Compare commits

..

71 Commits

Author SHA1 Message Date
8ad24c030b
feat: add automatic creation of reverse-proxy routing 2021-10-22 08:31:17 +02:00
0c13804544
meta: move inventory structure to be more usable 2021-10-22 08:31:16 +02:00
a0c987bc4d
meta: add own inventory, add vault-unlock with GPG 2021-10-22 08:31:15 +02:00
Slavi Pantaleev
013c6e68f9
Merge pull request #1348 from hifi/feature/heisenbridge-1.3.0
Upgrade Heisenbridge (1.2.1 -> 1.3.0)
2021-10-21 20:15:12 +03:00
Toni Spets
d7af78066b Upgrade Heisenbridge (1.2.1 -> 1.3.0) 2021-10-21 19:55:13 +03:00
Slavi Pantaleev
09ac950d17 Fix dump importing (backup restore) into Postgres v14
In short, the problem is that older Postgres versions store passwords
hashed as md5. When you dump such a database, the dump naturally also
contains md5-hashed passwords.
Restoring from that dump used to create users and updates their passwords
with these md5 hashes.
However, Postgres v14 prefers does not like md5-hashed passwords now (by default),
which breaks connectivity. Postgres v14 prefers `scram-sha-256` for
authentication.

Our solution is to just ignore setting passwords (`ALTER ROLE ..`
statements) when restoring dumps. We don't need to set passwords as
defined in the dump anyway, because the playbook creates users
and manages their passwords by itself.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1340
2021-10-21 16:38:56 +03:00
Slavi Pantaleev
35c91701a8
Merge pull request #1347 from GoMatrixHosting/gomatrixhosting-testing
Gomatrixhosting v0.6.3 hotfix2
2021-10-21 10:03:41 +03:00
PC-Admin
7f140e9be2 Merge remote-tracking branch 'upstream/master' into gomatrixhosting-testing 2021-10-21 10:27:45 +08:00
PC-Admin
725150565a GoMatrixHosting v0.6.3 hotfix2 2021-10-21 10:25:23 +08:00
Slavi Pantaleev
86614d6357
Merge pull request #1345 from GoMatrixHosting/gomatrixhosting-testing
GoMatrixHosting v0.6.3 [hotfix]
2021-10-20 17:04:55 +03:00
Slavi Pantaleev
5dc2868269 Upgrade Synapse (1.45.0 -> 1.45.1) 2021-10-20 15:08:07 +03:00
PC-Admin
75cfad57ca GoMatrixHosting v0.6.3 hotfix 2021-10-20 18:00:55 +08:00
Slavi Pantaleev
7595adb91d
Merge pull request #1344 from aaronraimist/patch-1
Fix link to nginx files in configuring-playbook-own-webserver.md
2021-10-20 09:41:03 +03:00
Aaron R
db81fa3415
Fix link to nginx files in configuring-playbook-own-webserver.md 2021-10-20 01:33:03 -05:00
Slavi Pantaleev
2fd968cf44
Merge pull request #1342 from aaronraimist/patch-1
Update installing.md to be a bit more clear
2021-10-20 09:12:50 +03:00
Aaron R
a8556fb8be
Update installing.md to be a bit more clear
This change should make it more obvious which order the steps must be done
2021-10-19 22:57:01 -05:00
Slavi Pantaleev
1dab178a44 Upgrade Synapse (1.44.0 -> 1.45.0) 2021-10-19 16:25:00 +03:00
Slavi Pantaleev
139205f3b3
Merge pull request #1338 from GoMatrixHosting/gomatrixhosting-testing
Gomatrixhosting v0.6.3 - rebased properly :)
2021-10-19 14:45:19 +03:00
PC-Admin
d65607c48f Merge remote-tracking branch 'upstream/master' into gomatrixhosting-testing 2021-10-19 17:48:23 +08:00
PC-Admin
18395e73d3 GMH v0.6.3 2021-10-19 17:45:15 +08:00
Slavi Pantaleev
5284afc60e
Merge pull request #1333 from Samonitari/add-support-for-suse-linux
Add support for suse linux
2021-10-15 09:50:02 +03:00
Slavi Pantaleev
8c15555d00 Upgrade Element (1.9.0 -> 1.9.2) 2021-10-15 09:27:26 +03:00
Slavi Pantaleev
c69ea4cbcd Update changelog
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1323
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1328
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1329
2021-10-13 07:58:35 +03:00
Slavi Pantaleev
26756b871a
Merge pull request #1329 from mochman/change_hangouts_readme
Updated Hangouts configuration readme.
2021-10-13 07:50:09 +03:00
Slavi Pantaleev
e57c1f3c5d
Merge pull request #1328 from mochman/add_googlechat
Added Mautrix Google Chat
2021-10-13 07:49:34 +03:00
Slavi Pantaleev
6937a2c0a9
Ensure password_hash salt is less than 16 chars
Also fixes the appservice and homeserver tokens for the Googlechat bridge,
so that they're not the same as the ones for the Hangouts bridge.
2021-10-13 07:48:59 +03:00
Luke
459ee6f1e0 Updated Hangouts configuration readme.
Also indicates that the Mautrix googlechat bridge is a replacement for hangouts.
2021-10-12 17:08:17 +00:00
Luke
1dac525e63 Added Mautrix Google Chat 2021-10-12 11:45:04 +00:00
Slavi Pantaleev
fb709152f3 Add self-building support for mautrix-whatsapp
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1322
2021-10-12 10:02:07 +03:00
Slavi Pantaleev
0c21b5a055
Merge pull request #1326 from GoMatrixHosting/gomatrixhosting-testing
GoMatrixHosting v0.6.2
2021-10-12 08:53:11 +03:00
Slavi Pantaleev
1cde9f8638
Merge pull request #1324 from aaronraimist/patch-1
Update matrix-appservice-slack (1.5.0 -> 1.8.0)
2021-10-12 08:51:48 +03:00
Slavi Pantaleev
7bb4a74656
Merge pull request #1325 from aaronraimist/patch-2
Update configuring-playbook-dimension.md
2021-10-12 08:51:23 +03:00
Michael Collins
fc0296b56e update element section 2021-10-12 12:20:53 +08:00
Aaron R
fb61f89221
Update configuring-playbook-dimension.md 2021-10-11 18:50:46 -05:00
Aaron R
25d0ae7b67
Update matrix-appservice-slack (1.5.0 -> 1.8.0)
I am not using this bridge and haven't tested this but multiple people have said 1.5.0 isn't working and 1.8.0 works for them so it seems to make sense to update.

https://github.com/matrix-org/matrix-appservice-slack/issues/618#issuecomment-929849093
2021-10-11 18:36:07 -05:00
Michael Collins
c630bc3eaa update element section 2021-10-11 15:13:09 +08:00
Michael Collins
46cba52e79 update element section 2021-10-11 15:00:11 +08:00
Michael Collins
b4654f8992 update element section 2021-10-11 14:53:52 +08:00
Michael Collins
927633321a update element section 2021-10-11 13:34:46 +08:00
Michael Collins
676ba70971 update element section 2021-10-11 12:57:16 +08:00
Michael Collins
53f4b84d1f update element section 2021-10-11 12:55:49 +08:00
Michael Collins
8ff0ae27b8 update element section 2021-10-11 12:15:15 +08:00
Michael Collins
9f0a8965d5 update element config 2021-10-11 11:43:58 +08:00
Michael Collins
36883150c6 update 2021-10-11 11:30:30 +08:00
Michael Collins
291efc1163 update element section 2021-10-11 11:20:28 +08:00
Michael Collins
6a8799afcc wrap brand variable in single quotes too 2021-10-11 10:55:39 +08:00
Michael Collins
85bc12d14c saner handling of background variable 2021-10-11 10:37:02 +08:00
Michael Collins
79acf6fc7e update conditionals 2021-10-11 10:30:12 +08:00
Michael Collins
a352ea4674 derp 2021-10-11 10:23:37 +08:00
Michael Collins
1ae103bbbe stop configure element from double wrapping this 2021-10-11 10:07:34 +08:00
Michael Collins
89c8ae94d6 update 2021-10-10 16:16:31 +08:00
Michael Collins
a631587ebd this isnt needed 2021-10-10 14:44:27 +08:00
Michael Collins
07a5433c24 fix lineinfile 2021-10-10 14:39:36 +08:00
Michael Collins
dd6e643581 first round of variable name changes 2021-10-10 14:10:06 +08:00
Michael Collins
175bdb100b first round of variable name changes 2021-10-10 13:23:49 +08:00
Michael Collins
6b9af38228 update? 2021-10-10 09:19:01 +08:00
Michael Collins
f4410514f5 update variable names 2021-10-09 15:45:49 +08:00
Michael Collins
de084c4d4d fix variable name change 2021-10-09 15:43:47 +08:00
Michael Collins
fb23c7b697 Merge remote-tracking branch 'upstream/master' into gomatrixhosting-testing 2021-10-09 15:38:32 +08:00
Michael Collins
a60a43cb08 change naming scheme of variables that feature in deploy. 2021-10-09 15:21:10 +08:00
Michael Collins
42af090a7c update naming scheme 1 2021-10-09 10:21:27 +08:00
Michael Collins
df9da052ab fix conditional 2021-10-09 09:24:39 +08:00
Michael Collins
384dfdce4b update? 2021-10-09 08:58:10 +08:00
Samonitari
6f99f95aa2 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into add-support-for-suse-linux 2021-10-08 10:27:32 +02:00
Michael Collins
b0d56f6c18 update conditionals 2021-10-08 14:28:37 +08:00
Michael Collins
208dce51d8 add new survey entries for welcome page link, headline and text 2021-10-08 14:18:59 +08:00
Michael Collins
0f4cb513b8 update survey 2021-10-08 13:16:09 +08:00
Michael Collins
8d9d176c36 update? 2021-10-07 13:29:55 +08:00
Michael Collins
d1754915d1 improve conditional 2021-10-07 12:53:32 +08:00
Michael Collins
ecc0437520 add logo section 2021-10-07 12:49:59 +08:00
Krisztian Szegi
f364fba182 Fix tripping on timesync setup 2021-09-14 08:35:20 +02:00
69 changed files with 1471 additions and 406 deletions

