diff --git a/CHANGELOG.md b/CHANGELOG.md index 799ac45e4..881bb00a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,40 @@ +# 2020-07-03 + +## Steam bridging support via mx-puppet-steam + +Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started. + + +# 2020-07-01 + +## Discord bridging support via mx-puppet-discord + +Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge. See our [Setting up MX Puppet Discord bridging](docs/configuring-playbook-bridge-mx-puppet-discord.md) documentation page for getting started. + +**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md). You're free too use the bridge that serves you better, or even both (for different users and use-cases). + + +# 2020-06-30 + +## Instagram and Twitter bridging support + +Thanks to [Johanna Dorothea Reichmann](https://github.com/jdreichmann)'s efforts, the playbook now supports bridging to [Instagram](https://www.instagram.com/) via the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge. See our [Setting up MX Puppet Instagram bridging](docs/configuring-playbook-bridge-mx-puppet-instagram.md) documentation page for getting started. + +Thanks to [Tulir Asokan](https://github.com/tulir)'s efforts, the playbook now supports bridging to [Twitter](https://twitter.com/) via the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge. See our [Setting up MX Puppet Twitter bridging](docs/configuring-playbook-bridge-mx-puppet-twitter.md) documentation page for getting started. + + +# 2020-06-28 + +## (Post Mortem / fixed Security Issue) Re-enabling User Directory search powered by the ma1sd Identity Server + +User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database. + +ma1sd's [security issue](https://github.com/ma1uta/ma1sd/issues/44) has been fixed in version `2.4.0`, with [this commit](ma1uta/ma1sd@2bb5a734d11662b06471113cf3d6b4cee5e33a85). `ma1sd 2.4.0` is now the default version for this playbook. For more information on what happened, please check the mentioned issue. + +We are re-enabling user directory search with this update. Those who would like to keep it disabled can use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false` + +As always, re-running the playbook is enough to get the updated bits. + # 2020-06-11 ## SMS bridging requires db reset diff --git a/README.md b/README.md index a5ec78d3b..dda85cb35 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,14 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation + +- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation + +- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation + +- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms @@ -152,6 +160,14 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional) +- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional) + +- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional) + +- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https:/discordapp.com) (optional) + +- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional) + - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 4ca9646e3..7a3e35eb3 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -1,6 +1,6 @@ # Alternative architectures -As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. +As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. To that end add the following variable to your `vars.yaml` file: @@ -21,9 +21,6 @@ matrix_architecture: "arm32" ## Implementation details -This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection. +For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture). -On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: -- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well -- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well -- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling. +For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md new file mode 100644 index 000000000..d137cf99e --- /dev/null +++ b/docs/configuring-captcha.md @@ -0,0 +1,23 @@ +(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md)) + +# Overview +Captcha can be enabled for this home server. This file explains how to do that. +The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. + +## Getting keys + +Requires a site/secret key pair from: + + + +Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option + +## Setting ReCaptcha Keys + +Once registered as above, set the following values: + +```yaml +matrix_synapse_enable_registration_captcha: true +matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' +matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' +``` diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 96f8377e4..3e98d69e9 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,5 +1,7 @@ # Setting up Appservice Discord (optional) +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook. + The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. See the project's [documentation](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/README.md) to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md new file mode 100644 index 000000000..7a3e986c7 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -0,0 +1,36 @@ +# Setting up MX Puppet Discord (optional) + +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook. + +The playbook can install and configure +[mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Discord](https://discordapp.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_discord_enabled: true +matrix_mx_puppet_discord_client_id: "" +matrix_mx_puppet_discord_client_secret: "" +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Discord Puppet Bridge` with +the handle `@_discordpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Three authentication methods are available, Legacy Token, OAuth and xoxc token. +See mx-puppet-discord [documentation](https://github.com/matrix-discord/mx-puppet-discord) +for more information about how to configure the bridge. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/docs/configuring-playbook-bridge-mx-puppet-instagram.md b/docs/configuring-playbook-bridge-mx-puppet-instagram.md new file mode 100644 index 000000000..3dad98449 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-instagram.md @@ -0,0 +1,36 @@ +# Setting up mx-puppet-instagram (optional) + +The playbook can install and configure +[mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you. + +This allows you to bridge Instagram DirectMessages into Matrix. + +To enable the [Instagram](https://www.instagram.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_instagram_enabled: true +``` + + +## Usage + +Once the bot is enabled, you need to start a chat with `Instagram Puppet Bridge` with +the handle `@_instagrampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Send `link ` to the bridge bot to link your instagram account. + +The `list` commands shows which accounts are linked and which `puppetId` is associated. + +For double-puppeting, you probably want to issue these commands: + +- `settype $puppetId puppet` to enable puppeting for the link (instead of relaying) +- `setautoinvite $puppetId 1` to automatically invite you to chats +- `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting) + +If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out. + +The `help` command shows which commands are available, though at the time of writing, not every command is fully implemented. + diff --git a/docs/configuring-playbook-bridge-mx-puppet-steam.md b/docs/configuring-playbook-bridge-mx-puppet-steam.md new file mode 100644 index 000000000..616efbe24 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Steam (optional) + +The playbook can install and configure +[mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Steam](https://steampowered.