affect the Matrix connector of the bridge. # Config options that affect the Matrix connector of the bridge.
@ -317,18 +319,18 @@ direct_media:
# See https://docs.mau.fi/bridges/general/backfill.html for more details. # See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill: backfill:
# Whether to do backfilling at all. # Whether to do backfilling at all.
enabled: {{ matrix_mautrix_slack_backfill_enabled | to_json }} enabled: false
# Maximum number of messages to backfill in empty rooms. # Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_slack_backfill_max_initial_messages | to_json }} max_initial_messages: 50
# Maximum number of missed messages to backfill after bridge restarts. # Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_slack_backfill_max_catchup_messages | to_json }} max_catchup_messages: 500
# If a backfilled chat is older than this number of hours, # If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network. # mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_slack_backfill_unread_hours_threshold| to_json }} unread_hours_threshold: 720
# Settings for backfilling threads within other backfills. # Settings for backfilling threads within other backfills.
threads: threads:
# Maximum number of messages to backfill in a new thread. # Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_slack_backfill_threads_max_initial_messages | to_json }} max_initial_messages: 50
# Settings for the backwards backfill queue. This only applies when connecting to # Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history. # Beeper as standard Matrix servers don't support inserting messages into history.
queue: queue:
@ -376,7 +378,7 @@ encryption:
allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }} allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }}
# Pickle key for encrypting encryption keys in the bridge database. # Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated. # If set to generate, a random key will be generated.
pickle_key: {{ matrix_mautrix_slack_bridge_encryption_pickle_key | to_json }} pickle_key: generate
# Options for deleting megolm sessions from the bridge. # Options for deleting megolm sessions from the bridge.
delete_keys: delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms # Beeper-specific: delete outbound sessions when hungryserv confirms

7
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -1,5 +1,10 @@
# File : roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
# Author : Pierre (McFly) Marty <paq.marty@gmail.com>
# Date : 17.01.2024
# Last Modified Date: 17.01.2024
# Last Modified By : Pierre (McFly) Marty <paq.marty@gmail.com>
# -----
--- ---
# mautrix-telegram is a Matrix <-> Telegram bridge # mautrix-telegram is a Matrix <-> Telegram bridge
# Project source code URL: https://github.com/mautrix/telegram # Project source code URL: https://github.com/mautrix/telegram

3
roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_telegram_database_connection_string }}" dst: "{{ matrix_mautrix_telegram_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -153,7 +153,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_telegram_container_network }}" name: "{{ matrix_mautrix_telegram_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-telegram.service installed - name: Ensure matrix-mautrix-telegram.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
View File

@ -82,7 +82,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_twitter_container_network }}" name: "{{ matrix_mautrix_twitter_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-twitter.service installed - name: Ensure matrix-mautrix-twitter.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}" dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -141,7 +141,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_whatsapp_container_network }}" name: "{{ matrix_mautrix_whatsapp_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-whatsapp.service installed - name: Ensure matrix-mautrix-whatsapp.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml
View File

@ -96,7 +96,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_wsproxy_container_network }}" name: "{{ matrix_mautrix_wsproxy_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-wsproxy.service installed - name: Ensure matrix-mautrix-wsproxy.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
View File

@ -50,7 +50,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_discord_database_connection_string }}" dst: "{{ matrix_mx_puppet_discord_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -117,7 +117,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_discord_container_network }}" name: "{{ matrix_mx_puppet_discord_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-discord.service installed - name: Ensure matrix-mx-puppet-discord.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}" dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -118,7 +118,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_groupme_container_network }}" name: "{{ matrix_mx_puppet_groupme_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-groupme.service installed - name: Ensure matrix-mx-puppet-groupme.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}" dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -97,7 +97,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_instagram_container_network }}" name: "{{ matrix_mx_puppet_instagram_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-instagram.service installed - name: Ensure matrix-mx-puppet-instagram.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
View File

@ -44,7 +44,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_slack_database_connection_string }}" dst: "{{ matrix_mx_puppet_slack_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_slack_container_network }}" name: "{{ matrix_mx_puppet_slack_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-slack.service installed - name: Ensure matrix-mx-puppet-slack.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_steam_database_connection_string }}" dst: "{{ matrix_mx_puppet_steam_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -118,7 +118,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_steam_container_network }}" name: "{{ matrix_mx_puppet_steam_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-steam.service installed - name: Ensure matrix-mx-puppet-steam.service installed
ansible.builtin.template: ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}" dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_twitter_container_network }}" name: "{{ matrix_mx_puppet_twitter_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-twitter.service installed - name: Ensure matrix-mx-puppet-twitter.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-sms/tasks/setup_install.yml
View File

@ -51,7 +51,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_sms_bridge_container_network }}" name: "{{ matrix_sms_bridge_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-sms-bridge.service installed - name: Ensure matrix-sms-bridge.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-bridge-wechat/tasks/install.yml
View File