View File

@ -1,3 +1,14 @@
# 2021-10-23
## Hangouts bridge no longer updated, superseded by a Googlechat bridge
The mautrix-hangouts bridge is no longer receiving updates upstream and is likely to stop working in the future.
We still retain support for this bridge in the playbook, but you're encouraged to switch away from it.
There's a new [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge that you can [install using the playbook](docs/configuring-playbook-bridge-mautrix-googlechat.md).
Your **Hangouts bridge data will not be migrated**, however. You need to start fresh with the new bridge.
# 2021-08-23
## LinkedIn bridging support via beeper-linkedin

View File

@ -53,6 +53,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)
- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)

View File

@ -0,0 +1,58 @@
# Setting up Mautrix Google Chat (optional)
The playbook can install and configure [mautrix-googlechat](https://github.com/mautrix/googlechat) for you.
See the project's [documentation](https://docs.mau.fi/bridges/python/googlechat/index.html) to learn what it does and why it might be useful to you.
To enable the [Google Chat](https://chat.google.com/) bridge just use the following playbook configuration:
```yaml
matrix_mautrix_googlechat_enabled: true
```
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-googlechat` device some time in the future, as that would break the Double Puppeting feature
## Usage
Once the bot is enabled you need to start a chat with `googlechat bridge bot` with handle `@googlechatbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login` to the bridge bot to receive a link to the portal from which you can enable the bridging. Open the link sent by the bot and follow the instructions.
Automatic login may not work. If it does not, reload the page and select the "Manual login" checkbox before starting. Manual login involves logging into your Google account normally and then manually getting the OAuth token from browser cookies with developer tools.
Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages.
You can learn more about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/googlechat/authentication.html).
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

View File

@ -1,3 +1,5 @@
# The [Mautrix Hangouts Bridge](https://mau.dev/mautrix/hangouts) is no longer maintained. It has changed to a [Google Chat Bridge](https://github.com/mautrix/googlechat). Setup instructions for the Google Chat Bridge can be [found here](configuring-playbook-bridge-mautrix-googlechat.md).
# Setting up Mautrix Hangouts (optional)
The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you.

View File

@ -3,14 +3,12 @@
**[Dimension](https://dimension.t2bot.io) can only be installed after Matrix services are installed and running.**
If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later.
**Note**: enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible).
**Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible).
## Prerequisites
This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and an [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environment. This is handled automatically based on the value of `matrix_synapse_federation_enabled`.
Other important prerequisite is the `dimension.<your-domain>` DNS record being set up correctly. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly.
The `dimension.<your-domain>` DNS record must be created. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly.
## Enable
@ -45,11 +43,11 @@ To get an access token for the Dimension user, you can follow one of two options
*Through an interactive login*:
1. In a private browsing session (incognito window), open Element.
2. Log in with the `dimension` user and its password.
1. Log in with the `dimension` user and its password.
1. Set the display name and avatar, if required.
2. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
3. Copy the highlighted text to your configuration.
4. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work.
1. In the settings page choose "Help & About", scroll down to the bottom and expand the `Access Token` section.
1. Copy the access token to your configuration.
1. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work.
*With CURL*
@ -81,6 +79,8 @@ After these variables have been set, please run the following command to re-run
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
After Dimension has been installed you may need to log out and log back in for it to pick up the new integrations manager. Then you can access integrations in Element by opening a room, clicking the Room info button (`i`) button in the top right corner of the screen, and then clicking Add widgets, bridges & bots.
## Jitsi domain

View File

@ -71,7 +71,7 @@ After following the [Preparation](#preparation) guide above, you can take a loo
### Using another external webserver
Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/conf.d/).
Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/nginx/conf.d/).
## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy

View File

@ -98,6 +98,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional)
- [Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md) (optional)
- [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
- [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)

View File

@ -48,6 +48,8 @@ These services are not part of our default installation, but can be enabled by [
- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)
- [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) - the [mautrix-instagram](https://github.com/mautrix/instagram) bridge to [Instagram](https://instagram.com/) (optional)
- [mautrix/signal](https://mau.dev/mautrix/signal/container_registry) - the [mautrix-signal](https://github.com/mautrix/signal) bridge to [Signal](https://www.signal.org/) (optional)

View File

@ -1,25 +1,25 @@
# Installing
## 1. Installing the Matrix services
If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.
Run this as-is to set up a server:
Run this command to install the Matrix services:
```bash
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
```
**Note**: if you don't use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration.
**Note**: if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.
The above command **doesn't start any services just yet** (another step does this later - below).
Feel free to **re-run this setup command any time** you think something is off with the server configuration.
**Notes**:
- if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
- if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.
## Things you might want to do after installing
## 2. Things you might want to do after installing
After installing, but before starting the services, you may want to do additional things like:
**Before starting the services**, you may want to do additional things like:
- [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)
@ -28,20 +28,22 @@ After installing, but before starting the services, you may want to do additiona
- [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)
## Starting the services
## 3. Starting the services
When you're ready to start the Matrix services (and set them up to auto-start in the future):
When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command:
```bash
ansible-playbook -i inventory/hosts setup.yml --tags=start
```
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md)
## 4. Finalize the installation
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md).
## Things to do next
## 5. Things to do next
If you have started services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:
After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:
- [check if services work](maintenance-checking-services.md)
- or [create your first Matrix user account](registering-users.md)

View File

@ -25,8 +25,10 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-appservice-webhooks`
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mautrix-googlechat`
- `matrix-bridge-mautrix-telegram`
- `matrix-bridge-mautrix-signal`
- `matrix-bridge-mautrix-whatsapp`
- `matrix-bridge-mx-puppet-skype`
- `matrix-bot-mjolnir`
- `matrix-bot-matrix-reminder-bot`

View File

@ -337,6 +337,47 @@ matrix_mautrix_hangouts_database_password: "{{ matrix_synapse_macaroon_secret_ke
######################################################################
######################################################################
#
# matrix-bridge-mautrix-googlechat
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_googlechat_enabled: false
matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_googlechat_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_googlechat_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'gc.as.token') | to_uuid }}"
matrix_mautrix_googlechat_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'gc.hs.token') | to_uuid }}"
matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_googlechat_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.gc.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-googlechat
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-instagram
@ -477,6 +518,8 @@ matrix_mautrix_telegram_database_password: "{{ matrix_synapse_macaroon_secret_ke
# We don't enable bridges by default.
matrix_mautrix_whatsapp_enabled: false
matrix_mautrix_whatsapp_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_whatsapp_systemd_required_services_list: |
{{
['docker.service']
@ -1428,6 +1471,12 @@ matrix_postgres_additional_databases: |
'password': matrix_mautrix_hangouts_database_password,
}] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_googlechat_database_name,
'username': matrix_mautrix_googlechat_database_username,
'password': matrix_mautrix_googlechat_database_password,
}] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_instagram_database_name,
'username': matrix_mautrix_instagram_database_username,

View File

@ -8,10 +8,10 @@
"required": true,
"min": null,
"max": null,
"default": "{{ sftp_auth_method | string }}",
"default": "{{ awx_sftp_auth_method | string }}",
"choices": "Disabled\nPassword\nSSH Key",
"new_question": true,
"variable": "sftp_auth_method",
"variable": "awx_sftp_auth_method",
"type": "multiplechoice"
},
{
@ -20,10 +20,10 @@
"required": false,
"min": 0,
"max": 64,
"default": "{{ sftp_password }}",
"default": "{{ awx_sftp_password }}",
"choices": "",
"new_question": true,
"variable": "sftp_password",
"variable": "awx_sftp_password",
"type": "password"
},
{
@ -32,10 +32,10 @@
"required": false,
"min": 0,
"max": 16384,
"default": "{{ sftp_public_key }}",
"default": "{{ awx_sftp_public_key }}",
"choices": "",
"new_question": true,
"variable": "sftp_public_key",
"variable": "awx_sftp_public_key",
"type": "text"
}
]

View File

@ -8,10 +8,10 @@
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_awx_backup_enabled | string | lower }}",
"default": "{{ awx_backup_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_awx_backup_enabled",
"variable": "awx_backup_enabled",
"type": "multiplechoice"
}
]

View File

@ -0,0 +1,66 @@
{
"name": "Bridge Discord Appservice",
"description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
"spec": [
{
"question_name": "Enable Discord AppService Bridge",
"question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_appservice_discord_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_appservice_discord_enabled",
"type": "multiplechoice"
},
{
"question_name": "Discord Client ID",
"question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications",
"required": true,
"min": 0,
"max": 128,
"default": "{{ matrix_appservice_discord_client_id | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_appservice_discord_client_id",
"type": "text"
},
{
"question_name": "Discord Bot Token",
"question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications",
"required": true,
"min": 0,
"max": 256,
"default": "{{ matrix_appservice_discord_bot_token | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_appservice_discord_bot_token",
"type": "password"
},
{
"question_name": "Auto-Admin Matrix User",
"question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.",
"required": false,
"min": 0,
"max": 1024,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_appservice_discord_admin_user",
"type": "text"
},
{
"question_name": "Auto-Admin Rooms",
"question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.",
"required": false,
"min": 0,
"max": 4096,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_appservice_discord_admin_rooms",
"type": "textarea"
}
]
}