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_steam_enabled: true +matrix_mx_puppet_steam_client_id: "" +matrix_mx_puppet_steam_client_secret: "" +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Steam Puppet Bridge` with +the handle `@_steampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Three authentication methods are available, Legacy Token, OAuth and xoxc token. +See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam) +for more information about how to configure the bridge. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/docs/configuring-playbook-bridge-mx-puppet-twitter.md b/docs/configuring-playbook-bridge-mx-puppet-twitter.md new file mode 100644 index 000000000..dd2c9c120 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Twitter (optional) + +The playbook can install and configure +[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Twitter](https://twitter.com) bridge, make an app on [developer.twitter.com](https://developer.twitter.com/en/apps) +and fill out the following playbook configuration. + +```yaml +matrix_mx_puppet_twitter_enabled: true +matrix_mx_puppet_twitter_consumer_key: '' +matrix_mx_puppet_twitter_consumer_secret: '' +matrix_mx_puppet_twitter_access_token: '' +matrix_mx_puppet_twitter_access_token_secret: '' +matrix_mx_puppet_twitter_environment: '' +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Twitter Puppet Bridge` with +the handle `@_twitterpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +To log in, use `link` and click the link. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index ad818ab24..1e4ad61e3 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist: If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below). +## Exposing the room directory over federation + +By default, your server's public rooms directory is not exposed to other servers via federation. + +If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_synapse_allow_public_rooms_over_federation: true +``` + + ## Disabling federation To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 21a440f64..2a25fb02a 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -81,6 +81,47 @@ matrix_jitsi_jvb_container_extra_arguments: - '--env "DOCKER_HOST_ADDRESS="' ``` +## (Optional) Fine tune Jitsi + +You may want to suspend unused video layers until they are requested again, to save up resources on both server and clients. +Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/) +For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_enableLayerSuspension: true +``` + +You may wish to disable audio levels to avoid excessive refresh of the client-side page and decrease the CPU consumption involved. +For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_disableAudioLevels: true +``` + +You may want to limit the number of video feeds forwarded to each client, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes. +This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4). +Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf) +For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_channelLastN: 4 +``` + +To enable the variables that allow you to manage the video configuration you must add the following line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_constraints_enabled: true +``` + +You may want to limit the maximum video resolution, to save up resources on both server and clients. +For example, to set resolution to 480. +For this add this two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_constraints_video_height_ideal: 480 +matrix_jitsi_web_config_constraints_video_height_max: 480 +``` + ## Apply changes Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index da9ff21e1..06a5a5b97 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu - `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse +- `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation. + - `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering - variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality @@ -72,6 +74,21 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration and put your configuration in it. To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component. +## Example: SMS verification + +If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration: + +```yaml +matrix_ma1sd_configuration_extension_yaml: | + threepid: + medium: + msisdn: + connectors: + twilio: + account_sid: '' + auth_token: '' + number: '+' +``` ## Troubleshooting diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 4adcd934b..f97f622f7 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments: - '--label "traefik.enable=true"' # The Nginx proxy container will receive traffic from these subdomains - # (Replace DOMAIN with your domain, e.g. example.com) - - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"' + - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"' # (The 'web-secure' entrypoint must bind to port 443 in Traefik config) - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"' @@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments: - '--label "traefik.enable=true"' # The Synapse container will receive traffic from this subdomain - # (Replace DOMAIN with your domain, e.g. example.com) - - '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"' + - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"' # (The 'synapse' entrypoint must bind to port 8448 in Traefik config) - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"' diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 208db5bb0..7e81d3a7f 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -101,6 +101,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) +- [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (optional) + +- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (optional) + +- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional) + +- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 21a4343e9..959d3506e 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -48,12 +48,12 @@ If you're managing the base domain by yourself somehow, you'll need to set up se To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them. -You have 2 options when it comes to installing the files on the base domain's server: +You have 3 options when it comes to installing the files on the base domain's server: ### (Option 1): **Copying the files manually** to your base domain's server -**Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible. +**Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible. All you need to do is: @@ -65,7 +65,16 @@ This is relatively easy to do and possibly your only choice if you can only host It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again. -### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server +### (Option 2): **Serving the base domain** from the Matrix server via the playbook + +If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it. + +This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable. + +See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up. + + +### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server This option is less fragile and generally better. diff --git a/docs/self-building.md b/docs/self-building.md index e49120903..8413fb5e7 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -2,22 +2,23 @@ **Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.