@ -113,7 +113,6 @@
community.general.docker_network: community.general.docker_network:
name: "{{ matrix_wechat_container_network }}" name: "{{ matrix_wechat_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-wechat.service installed - name: Ensure matrix-wechat.service installed
ansible.builtin.template: ansible.builtin.template:

2
roles/custom/matrix-cactus-comments-client/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
matrix_cactus_comments_client_public_path_file_permissions: "0644" matrix_cactus_comments_client_public_path_file_permissions: "0644"
# renovate: datasource=docker depName=joseluisq/static-web-server # renovate: datasource=docker depName=joseluisq/static-web-server
matrix_cactus_comments_client_version: 2.33.0 matrix_cactus_comments_client_version: 2.32.2
matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}" matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"

1
roles/custom/matrix-cactus-comments-client/tasks/install.yml
View File

@ -76,7 +76,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_cactus_comments_client_container_network }}" name: "{{ matrix_cactus_comments_client_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-cactus-comments-client.service installed - name: Ensure matrix-cactus-comments-client.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-client-cinny/tasks/setup_install.yml
View File

@ -69,7 +69,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_cinny_container_network }}" name: "{{ matrix_client_cinny_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-cinny.service installed - name: Ensure matrix-client-cinny.service installed
ansible.builtin.template: ansible.builtin.template:

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=vectorim/element-web # renovate: datasource=docker depName=vectorim/element-web
matrix_client_element_version: v1.11.79 matrix_client_element_version: v1.11.77
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"

1
roles/custom/matrix-client-element/tasks/setup_install.yml
View File

@ -116,7 +116,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_element_container_network }}" name: "{{ matrix_client_element_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-element.service installed - name: Ensure matrix-client-element.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
View File

@ -81,7 +81,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_hydrogen_container_network }}" name: "{{ matrix_client_hydrogen_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-hydrogen.service installed - name: Ensure matrix-client-hydrogen.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-client-schildichat/tasks/setup_install.yml
View File

@ -102,7 +102,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_schildichat_container_network }}" name: "{{ matrix_client_schildichat_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-schildichat.service installed - name: Ensure matrix-client-schildichat.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-conduit/tasks/setup_install.yml
View File

@ -39,7 +39,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_conduit_container_network }}" name: "{{ matrix_conduit_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure Conduit container image is pulled - name: Ensure Conduit container image is pulled
community.docker.docker_image: community.docker.docker_image:

1
roles/custom/matrix-corporal/tasks/setup_install.yml
View File

@ -71,7 +71,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_corporal_container_network }}" name: "{{ matrix_corporal_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-corporal.service installed - name: Ensure matrix-corporal.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-coturn/tasks/setup_install.yml
View File

@ -99,7 +99,6 @@
community.docker.docker_network: community.docker.docker_network:
name: "{{ matrix_coturn_container_network }}" name: "{{ matrix_coturn_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-coturn.service installed - name: Ensure matrix-coturn.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-dendrite/tasks/setup_install.yml
View File

@ -112,7 +112,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_dendrite_container_network }}" name: "{{ matrix_dendrite_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure Dendrite support files installed - name: Ensure Dendrite support files installed
ansible.builtin.template: ansible.builtin.template:

2
roles/custom/matrix-dendrite/templates/systemd/matrix-dendrite.service.j2
View File

@ -16,7 +16,7 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'
{% if (postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %} {% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %}
# Dendrite is too quick to start in relation to its Postgres dependency. # Dendrite is too quick to start in relation to its Postgres dependency.
# Delay Dendrite startup to avoid failing with: "failed to connect to accounts db" ("pq: the database system is starting up"). # Delay Dendrite startup to avoid failing with: "failed to connect to accounts db" ("pq: the database system is starting up").
ExecStartPre={{ matrix_host_command_sleep }} 5 ExecStartPre={{ matrix_host_command_sleep }} 5

3
roles/custom/matrix-dimension/tasks/setup_install.yml
View File

@ -55,7 +55,7 @@
name: galaxy/com.devture.ansible.role.postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres tasks_from: migrate_db_to_postgres
vars: vars:
postgres_db_migration_request: devture_postgres_db_migration_request:
src: "{{ matrix_dimension_sqlite_database_path_local }}" src: "{{ matrix_dimension_sqlite_database_path_local }}"
dst: "{{ matrix_dimension_database_connection_string }}" dst: "{{ matrix_dimension_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -133,7 +133,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_dimension_container_network }}" name: "{{ matrix_dimension_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-dimension.service installed - name: Ensure matrix-dimension.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_dynamic_dns_container_network }}" name: "{{ matrix_dynamic_dns_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-dynamic-dns.service installed - name: Ensure matrix-dynamic-dns.service installed
ansible.builtin.template: ansible.builtin.template:

1
roles/custom/matrix-email2matrix/tasks/setup_install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_email2matrix_container_network }}" name: "{{ matrix_email2matrix_container_network }}"
driver: bridge driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-email2matrix.service installed - name: Ensure matrix-email2matrix.service installed
ansible.builtin.template: ansible.builtin.template:

Some files were not shown because too many files have changed in this diff Show More