View File

@ -20,10 +20,10 @@
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_corporal_policy_provider_mode }}",
"default": "{{ awx_corporal_policy_provider_mode }}",
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
"new_question": true,
"variable": "matrix_corporal_policy_provider_mode",
"variable": "awx_corporal_policy_provider_mode",
"type": "multiplechoice"
},
{
@ -34,7 +34,7 @@
"max": 65536,
"default": "",
"new_question": true,
"variable": "matrix_corporal_simple_static_config",
"variable": "awx_corporal_simple_static_config",
"type": "textarea"
},
{
@ -43,9 +43,9 @@
"required": false,
"min": 0,
"max": 4096,
"default": "{{ matrix_corporal_pull_mode_uri }}",
"default": "{{ awx_corporal_pull_mode_uri }}",
"new_question": true,
"variable": "matrix_corporal_pull_mode_uri",
"variable": "awx_corporal_pull_mode_uri",
"type": "text"
},
{
@ -54,10 +54,10 @@
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_corporal_pull_mode_token }}",
"default": "{{ awx_corporal_pull_mode_token }}",
"choices": "",
"new_question": true,
"variable": "matrix_corporal_pull_mode_token",
"variable": "awx_corporal_pull_mode_token",
"type": "password"
},
{
@ -78,10 +78,10 @@
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_corporal_raise_ratelimits }}",
"default": "{{ awx_corporal_raise_ratelimits }}",
"choices": "Normal\nRaised",
"new_question": true,
"variable": "matrix_corporal_raise_ratelimits",
"variable": "awx_corporal_raise_ratelimits",
"type": "multiplechoice"
}
]

View File

@ -20,10 +20,10 @@
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_dimension_users_raw_final | to_json }},
"default": {{ awx_dimension_users_final | to_json }},
"choices": "",
"new_question": true,
"variable": "ext_dimension_users_raw",
"variable": "awx_dimension_users",
"type": "textarea"
}
]

View File

@ -14,18 +14,6 @@
"variable": "matrix_client_element_enabled",
"type": "multiplechoice"
},
{
"question_name": "Set Branding for Web Client",
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_client_element_brand }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_brand",
"type": "text"
},
{
"question_name": "Set Theme for Web Client",
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
@ -38,18 +26,78 @@
"variable": "matrix_client_element_default_theme",
"type": "multiplechoice"
},
{
"question_name": "Set Branding for Web Client",
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_client_element_brand | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_brand",
"type": "text"
},
{
"question_name": "Set Welcome Page Background",
"question_description": "URL to Wallpaper, shown in background of the welcome page. Must be a 'https' link, otherwise it won't be set.",
"question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl }}",
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
"type": "text"
},
{
"question_name": "Set Welcome Page Logo",
"question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_welcome_logo | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_welcome_logo",
"type": "text"
},
{
"question_name": "Set Welcome Page Logo URL",
"question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_welcome_logo_link | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_welcome_logo_link",
"type": "text"
},
{
"question_name": "Set Welcome Page Headline",
"question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'",
"required": false,
"min": 0,
"max": 512,
"default": "{{ awx_matrix_client_element_welcome_headline | trim }}",
"choices": "",
"new_question": true,
"variable": "awx_matrix_client_element_welcome_headline",
"type": "text"
},
{
"question_name": "Set Welcome Page Text",
"question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'",
"required": false,
"min": 0,
"max": 2048,
"default": "{{ awx_matrix_client_element_welcome_text | trim }}",
"choices": "",
"new_question": true,
"variable": "awx_matrix_client_element_welcome_text",
"type": "text"
},
{
"question_name": "Show Registration Button",
"question_description": "If you show the registration button on the welcome page.",

View File

@ -8,10 +8,10 @@
"required": false,
"min": 0,
"max": 2048,
"default": "{{ element_subdomain }}",
"default": "{{ awx_element_subdomain }}",
"choices": "",
"new_question": true,
"variable": "element_subdomain",
"variable": "awx_element_subdomain",
"type": "text"
}
]

View File

@ -20,10 +20,10 @@
"required": false,
"min": null,
"max": null,
"default": "{{ ext_matrix_ma1sd_auth_store }}",
"default": "{{ awx_matrix_ma1sd_auth_store }}",
"choices": "Synapse Internal\nLDAP/AD",
"new_question": true,
"variable": "ext_matrix_ma1sd_auth_store",
"variable": "awx_matrix_ma1sd_auth_store",
"type": "multiplechoice"
},
{
@ -32,9 +32,9 @@
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_matrix_ma1sd_configuration_extension_yaml | to_json }},
"default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }},
"new_question": true,
"variable": "ext_matrix_ma1sd_configuration_extension_yaml",
"variable": "awx_matrix_ma1sd_configuration_extension_yaml",
"type": "textarea"
}
]

View File

@ -92,10 +92,10 @@
"required": false,
"min": null,
"max": null,
"default": "{{ ext_registrations_require_3pid | string | lower }}",
"default": "{{ awx_registrations_require_3pid | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "ext_registrations_require_3pid",
"variable": "awx_registrations_require_3pid",
"type": "multiplechoice"
},
{
@ -107,7 +107,7 @@
"default": "",
"choices": "",
"new_question": true,
"variable": "ext_matrix_synapse_registration_shared_secret",
"variable": "awx_matrix_synapse_registration_shared_secret",
"type": "password"
},
{
@ -119,7 +119,7 @@
"default": "{{ matrix_synapse_max_upload_size_mb }}",
"choices": "",
"new_question": true,
"variable": "matrix_synapse_max_upload_size_mb_raw",
"variable": "awx_synapse_max_upload_size_mb",
"type": "text"
},
{
@ -128,10 +128,10 @@
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_url_preview_accept_language_default | to_json }},
"default": {{ awx_url_preview_accept_language_default | to_json }},
"choices": "",
"new_question": true,
"variable": "ext_url_preview_accept_language_raw",
"variable": "awx_url_preview_accept_language",
"type": "textarea"
},
{
@ -140,10 +140,10 @@
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_federation_whitelist_raw | to_json }},
"default": {{ awx_federation_whitelist | to_json }},
"choices": "",
"new_question": true,
"variable": "ext_federation_whitelist_raw",
"variable": "awx_federation_whitelist",
"type": "textarea"
},
{
@ -152,10 +152,10 @@
"required": false,
"min": 0,
"max": 65536,
"default": {{ matrix_synapse_auto_join_rooms_raw | to_json }},
"default": {{ awx_synapse_auto_join_rooms | to_json }},
"choices": "",
"new_question": true,
"variable": "matrix_synapse_auto_join_rooms_raw",
"variable": "awx_synapse_auto_join_rooms",
"type": "textarea"
},
{
@ -164,10 +164,10 @@
"required": false,
"min": null,
"max": null,
"default": "{{ ext_enable_registration_captcha | string | lower }}",
"default": "{{ awx_enable_registration_captcha | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "ext_enable_registration_captcha",
"variable": "awx_enable_registration_captcha",
"type": "multiplechoice"
},
{
@ -176,10 +176,10 @@
"required": false,
"min": 0,
"max": 40,
"default": "{{ ext_recaptcha_public_key }}",
"default": "{{ awx_recaptcha_public_key }}",
"choices": "",
"new_question": true,
"variable": "ext_recaptcha_public_key",
"variable": "awx_recaptcha_public_key",
"type": "text"
},
{
@ -188,10 +188,10 @@
"required": false,
"min": 0,
"max": 40,
"default": "{{ ext_recaptcha_private_key }}",
"default": "{{ awx_recaptcha_private_key }}",
"choices": "",
"new_question": true,
"variable": "ext_recaptcha_private_key",
"variable": "awx_recaptcha_private_key",
"type": "text"
}
]

View File

@ -8,10 +8,10 @@
"required": true,
"min": null,
"max": null,
"default": "{{ customise_base_domain_website | string | lower }}",
"default": "{{ awx_customise_base_domain_website | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "customise_base_domain_website",
"variable": "awx_customise_base_domain_website",
"type": "multiplechoice"
},
{
@ -20,10 +20,10 @@
"required": true,
"min": null,
"max": null,
"default": "{{ sftp_auth_method | string }}",
"default": "{{ awx_sftp_auth_method | string }}",
"choices": "Disabled\nPassword\nSSH Key",
"new_question": true,
"variable": "sftp_auth_method",
"variable": "awx_sftp_auth_method",
"type": "multiplechoice"
},
{
@ -32,10 +32,10 @@
"required": false,
"min": 0,
"max": 64,
"default": "{{ sftp_password }}",
"default": "{{ awx_sftp_password }}",
"choices": "",
"new_question": true,
"variable": "sftp_password",
"variable": "awx_sftp_password",
"type": "password"
},
{
@ -44,10 +44,10 @@
"required": false,
"min": 0,
"max": 16384,
"default": "{{ sftp_public_key }}",
"default": "{{ awx_sftp_public_key }}",
"choices": "",
"new_question": true,
"variable": "sftp_public_key",
"variable": "awx_sftp_public_key",
"type": "text"
}
]

View File

@ -7,7 +7,7 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# AWX Settings Start'
with_dict:
'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}'
'awx_backup_enabled': '{{ awx_backup_enabled }}'
tags: use-survey
- name: Save new 'Backup Server' survey.json to the AWX tower, template
@ -66,7 +66,7 @@
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
when: matrix_awx_backup_enabled|bool
when: awx_backup_enabled|bool
- name: Wait for both of these jobs to finish
async_status:
@ -76,11 +76,11 @@
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
when: matrix_awx_backup_enabled|bool
when: awx_backup_enabled|bool
- name: Perform borg backup of postgres dump
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
when: matrix_awx_backup_enabled|bool
when: awx_backup_enabled|bool
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
@ -93,8 +93,8 @@
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
awx_end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool
when: awx_end_playbook is defined and awx_end_playbook|bool

View File

@ -0,0 +1,57 @@
- name: Record Bridge Discord AppService variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Bridge Discord AppService Start'
with_dict:
'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}'
'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}'
'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}'
- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list
set_fact:
awx_appservice_discord_admin_rooms_array: |-
{{ awx_appservice_discord_admin_rooms.splitlines() | to_json }}
when: awx_appservice_discord_admin_rooms | trim | length > 0
- name: Promote user to administer (PL100) of each room
command: |
docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100'
with_indexed_items:
- "{{ awx_appservice_discord_admin_rooms_array }}"
when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined )
- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json'
- name: Copy new 'Bridge Discord Appservice' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json'
dest: '/matrix/awx/bridge_discord_appservice.json'
mode: '0660'
- name: Recreate 'Bridge Discord Appservice' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 3 - Bridge Discord AppService"
description: "Enables a private bridge you can use to connect Matrix rooms to Discord."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,bridge-discord-appservice"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes

View File

@ -6,22 +6,18 @@
- name: Set admin bool to zero
set_fact:
admin_bool: 0
when: admin_access == 'false'
awx_admin_bool: 0
when: awx_admin_access == 'false'
- name: Examine if server admin set
set_fact:
admin_bool: 1
when: admin_access == 'true'
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
awx_admin_bool: 1
when: awx_admin_access == 'true'
- name: Create user account
command: |
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
register: cmd
/usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }}
register: awx_cmd_output
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
@ -32,9 +28,13 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
awx_end_playbook: true
- name: Result
debug: msg="{{ cmd.stdout }}"
debug: msg="{{ awx_cmd_output.stdout }}"
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool
when: awx_end_playbook is defined and awx_end_playbook|bool

View File

@ -1,3 +1,4 @@
---
- name: Enable index.html creation if user doesn't wish to customise base domain
delegate_to: 127.0.0.1
@ -8,7 +9,7 @@
insertafter: '# Base Domain Settings Start'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool
when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
delegate_to: 127.0.0.1
@ -19,7 +20,7 @@
insertafter: '# Base Domain Settings Start'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
when: (customise_base_domain_website is defined) and customise_base_domain_website|bool
when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
@ -29,9 +30,9 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'sftp_auth_method': '"{{ sftp_auth_method }}"'
'sftp_password': '"{{ sftp_password }}"'
'sftp_public_key': '"{{ sftp_public_key }}"'
'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"'
'awx_sftp_password': '"{{ awx_sftp_password }}"'
'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"'
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
@ -41,8 +42,8 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'customise_base_domain_website': '{{ customise_base_domain_website }}'
when: customise_base_domain_website is defined
'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}'
when: awx_customise_base_domain_website is defined
- name: Reload vars in matrix_vars.yml
include_vars:
@ -54,28 +55,28 @@
template:
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
when: customise_base_domain_website is defined
when: awx_customise_base_domain_website is defined
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
dest: '/matrix/awx/configure_website_access_export.json'
mode: '0660'
when: customise_base_domain_website is defined
when: awx_customise_base_domain_website is defined
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: './roles/matrix-awx/surveys/access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
when: customise_base_domain_website is undefined
when: awx_customise_base_domain_website is undefined
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
dest: '/matrix/awx/access_export.json'
mode: '0660'
when: customise_base_domain_website is undefined
when: awx_customise_base_domain_website is undefined
- name: Recreate 'Configure Website + Access Export' job template
delegate_to: 127.0.0.1
@ -97,7 +98,7 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: customise_base_domain_website is defined
when: awx_customise_base_domain_website is defined
- name: Recreate 'Access Export' job template
delegate_to: 127.0.0.1
@ -119,9 +120,9 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: customise_base_domain_website is undefined
when: awx_customise_base_domain_website is undefined
- name: If user doesn't define a sftp_password, create a disabled 'sftp' account
- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
@ -130,18 +131,18 @@
group: matrix
password: '*'
update_password: always
when: sftp_password|length == 0
when: awx_sftp_password|length == 0
- name: If user defines sftp_password, enable account and set password on 'stfp' account
- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: matrix
password: "{{ sftp_password | password_hash('sha512') }}"
password: "{{ awx_sftp_password | password_hash('sha512') }}"
update_password: always
when: sftp_password|length > 0
when: awx_sftp_password|length > 0
- name: Ensure group "sftp" exists
group:
@ -153,7 +154,7 @@
name: sftp
groups: sftp
append: yes
when: customise_base_domain_website is defined
when: awx_customise_base_domain_website is defined
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
file:
@ -170,7 +171,7 @@
owner: matrix
group: matrix
mode: '0770'
when: customise_base_domain_website is defined
when: awx_customise_base_domain_website is defined
- name: Ensure /chroot/export location exists
file:
@ -202,11 +203,11 @@
- name: Insert public SSH key into authorized_keys file
lineinfile:
path: /home/sftp/.ssh/authorized_keys
line: "{{ sftp_public_key }}"
line: "{{ awx_sftp_public_key }}"
owner: sftp
group: sftp
mode: '0644'
when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key")
- name: Remove any existing Subsystem lines
lineinfile:
@ -232,7 +233,7 @@
AllowTcpForwarding no
PasswordAuthentication yes
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: sftp_auth_method == "Disabled"
when: awx_sftp_auth_method == "Disabled"
- name: Add SSH Match User section for password auth
blockinfile:
@ -245,7 +246,7 @@
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
when: sftp_auth_method == "Password"
when: awx_sftp_auth_method == "Password"
- name: Add SSH Match User section for publickey auth
blockinfile:
@ -258,7 +259,7 @@
X11Forwarding no
AllowTcpForwarding no
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: sftp_auth_method == "SSH Key"
when: awx_sftp_auth_method == "SSH Key"
- name: Restart service ssh.service
service:

View File

@ -1,3 +1,4 @@
---
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:

View File

@ -1,21 +1,22 @@
---
- name: Run export of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
register: _create_instances
register: awx_create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
register: awx_jobs
until: awx_jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
with_items: "{{ awx_create_instances.results }}"
- name: Schedule deletion of the export in 24 hours
at:
@ -35,8 +36,8 @@
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
awx_end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool
when: awx_end_playbook is defined and awx_end_playbook|bool

View File

@ -1,7 +1,7 @@
---
- name: Ensure correct ownership of /matrix/awx
shell: chown -R matrix:matrix /matrix/awx
- name: Ensure correct ownership of /matrix/synapse
shell: chown -R matrix:matrix /matrix/synapse

View File

@ -1,3 +1,4 @@
---
- name: Include vars in organisation.yml
include_vars:

View File

@ -1,3 +1,4 @@
---
- name: Include new vars in matrix_vars.yml
include_vars:

View File

@ -197,6 +197,15 @@
tags:
- setup-synapse-admin
# Additional playbook to set the variable file during Discord Appservice Bridge configuration
- include_tasks:
file: "bridge_discord_appservice.yml"
apply:
tags: bridge-discord-appservice
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- bridge-discord-appservice
# Delete AWX session token
- include_tasks:
file: "delete_session_token.yml"

View File

@ -1,10 +1,11 @@
---
- name: Collect entire room list into stdout
shell: |
curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}'
register: rooms_output
register: awx_rooms_output
- name: Print stdout to file
delegate_to: 127.0.0.1
shell: |
echo '{{ rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json
echo '{{ awx_rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json

View File

@ -1,12 +1,13 @@
---
- name: Purge all rooms with more then N events
shell: |
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: purge_command
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:

View File

@ -1,3 +1,4 @@
---
- name: Ensure dateutils and curl is installed in AWX
delegate_to: 127.0.0.1
@ -19,20 +20,20 @@
- name: Collect before shrink size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_before_stat
when: (purge_mode.find("Perform final shrink") != -1)
register: awx_db_size_before_stat
when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: True
- name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: synapse_container_ip
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_synapse_container_ip
- name: Collect access token for janitor user
shell: |
curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: janitors_token
curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token
no_log: True
- name: Copy build_room_list.py script to target machine
@ -42,107 +43,107 @@
owner: matrix
group: matrix
mode: '0755'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Run build_room_list.py script
shell: |
runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ janitors_token.stdout[1:-1] }} {{ synapse_container_ip.stdout }}
register: rooms_total
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }}
register: awx_rooms_total
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Fetch complete room list from target machine
fetch:
src: /tmp/room_list_complete.json
dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
flat: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Remove complete room list from target machine
file:
path: /tmp/room_list_complete.json
state: absent
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Generate list of rooms with no local users
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Count number of rooms with no local users
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }'
register: rooms_no_local_total
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: awx_rooms_no_local_total
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Setting host fact room_list_no_local_users
- name: Setting host fact awx_room_list_no_local_users
set_fact:
room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
no_log: True
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Purge all rooms with no local users
include_tasks: purge_database_no_local.yml
loop: "{{ room_list_no_local_users.splitlines() | flatten(levels=1) }}"
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}"
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Collect epoche time from date
delegate_to: 127.0.0.1
shell: |
date -d '{{ purge_date }}' +"%s"
when: (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: purge_epoche_time
date -d '{{ awx_purge_date }}' +"%s"
when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_purge_epoche_time
- name: Generate list of rooms with more then N users
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.joined_members > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
when: purge_mode.find("Number of users [slower]") != -1
jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
when: awx_purge_mode.find("Number of users [slower]") != -1
- name: Count number of rooms with more then N users
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }'
register: rooms_join_members_total
when: purge_mode.find("Number of users [slower]") != -1
register: awx_rooms_join_members_total
when: awx_purge_mode.find("Number of users [slower]") != -1
- name: Setting host fact room_list_joined_members
- name: Setting host fact awx_room_list_joined_members
delegate_to: 127.0.0.1
set_fact:
room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
when: purge_mode.find("Number of users [slower]") != -1
awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
when: awx_purge_mode.find("Number of users [slower]") != -1
no_log: True
- name: Purge all rooms with more then N users
include_tasks: purge_database_users.yml
loop: "{{ room_list_joined_members.splitlines() | flatten(levels=1) }}"
when: purge_mode.find("Number of users [slower]") != -1
loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}"
when: awx_purge_mode.find("Number of users [slower]") != -1
- name: Generate list of rooms with more then N events
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.state_events > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
when: purge_mode.find("Number of events [slower]") != -1
jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
when: awx_purge_mode.find("Number of events [slower]") != -1
- name: Count number of rooms with more then N events
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }'
register: rooms_state_events_total
when: purge_mode.find("Number of events [slower]") != -1
register: awx_rooms_state_events_total
when: awx_purge_mode.find("Number of events [slower]") != -1
- name: Setting host fact room_list_state_events
- name: Setting host fact awx_room_list_state_events
delegate_to: 127.0.0.1
set_fact:
room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
when: purge_mode.find("Number of events [slower]") != -1
awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
when: awx_purge_mode.find("Number of events [slower]") != -1
no_log: True
- name: Purge all rooms with more then N events
include_tasks: purge_database_events.yml
loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
when: purge_mode.find("Number of events [slower]") != -1
loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}"
when: awx_purge_mode.find("Number of events [slower]") != -1
- name: Adjust 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
@ -161,7 +162,7 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Execute rust-synapse-compress-state job template
delegate_to: 127.0.0.1
@ -171,7 +172,7 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Revert 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
@ -190,25 +191,25 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Ensure matrix-synapse is stopped
service:
name: matrix-synapse
state: stopped
daemon_reload: yes
when: (purge_mode.find("Perform final shrink") != -1)
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Re-index Synapse database
shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse'
when: (purge_mode.find("Perform final shrink") != -1)
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Ensure matrix-synapse is started
service:
name: matrix-synapse
state: started
daemon_reload: yes
when: (purge_mode.find("Perform final shrink") != -1)
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Adjust 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
@ -227,7 +228,7 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: (purge_mode.find("Perform final shrink") != -1)
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Execute run-postgres-vacuum job template
delegate_to: 127.0.0.1
@ -237,7 +238,7 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: (purge_mode.find("Perform final shrink") != -1)
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Revert 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
@ -256,50 +257,50 @@
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes
when: (purge_mode.find("Perform final shrink") != -1)
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Cleanup room_list files
delegate_to: 127.0.0.1
shell: |
rm /tmp/{{ subscription_id }}_room_list*
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
ignore_errors: yes
- name: Collect after shrink size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_after_stat
when: (purge_mode.find("Perform final shrink") != -1)
register: awx_db_size_after_stat
when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: True
- name: Print total number of rooms processed
debug:
msg: '{{ rooms_total.stdout }}'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
msg: '{{ awx_rooms_total.stdout }}'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Print the number of rooms purged with no local users
debug:
msg: '{{ rooms_no_local_total.stdout }}'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
msg: '{{ awx_rooms_no_local_total.stdout }}'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Print the number of rooms purged with more then N users
debug:
msg: '{{ rooms_join_members_total.stdout }}'
when: purge_mode.find("Number of users") != -1
msg: '{{ awx_rooms_join_members_total.stdout }}'
when: awx_purge_mode.find("Number of users") != -1
- name: Print the number of rooms purged with more then N events
debug:
msg: '{{ rooms_state_events_total.stdout }}'
when: purge_mode.find("Number of events") != -1
msg: '{{ awx_rooms_state_events_total.stdout }}'
when: awx_purge_mode.find("Number of events") != -1
- name: Print before purge size of Synapse database
debug:
msg: "{{ db_size_before_stat.stdout.split('\n') }}"
when: (db_size_before_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}"
when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 )
- name: Print after purge size of Synapse database
debug:
msg: "{{ db_size_after_stat.stdout.split('\n') }}"
when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}"
when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1)
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
@ -312,8 +313,8 @@
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
awx_end_playbook: true
- name: End playbook early if this task is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool
when: awx_end_playbook is defined and awx_end_playbook|bool

View File

@ -1,12 +1,13 @@
---
- name: Purge all rooms with no local users
shell: |
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room'
register: purge_command
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room'
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:

View File

@ -1,12 +1,13 @@
---
- name: Purge all rooms with more then N users
shell: |
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: purge_command
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:

View File

@ -1,17 +1,18 @@
---
- name: Collect epoche time from date
shell: |
date -d '{{ item }}' +"%s"
register: epoche_time
register: awx_epoche_time
- name: Purge local media to specific date
shell: |
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
register: purge_command
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:

View File

@ -19,76 +19,76 @@
- name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: synapse_container_ip
register: awx_synapse_container_ip
- name: Collect access token for janitor user
shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
register: janitors_token
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token
no_log: True
- name: Generate list of dates to purge to
delegate_to: 127.0.0.1
shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
register: purge_dates
register: awx_purge_dates
- name: Calculate initial size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_before
when: matrix_purge_media_type == "Local Media"
register: awx_local_media_size_before
when: awx_purge_media_type == "Local Media"
ignore_errors: yes
no_log: True
- name: Calculate initial size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_before
when: matrix_purge_media_type == "Remote Media"
register: awx_remote_media_size_before
when: awx_purge_media_type == "Remote Media"
ignore_errors: yes
no_log: True
- name: Purge local media with loop
include_tasks: purge_media_local.yml
loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}"
when: matrix_purge_media_type == "Local Media"
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
when: awx_purge_media_type == "Local Media"
- name: Purge remote media with loop
include_tasks: purge_media_remote.yml
loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}"
when: matrix_purge_media_type == "Remote Media"
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
when: awx_purge_media_type == "Remote Media"
- name: Calculate final size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_after
when: matrix_purge_media_type == "Local Media"
register: awx_local_media_size_after
when: awx_purge_media_type == "Local Media"
ignore_errors: yes
no_log: True
- name: Calculate final size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_after
when: matrix_purge_media_type == "Remote Media"
register: awx_remote_media_size_after
when: awx_purge_media_type == "Remote Media"
ignore_errors: yes
no_log: True
- name: Print size of local media repository before purge
debug:
msg: "{{ local_media_size_before.stdout.split('\n') }}"
when: matrix_purge_media_type == "Local Media"
msg: "{{ awx_local_media_size_before.stdout.split('\n') }}"
when: awx_purge_media_type == "Local Media"
- name: Print size of local media repository after purge
debug:
msg: "{{ local_media_size_after.stdout.split('\n') }}"
when: matrix_purge_media_type == "Local Media"
msg: "{{ awx_local_media_size_after.stdout.split('\n') }}"
when: awx_purge_media_type == "Local Media"
- name: Print size of remote media repository before purge
debug:
msg: "{{ remote_media_size_before.stdout.split('\n') }}"
when: matrix_purge_media_type == "Remote Media"
msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}"
when: awx_purge_media_type == "Remote Media"
- name: Print size of remote media repository after purge
debug:
msg: "{{ remote_media_size_after.stdout.split('\n') }}"
when: matrix_purge_media_type == "Remote Media"
msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}"
when: awx_purge_media_type == "Remote Media"
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
@ -101,8 +101,8 @@
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
awx_end_playbook: true
- name: End playbook early if this task is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool
when: awx_end_playbook is defined and awx_end_playbook|bool

View File

@ -1,17 +1,18 @@
---
- name: Collect epoche time from date
shell: |
date -d '{{ item }}' +"%s"
register: epoche_time
register: awx_epoche_time
- name: Purge remote media to specific date
shell: |
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
register: purge_command
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:

View File

@ -1,3 +1,4 @@
---
- name: Rename synapse presence variable
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Set the new authorized key taken from file
authorized_key:

View File

@ -1,3 +1,4 @@
---
- name: Install prerequisite apt packages on target
apt:
@ -23,83 +24,83 @@
- name: Calculate MAU value
shell: |
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
register: mau_stat
register: awx_mau_stat
no_log: True
- name: Print MAU value
debug:
msg: "{{ mau_stat.stdout.split('\n') }}"
when: mau_stat is defined
- name: Calculate CPU usage statistics
shell: iostat -c
register: cpu_usage_stat
register: awx_cpu_usage_stat
no_log: True
- name: Print CPU usage statistics
debug:
msg: "{{ cpu_usage_stat.stdout.split('\n') }}"
when: cpu_usage_stat is defined
- name: Calculate RAM usage statistics
shell: free -mh
register: ram_usage_stat
register: awx_ram_usage_stat
no_log: True
- name: Print RAM usage statistics
debug:
msg: "{{ ram_usage_stat.stdout.split('\n') }}"
when: ram_usage_stat is defined
- name: Calculate free disk space
shell: df -h
register: disk_space_stat
register: awx_disk_space_stat
no_log: True
- name: Print free disk space
debug:
msg: "{{ disk_space_stat.stdout.split('\n') }}"
when: disk_space_stat is defined
- name: Calculate size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_stat
register: awx_db_size_stat
no_log: True
- name: Print size of Synapse database
debug:
msg: "{{ db_size_stat.stdout.split('\n') }}"
when: db_size_stat is defined
- name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_stat
register: awx_local_media_size_stat
ignore_errors: yes
no_log: True
- name: Print size of local media repository
debug:
msg: "{{ local_media_size_stat.stdout.split('\n') }}"
when: local_media_size_stat is defined
- name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_stat
register: awx_remote_media_size_stat
ignore_errors: yes
no_log: True
- name: Calculate docker container statistics
shell: docker stats --all --no-stream
register: awx_docker_stats
ignore_errors: yes
no_log: True
- name: Print size of remote media repository
debug:
msg: "{{ remote_media_size_stat.stdout.split('\n') }}"
when: remote_media_size_stat is defined
msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}"
when: awx_remote_media_size_stat is defined
- name: Print size of local media repository
debug:
msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}"
when: awx_local_media_size_stat is defined
- name: Calculate docker container statistics
shell: docker stats --all --no-stream
register: docker_stats
ignore_errors: yes
no_log: True
- name: Print size of Synapse database
debug:
msg: "{{ awx_db_size_stat.stdout.split('\n') }}"
when: awx_db_size_stat is defined
- name: Print free disk space
debug:
msg: "{{ awx_disk_space_stat.stdout.split('\n') }}"
when: awx_disk_space_stat is defined
- name: Print RAM usage statistics
debug:
msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}"
when: awx_ram_usage_stat is defined
- name: Print CPU usage statistics
debug:
msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}"
when: awx_cpu_usage_stat is defined
- name: Print MAU value
debug:
msg: "{{ awx_mau_stat.stdout.split('\n') }}"
when: awx_mau_stat is defined
- name: Print docker container statistics
debug:
msg: "{{ docker_stats.stdout.split('\n') }}"
when: docker_stats is defined
msg: "{{ awx_docker_stats.stdout.split('\n') }}"
when: awx_docker_stats is defined

View File

@ -1,3 +1,4 @@
---
- name: Record Corporal Enabled/Disabled variable
delegate_to: 127.0.0.1
@ -62,7 +63,7 @@
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_enabled': 'false'
when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
- name: Enable Corporal API if Push/Pull mode delected
delegate_to: 127.0.0.1
@ -73,7 +74,7 @@
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_enabled': 'true'
when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
- name: Record Corporal API Access Token if it's defined
delegate_to: 127.0.0.1
@ -84,20 +85,22 @@
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
when: matrix_corporal_http_api_auth_token|length > 0
when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start"
insertbefore: "# Corporal Policy Provider Settings End"
marker_begin: "Corporal"
marker_end: "Corporal"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "static_file",
"Path": "/etc/matrix-corporal/corporal-policy.json"
}
when: matrix_corporal_policy_provider_mode == "Simple Static File"
when: awx_corporal_policy_provider_mode == "Simple Static File"
- name: Touch the /matrix/corporal/ directory
file:
@ -141,12 +144,12 @@
- name: Record 'Simple Static File' configuration content in corporal-policy.json
copy:
content: "{{ matrix_corporal_simple_static_config | string }}"
content: "{{ awx_corporal_simple_static_config | string }}"
dest: "/matrix/corporal/config/corporal-policy.json"
owner: matrix
group: matrix
mode: '660'
when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0)
when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0)
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
@ -157,13 +160,13 @@
matrix_corporal_policy_provider_config: |
{
"Type": "http",
"Uri": "{{ matrix_corporal_pull_mode_uri }}",
"AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}",
"Uri": "{{ awx_corporal_pull_mode_uri }}",
"AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}",
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
"ReloadIntervalSeconds": 1800,
"TimeoutMilliseconds": 30000
}
when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0)
when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0)
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
@ -176,7 +179,7 @@
"Type": "last_seen_store_policy",
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
}
when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
- name: Lower RateLimit if set to 'Normal'
delegate_to: 127.0.0.1
@ -184,7 +187,7 @@
path: '{{ awx_cached_matrix_vars }}'
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
when: matrix_corporal_raise_ratelimits == "Normal"
when: awx_corporal_raise_ratelimits == "Normal"
- name: Raise RateLimit if set to 'Raised'
delegate_to: 127.0.0.1
@ -192,7 +195,7 @@
path: '{{ awx_cached_matrix_vars }}'
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
when: matrix_corporal_raise_ratelimits == "Raised"
when: awx_corporal_raise_ratelimits == "Raised"
- name: Save new 'Configure Corporal' survey.json to the AWX tower
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Include vars in matrix_vars.yml
include_vars:
@ -13,8 +14,8 @@
- name: Collect access token of Dimension user
shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: dimension_user_access_token
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
@ -25,17 +26,17 @@
insertafter: '# Dimension Settings Start'
with_dict:
'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"'
'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"'
- name: Set final users list if users are defined
set_fact:
ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}"
when: ext_dimension_users_raw|length > 0
awx_dimension_users_final: "{{ awx_dimension_users }}"
when: awx_dimension_users | length > 0
- name: Set final users list if no users are defined
set_fact:
ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}'
when: ext_dimension_users_raw|length == 0
awx_dimension_users_final: '@dimension:{{ matrix_domain }}'
when: awx_dimension_users | length == 0
- name: Remove Dimension Users
delegate_to: 127.0.0.1
@ -58,7 +59,7 @@
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^matrix_dimension_admins:'
line: ' - "{{ item }}"'
with_items: "{{ ext_dimension_users_raw_final.splitlines() }}"
with_items: "{{ awx_dimension_users_final.splitlines() }}"
- name: Record Dimension Custom variables locally on AWX
delegate_to: 127.0.0.1
@ -66,9 +67,9 @@
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
insertbefore: '# Dimension Settings End'
with_dict:
'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}'
'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}'
- name: Save new 'Configure Dimension' survey.json to the AWX tower, template
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
@ -8,25 +9,142 @@
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
'matrix_client_element_brand': '{{ matrix_client_element_brand }}'
'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}'
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}'
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}'
'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}'
'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}'
- name: Record Element-Web custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertbefore: '# Element Settings End'
with_dict:
'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}'
'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}'
- name: Set Element-Web custom branding locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_brand': "{{ matrix_client_element_brand }}"
when: matrix_client_element_brand | trim | length > 0
- name: Remove Element-Web custom branding locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_brand: "
state: absent
when: matrix_client_element_brand | trim | length == 0
- name: Set fact for 'https' string
set_fact:
awx_https_string: "https"
- name: Record Element-Web Background variable locally on AWX
- name: Set Element-Web custom logo locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}'
when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 )
- name: Remove Element-Web custom logo locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_logo: "
state: absent
when: matrix_client_element_welcome_logo | trim | length == 0
- name: Set Element-Web custom logo link locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}'
when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 )
- name: Remove Element-Web custom logo link locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_logo_link: "
state: absent
when: matrix_client_element_welcome_logo_link | trim | length == 0
- name: Set Element-Web custom headline locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}'
when: awx_matrix_client_element_welcome_headline | trim | length > 0
- name: Remove Element-Web custom headline locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_headline: "
state: absent
when: awx_matrix_client_element_welcome_headline | trim | length == 0
- name: Set Element-Web custom text locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}'
when: awx_matrix_client_element_welcome_text | trim | length > 0
- name: Remove Element-Web custom text locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_text: "
state: absent
when: awx_matrix_client_element_welcome_text | trim | length == 0
- name: Set Element-Web background locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0
- name: Remove Element-Web background locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: "
state: absent
when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0
- name: Save new 'Configure Element' survey.json to the AWX tower, template
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
@ -7,7 +8,7 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings Start'
with_dict:
'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}"
'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}"
- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Record Jitsi variables locally on AWX
delegate_to: 127.0.0.1
@ -8,7 +9,7 @@
insertafter: '# Jitsi Settings Start'
with_dict:
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}'
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Record ma1sd variables locally on AWX
delegate_to: 127.0.0.1
@ -17,8 +18,8 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false'
when: awx_matrix_ma1sd_auth_store == 'Synapse Internal'
- name: Enable REST auth if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
@ -28,9 +29,9 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_ext_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"'
when: awx_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension
delegate_to: 127.0.0.1
@ -53,7 +54,7 @@
path: '{{ awx_cached_matrix_vars }}'
marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
insertafter: '# Start ma1sd Extension'
block: '{{ ext_matrix_ma1sd_configuration_extension_yaml }}'
block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}'
- name: Record ma1sd Custom variables locally on AWX
delegate_to: 127.0.0.1
@ -61,10 +62,10 @@
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Custom Settings Start'
insertbefore: '# ma1sd Settings End'
with_dict:
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
no_log: True
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template

View File

@ -1,3 +1,4 @@
---
- name: Record Mailer variables locally on AWX
delegate_to: 127.0.0.1

View File

@ -2,12 +2,12 @@
- name: Limit max upload size to 200MB part 1
set_fact:
matrix_synapse_max_upload_size_mb: "200"
when: matrix_synapse_max_upload_size_mb_raw|int >= 200
when: awx_synapse_max_upload_size_mb | int >= 200
- name: Limit max upload size to 200MB part 2
set_fact:
matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
when: matrix_synapse_max_upload_size_mb_raw|int < 200
matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}"
when: awx_synapse_max_upload_size_mb | int < 200
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
@ -32,13 +32,13 @@
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_synapse_auto_join_rooms: .*$"
replace: "matrix_synapse_auto_join_rooms: []"
when: matrix_synapse_auto_join_rooms_raw|length == 0
when: awx_synapse_auto_join_rooms | length == 0
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
set_fact:
matrix_synapse_auto_join_rooms_array: |-
{{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }}
when: matrix_synapse_auto_join_rooms_raw|length > 0
awx_synapse_auto_join_rooms_array: |-
{{ awx_synapse_auto_join_rooms.splitlines() | to_json }}
when: awx_synapse_auto_join_rooms | length > 0
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
delegate_to: 127.0.0.1
@ -48,8 +48,8 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
"matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
when: matrix_synapse_auto_join_rooms_raw|length > 0
"matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}"
when: awx_synapse_auto_join_rooms | length > 0
- name: Record Synapse Shared Secret if it's defined
delegate_to: 127.0.0.1
@ -59,8 +59,8 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
'matrix_synapse_registration_shared_secret': '{{ ext_matrix_synapse_registration_shared_secret }}'
when: ext_matrix_synapse_registration_shared_secret|length > 0
'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}'
when: awx_matrix_synapse_registration_shared_secret | length > 0
- name: Record registations_require_3pid extra variable if true
delegate_to: 127.0.0.1
@ -72,7 +72,7 @@
with_items:
- " registrations_require_3pid:"
- " - email"
when: ext_registrations_require_3pid|bool
when: awx_registrations_require_3pid | bool
- name: Remove registrations_require_3pid extra variable if false
delegate_to: 127.0.0.1
@ -85,7 +85,7 @@
with_items:
- " registrations_require_3pid:"
- " - email"
when: not ext_registrations_require_3pid|bool
when: not awx_registrations_require_3pid | bool
- name: Remove URL Languages
delegate_to: 127.0.0.1
@ -97,21 +97,21 @@
- name: Set URL languages default if raw inputs empty
set_fact:
ext_url_preview_accept_language_default: 'en'
when: ext_url_preview_accept_language_raw|length == 0
awx_url_preview_accept_language_default: 'en'
when: awx_url_preview_accept_language | length == 0
- name: Set URL languages default if raw inputs not empty
set_fact:
ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}"
when: ext_url_preview_accept_language_raw|length > 0
awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}"
when: awx_url_preview_accept_language|length > 0
- name: Set URL languages if raw inputs empty
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ url_preview_accept_language:'
line: " - {{ ext_url_preview_accept_language_default }}"
when: ext_url_preview_accept_language_raw|length == 0
line: " - {{ awx_url_preview_accept_language_default }}"
when: awx_url_preview_accept_language|length == 0
- name: Set URL languages if raw inputs not empty
delegate_to: 127.0.0.1
@ -119,8 +119,8 @@
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ url_preview_accept_language:'
line: " - {{ item }}"
with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
when: ext_url_preview_accept_language_raw|length > 0
with_items: "{{ awx_url_preview_accept_language.splitlines() }}"
when: awx_url_preview_accept_language | length > 0
- name: Remove Federation Whitelisting 1
delegate_to: 127.0.0.1
@ -143,7 +143,7 @@
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
line: " federation_domain_whitelist:"
when: ext_federation_whitelist_raw|length > 0
when: awx_federation_whitelist | length > 0
- name: Set Federation Whitelisting 2
delegate_to: 127.0.0.1
@ -151,16 +151,16 @@
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ federation_domain_whitelist:'
line: " - {{ item }}"
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
when: ext_federation_whitelist_raw|length > 0
with_items: "{{ awx_federation_whitelist.splitlines() }}"
when: awx_federation_whitelist | length > 0
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
set_fact: ext_recaptcha_public_key="public-key"
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
- name: Set awx_recaptcha_public_key to a 'public-key' if undefined
set_fact: awx_recaptcha_public_key="public-key"
when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0)
- name: Set ext_recaptcha_private_key to a 'private-key' if undefined
set_fact: ext_recaptcha_private_key="private-key"
when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0)
- name: Set awx_recaptcha_private_key to a 'private-key' if undefined
set_fact: awx_recaptcha_private_key="private-key"
when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0)
- name: Record Synapse Extension variables locally on AWX
delegate_to: 127.0.0.1
@ -170,9 +170,9 @@
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Synapse Extension End'
with_dict:
' enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
' enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
' recaptcha_public_key': '{{ awx_recaptcha_public_key }}'
' recaptcha_private_key': '{{ awx_recaptcha_private_key }}'
- name: Record Synapse Custom variables locally on AWX
delegate_to: 127.0.0.1
@ -180,13 +180,13 @@
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
insertbefore: '# Synapse Settings End'
with_dict:
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
'ext_enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
'ext_recaptcha_public_key': '"{{ ext_recaptcha_public_key }}"'
'ext_recaptcha_private_key': '"{{ ext_recaptcha_private_key }}"'
'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}'
'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}'
'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"'
'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"'
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
delegate_to: 127.0.0.1

View File

@ -1,3 +1,4 @@
---
- name: Record Synapse Admin variables locally on AWX
delegate_to: 127.0.0.1

View File

@ -83,8 +83,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else 'ntp' }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

View File

@ -7,7 +7,7 @@ matrix_appservice_slack_container_self_build: false
matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
matrix_appservice_slack_version: release-1.5.0
matrix_appservice_slack_version: release-1.8.0
matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"

View File

@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.2.1
matrix_heisenbridge_version: 1.3.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

View File

@ -0,0 +1,115 @@
# mautrix-googlechat is a Matrix <-> googlechat bridge
# See: https://github.com/mautrix/googlechat
matrix_mautrix_googlechat_enabled: true
matrix_mautrix_googlechat_container_image_self_build: false
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
matrix_mautrix_googlechat_version: latest
# See: https://mau.dev/mautrix/googlechat/container_registry
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_googlechat_docker_image_force_pull: "{{ matrix_mautrix_googlechat_docker_image.endswith(':latest') }}"
matrix_mautrix_googlechat_base_path: "{{ matrix_base_data_path }}/mautrix-googlechat"
matrix_mautrix_googlechat_config_path: "{{ matrix_mautrix_googlechat_base_path }}/config"
matrix_mautrix_googlechat_data_path: "{{ matrix_mautrix_googlechat_base_path }}/data"
matrix_mautrix_googlechat_docker_src_files_path: "{{ matrix_mautrix_googlechat_base_path }}/docker-src"
matrix_mautrix_googlechat_public_endpoint: '/mautrix-googlechat'
matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080'
# Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
matrix_mautrix_googlechat_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_mautrix_googlechat_container_extra_arguments: []
# List of systemd services that matrix-mautrix-googlechat.service depends on.
matrix_mautrix_googlechat_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-googlechat.service wants
matrix_mautrix_googlechat_systemd_wanted_services_list: []
matrix_mautrix_googlechat_appservice_token: ''
matrix_mautrix_googlechat_homeserver_token: ''
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables
matrix_mautrix_googlechat_database_engine: 'sqlite'
matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
matrix_mautrix_googlechat_sqlite_database_path_in_container: "/data/mautrix-googlechat.db"
matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat'
matrix_mautrix_googlechat_database_password: 'some-password'
matrix_mautrix_googlechat_database_hostname: 'matrix-postgres'
matrix_mautrix_googlechat_database_port: 5432
matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat'
matrix_mautrix_googlechat_database_connection_string: 'postgres://{{ matrix_mautrix_googlechat_database_username }}:{{ matrix_mautrix_googlechat_database_password }}@{{ matrix_mautrix_googlechat_database_hostname }}:{{ matrix_mautrix_googlechat_database_port }}/{{ matrix_mautrix_googlechat_database_name }}'
matrix_mautrix_googlechat_appservice_database: "{{
{
'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container),
'postgres': matrix_mautrix_googlechat_database_connection_string,
}[matrix_mautrix_googlechat_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_googlechat_login_shared_secret: ''
matrix_mautrix_googlechat_appservice_bot_username: googlechatbot
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_googlechat_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_googlechat_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_googlechat_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_googlechat_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_googlechat_configuration_yaml`.
matrix_mautrix_googlechat_configuration_extension: "{{ matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml if matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_googlechat_configuration_yaml`.
matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml|from_yaml|combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}"
matrix_mautrix_googlechat_registration_yaml: |
id: googlechat
as_token: "{{ matrix_mautrix_googlechat_appservice_token }}"
hs_token: "{{ matrix_mautrix_googlechat_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@googlechat_.+:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_googlechat_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_googlechat_appservice_address }}
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_googlechat_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml|from_yaml }}"

View File

@ -0,0 +1,69 @@
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled"
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}"
when: matrix_mautrix_googlechat_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mautrix-googlechat-registration.yaml"] }}
when: matrix_mautrix_googlechat_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
set_fact:
matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_googlechat_public_endpoint }} {
{% if matrix_nginx_proxy_enabled|default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-googlechat:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mautrix_googlechat_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
URL endpoint to the matrix-mautrix-googlechat container.
You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
when: "matrix_mautrix_googlechat_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)"

View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool"
tags:
- setup-all
- setup-mautrix-googlechat
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool"
tags:
- setup-all
- setup-mautrix-googlechat
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mautrix_googlechat_enabled|bool"
tags:
- setup-all
- setup-mautrix-googlechat

View File

@ -0,0 +1,128 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- set_fact:
matrix_mautrix_googlechat_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result
- block:
- set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
caller: "{{ role_path|basename }}"
engine_variable_name: 'matrix_mautrix_googlechat_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-googlechat.service']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- set_fact:
matrix_mautrix_googlechat_requires_restart: true
when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_mautrix_googlechat_database_engine == 'postgres'"
- name: Ensure Mautrix googlechat image is pulled
docker_image:
name: "{{ matrix_mautrix_googlechat_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}"
when: not matrix_mautrix_googlechat_container_image_self_build
- name: Ensure Mautrix googlechat paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mautrix_googlechat_base_path }}", when: true }
- { path: "{{ matrix_mautrix_googlechat_config_path }}", when: true }
- { path: "{{ matrix_mautrix_googlechat_data_path }}", when: true }
- { path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}" }
when: "item.when|bool"
- name: Ensure Mautrix Hangots repository is present on self build
git:
repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_googlechat_git_pull_results
when: "matrix_mautrix_googlechat_container_image_self_build|bool"
- name: Ensure Mautrix googlechat Docker image is built
docker_image:
name: "{{ matrix_mautrix_googlechat_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_googlechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_googlechat_container_image_self_build|bool"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db"
register: matrix_mautrix_googlechat_stat_database
- name: (Data relocation) Ensure matrix-mautrix-googlechat.service is stopped
service:
name: matrix-mautrix-googlechat
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mautrix_googlechat_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-googlechat database file to ./data directory
command: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
when: "matrix_mautrix_googlechat_stat_database.stat.exists"
- name: Ensure mautrix-googlechat config.yaml installed
copy:
content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-googlechat registration.yaml installed
copy:
content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-googlechat.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service"
mode: 0644
register: matrix_mautrix_googlechat_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_googlechat_systemd_service_result.changed"
- name: Ensure matrix-mautrix-googlechat.service restarted, if necessary
service:
name: "matrix-mautrix-googlechat.service"
state: restarted
when: "matrix_mautrix_googlechat_requires_restart|bool"

View File

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mautrix-googlechat service
stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service"
register: matrix_mautrix_googlechat_service_stat
- name: Ensure matrix-mautrix-googlechat is stopped
service:
name: matrix-mautrix-googlechat
state: stopped
daemon_reload: yes
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- name: Ensure matrix-mautrix-googlechat.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service"
state: absent
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal
service:
daemon_reload: yes
when: "matrix_mautrix_googlechat_service_stat.stat.exists"

View File

@ -0,0 +1,14 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_googlechat_public_endpoint"
- "matrix_mautrix_googlechat_appservice_token"
- "matrix_mautrix_googlechat_homeserver_token"
- debug:
msg:
- '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}'

View File

@ -0,0 +1,145 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_googlechat_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_googlechat_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_googlechat_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: {{ matrix_mautrix_googlechat_appservice_database|to_json }}
# The unique ID of this appservice.
id: googlechat
# Username of the appservice bot.
bot_username: {{ matrix_mautrix_googlechat_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: googlechat bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_googlechat_appservice_token }}"
hs_token: "{{ matrix_mautrix_googlechat_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for googlechat users.
# {userid} is replaced with the user ID of the googlechat user.
username_template: "googlechat_{userid}"
# Displayname template for googlechat users.
# {displayname} is replaced with the display name of the googlechat user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (googlechat)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the googlechat users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your googlechat account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_googlechat_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_googlechat_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_googlechat_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_googlechat_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_googlechat.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

View File

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix googlechat bridge
{% for service in matrix_mautrix_googlechat_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_googlechat_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-googlechat \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_mautrix_googlechat_container_http_host_bind_port %}
-p {{ matrix_mautrix_googlechat_container_http_host_bind_port }}:8080 \
{% endif %}
-v {{ matrix_mautrix_googlechat_config_path }}:/config:z \
-v {{ matrix_mautrix_googlechat_data_path }}:/data:z \
{% for arg in matrix_mautrix_googlechat_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_googlechat_docker_image }} \
python3 -m mautrix_googlechat -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-googlechat
[Install]
WantedBy=multi-user.target

View File

@ -3,14 +3,20 @@
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: latest
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config"
matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data"
matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_path }}/docker-src"
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"

View File

@ -35,24 +35,49 @@
when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_mautrix_whatsapp_database_engine == 'postgres'"
- name: Ensure Mautrix Whatsapp paths exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true }
- { path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true }
- { path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true }
- { path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}" }
when: item.when|bool
- name: Ensure Mautrix Whatsapp image is pulled
docker_image:
name: "{{ matrix_mautrix_whatsapp_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}"
when: not matrix_mautrix_whatsapp_container_image_self_build
- name: Ensure Mautrix Whatsapp paths exists
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_mautrix_whatsapp_base_path }}"
- "{{ matrix_mautrix_whatsapp_config_path }}"
- "{{ matrix_mautrix_whatsapp_data_path }}"
- name: Ensure Mautrix Whatsapp repository is present on self-build
git:
repo: "{{ matrix_mautrix_whatsapp_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}"
version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}"
force: "yes"
register: matrix_mautrix_whatsapp_git_pull_results
when: "matrix_mautrix_whatsapp_container_image_self_build|bool"
- name: Ensure Mautrix Whatsapp Docker image is built
docker_image:
name: "{{ matrix_mautrix_whatsapp_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_whatsapp_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_whatsapp_container_image_self_build|bool"
- name: Check if an old database file exists
stat:

View File

@ -3,7 +3,7 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
matrix_client_element_version: v1.9.0
matrix_client_element_version: v1.9.2
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View File

@ -2,9 +2,9 @@
- name: Create user account @janitor
command: |
/usr/local/bin/matrix-synapse-register-user janitor {{ matrix_awx_janitor_user_password | quote }} 1
/usr/local/bin/matrix-synapse-register-user janitor {{ awx_janitor_user_password | quote }} 1
register: cmd
when: not matrix_awx_janitor_user_created|bool
when: not awx_janitor_user_created|bool
no_log: True
- name: Update AWX janitor user created variable
@ -15,14 +15,14 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'matrix_awx_janitor_user_created': 'true'
when: not matrix_awx_janitor_user_created|bool
'awx_janitor_user_created': 'true'
when: not awx_janitor_user_created|bool
- name: Create user account @dimension
command: |
/usr/local/bin/matrix-synapse-register-user dimension {{ matrix_awx_dimension_user_password | quote }} 0
/usr/local/bin/matrix-synapse-register-user dimension {{ awx_dimension_user_password | quote }} 0
register: cmd
when: not matrix_awx_dimension_user_created|bool
when: not awx_dimension_user_created|bool
no_log: True
- name: Update AWX dimension user created variable
@ -33,14 +33,14 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'matrix_awx_dimension_user_created': 'true'
when: not matrix_awx_dimension_user_created|bool
'awx_dimension_user_created': 'true'
when: not awx_dimension_user_created|bool
- name: Create user account @mjolnir
command: |
/usr/local/bin/matrix-synapse-register-user mjolnir {{ matrix_awx_mjolnir_user_password | quote }} 0
/usr/local/bin/matrix-synapse-register-user mjolnir {{ awx_mjolnir_user_password | quote }} 0
register: cmd
when: not matrix_awx_mjolnir_user_created|bool
when: not awx_mjolnir_user_created|bool
no_log: True
- name: Update AWX dimension user created variable
@ -51,8 +51,8 @@
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'matrix_awx_mjolnir_user_created': 'true'
when: not matrix_awx_mjolnir_user_created|bool
'awx_mjolnir_user_created': 'true'
when: not awx_mjolnir_user_created|bool
- name: Ensure /chroot/website location has correct permissions
file:
@ -61,4 +61,17 @@
owner: matrix
group: matrix
mode: '0770'
when: customise_base_domain_website is defined
when: awx_customise_base_domain_website is defined
- name: Collect Discord AppService bot invite link if file exists
command:
cat /matrix/appservice-discord/config/invite_link
register: awx_discord_appservice_link
when: awx_appservice_discord_admin_user is defined
args:
removes: /matrix/appservice-discord/config/invite_link
- name: Print Discord AppService bot link for user
debug:
msg: "{{ awx_discord_appservice_link.stdout }}"
when: awx_discord_appservice_link.stdout is defined

View File

@ -63,7 +63,16 @@ matrix_postgres_additional_databases: []
# We either need to not create them or to ignore the `CREATE ROLE` statements in the dump.
matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username]
matrix_postgres_import_roles_ignore_regex: "^CREATE ROLE ({{ matrix_postgres_import_roles_to_ignore|join('|') }});"
# When importing an existing Postgres database (when restoring a backup) or when doing a Postgres upgrade (which dumps & restores), we'd like to avoid:
# - creating users (`CREATE ROLE ..`)
# - updating passwords for users (`ALTER ROLE matrix WITH SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...`)
#
# Both of these operations are done by the playbook anyway.
# Updating passwords is especially undesirable, because older versions hash passwords using md5 and export them as md5 hashes in the dump file,
# which is unsupported by default by newer Postgres versions (v14+).
# When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+.
# If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default.
matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore|join('|') }})(;| WITH)"
# A list of databases to avoid creating when importing (or upgrading) the database.
# If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`),

View File

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.44.0
matrix_synapse_version_arm64: v1.44.0
matrix_synapse_version: v1.45.1
matrix_synapse_version_arm64: v1.45.1
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View File

@ -21,6 +21,7 @@
- matrix-bridge-beeper-linkedin
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-hangouts
- matrix-bridge-mautrix-googlechat
- matrix-bridge-mautrix-instagram
- matrix-bridge-mautrix-signal
- matrix-bridge-mautrix-telegram