** -The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd). +The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required. -To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: -```yaml -matrix_container_images_self_build: true -``` -Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well. +For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building). +To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image. + +Note that **not all components support self-building yet**. List of roles where self-building the Docker image is currently possible: - `matrix-synapse` - `matrix-riot-web` - `matrix-coturn` - `matrix-ma1sd` - `matrix-mailer` -- `matrix-mautrix-facebook` -- `matrix-mautrix-hangouts` -- `matrix-mx-puppet-skype` +- `matrix-bridge-mautrix-facebook` +- `matrix-bridge-mautrix-hangouts` +- `matrix-bridge-mx-puppet-skype` Adding self-building support to other roles is welcome. Feel free to contribute! + +If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ff69cd8fb..b8af1894f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -232,6 +232,8 @@ matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" +matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" + matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" ###################################################################### @@ -391,6 +393,128 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov # ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-twitter +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_twitter_enabled: false + +matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_twitter_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" + +matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" + +matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-twitter +# +###################################################################### + + +###################################################################### +# +# matrix-bridge-mx-puppet-instagram +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_instagram_enabled: false + +matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_instagram_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" + +matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" + +matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-instagram +# +###################################################################### + +###################################################################### +# +# matrix-bridge-mx-puppet-discord +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_discord_enabled: false + +matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}" + +matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}" + +matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-discord +# +###################################################################### + +###################################################################### +# +# matrix-bridge-mx-puppet-steam +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_steam_enabled: false + +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_steam_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}" + +matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}" + +matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-steam +# +###################################################################### ###################################################################### # @@ -562,7 +686,17 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. matrix_ma1sd_enabled: true -matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +# There's no prebuilt ma1sd image for the `arm32` architecture. +# We're relying on self-building there. +matrix_ma1sd_architecture: "{{ + { + 'amd64': 'amd64', + 'arm32': 'arm32', + 'arm64': 'arm64', + }[matrix_architecture] +}}" + +matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -644,10 +778,7 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" -# Not proxying the user directory search to the identity server by default anymore, -# because it currently leaks data. -# See: https://github.com/ma1uta/ma1sd/issues/44 -matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false +matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 8a860b1ea..0cdd6e32a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -26,6 +26,12 @@ matrix_federation_public_port: 8448 matrix_user_username: "matrix" matrix_user_groupname: "matrix" +# By default, the playbook creates the user (`matrix_user_username`) +# and group (`matrix_user_groupname`) with a random id. +# To use a specific user/group id, override these variables. +matrix_user_uid: ~ +matrix_user_gid: ~ + matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" @@ -56,6 +62,11 @@ matrix_integration_manager_ui_url: ~ # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server matrix_riot_jitsi_preferredDomain: '' +# Controls whether Riot should use End-to-End Encryption by default. +# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE. +# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md +matrix_riot_e2ee_default: true + # The Docker network that all services would be put into matrix_docker_network: "matrix" @@ -94,7 +105,3 @@ run_setup: true run_self_check: true run_start: true run_stop: true - -# Building every docker image from source on the target host -# Controlling docker image build is possible on a per unit base -matrix_container_images_self_build: false diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index 700201a89..295643e91 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -3,6 +3,7 @@ - name: Ensure Matrix group is created group: name: "{{ matrix_user_groupname }}" + gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}" state: present register: matrix_group @@ -13,6 +14,7 @@ - name: Ensure Matrix user is created user: name: "{{ matrix_user_username }}" + uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present group: "{{ matrix_user_groupname }}" register: matrix_user diff --git a/roles/matrix-base/tasks/validate_config.yml b/roles/matrix-base/tasks/validate_config.yml index 526866190..ed97d539c 100644 --- a/roles/matrix-base/tasks/validate_config.yml +++ b/roles/matrix-base/tasks/validate_config.yml @@ -1,11 +1 @@ --- - -- name: (Deprecation) Warn about unused user/group variables - fail: - msg: > - The `{{ item }}` variable defined in your configuration is not used by this playbook anymore. - User/group creation is now dynamic. You can remove these variables from your configuration, as they have no effect on anything. - when: "item in vars" - with_items: - - 'matrix_user_uid' - - 'matrix_user_gid' diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index edbaa62eb..a4c1c4391 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -23,4 +23,9 @@ "preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }} } {% endif %} + {% if not matrix_riot_e2ee_default %}, + "im.vector.riot.e2ee": { + "default": false + } + {% endif %} } diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 31f4fe985..8430527af 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -20,6 +20,11 @@ matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' +# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. +matrix_mautrix_hangouts_container_http_host_bind_port: '' + # A list of extra arguments to pass to the container matrix_mautrix_hangouts_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index f33aff632..dc6ffda06 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -30,6 +30,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_mautrix_hangouts_container_http_host_bind_port %} + -p {{ matrix_mautrix_hangouts_container_http_host_bind_port }}:8080 \ + {% endif %} -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ {% for arg in matrix_mautrix_hangouts_container_extra_arguments %} diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index d3990b688..36b146089 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -26,7 +26,7 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}' -# Controls whether the matrix-telegram container exposes its HTTP port (tcp/8080 in the container). +# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. matrix_mautrix_telegram_container_http_host_bind_port: '' diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml new file mode 100644 index 000000000..12c597d46 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -0,0 +1,95 @@ +# Mx Puppet Discord is a Matrix <-> Discord bridge +# See: https://github.com/matrix-discord/mx-puppet-discord + +matrix_mx_puppet_discord_enabled: true + +matrix_mx_puppet_discord_container_image_self_build: false + +# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_discord_container_http_host_bind_port: '' + +matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest" +matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord" +matrix_mx_puppet_discord_config_path: "{{ matrix_mx_puppet_discord_base_path }}/config" +matrix_mx_puppet_discord_data_path: "{{ matrix_mx_puppet_discord_base_path }}/data" +matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_base_path }}/docker-src" + +matrix_mx_puppet_discord_appservice_port: "8432" + +matrix_mx_puppet_discord_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' + +matrix_mx_puppet_discord_client_id: '' +matrix_mx_puppet_discord_client_secret: '' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_discord_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_discord_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_discord_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-discord.service depends on. +matrix_mx_puppet_discord_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-discord.service wants +matrix_mx_puppet_discord_systemd_wanted_services_list: [] + +matrix_mx_puppet_discord_appservice_token: '' +matrix_mx_puppet_discord_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_discord_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_discord_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_discord_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_discord_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_discord_configuration_yaml`. + +matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`. +matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_discord_registration_yaml: | + as_token: "{{ matrix_mx_puppet_discord_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_discord_homeserver_token }}" + id: discord-puppet + namespaces: + users: + - exclusive: true + regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _discordpuppet_bot + url: {{ matrix_mx_puppet_discord_appservice_address }} + +matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml new file mode 100644 index 000000000..5d461931b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -0,0 +1,23 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}" + when: matrix_mx_puppet_discord_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} + when: matrix_mx_puppet_discord_enabled|bool + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml new file mode 100644 index 000000000..3ca32335c --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-discord + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-discord + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml new file mode 100644 index 000000000..e1aef147e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Discord image is pulled + docker_image: + name: "{{ matrix_mx_puppet_discord_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" + when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + +- name: Ensure MX Puppet Discord paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" } + when: matrix_mx_puppet_discord_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Discord repository is present on self build + git: + repo: https://github.com/matrix-discord/mx-puppet-discord.git + dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" + +- name: Ensure MX Puppet Discord Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_discord_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_discord_base_path }}/database.db" + register: matrix_mx_puppet_discord_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped + service: + name: matrix-mx-puppet-discord + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_discord_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-discord database file to ./data directory + command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" + when: "matrix_mx_puppet_discord_stat_database.stat.exists" + +- name: Ensure mx-puppet-discord config.yaml installed + copy: + content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-discord discord-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-discord.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-discord.service" + mode: 0644 + register: matrix_mx_puppet_discord_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_discord_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml new file mode 100644 index 000000000..b5b83c98f --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-discord service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-discord.service" + register: matrix_mx_puppet_discord_service_stat + +- name: Ensure matrix-mx-puppet-discord is stopped + service: + name: matrix-mx-puppet-discord + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_discord_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-discord.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-discord.service" + state: absent + when: "matrix_mx_puppet_discord_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml new file mode 100644 index 000000000..c253eda29 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_discord_appservice_token" + - "matrix_mx_puppet_discord_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 new file mode 100644 index 000000000..2c7037961 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -0,0 +1,138 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_discord_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_discord_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }} + {% if matrix_mx_puppet_discord_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }} + {% endif %} + # Display name of the bridge bot + displayname: Discord Puppet Bridge + # Optionally specify a different media URL used for the media store + # + # This is where Discord will download user profile pictures and media + # from + #mediaUrl: https://external-url.org + +presence: + # Bridge Discord online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} + +relay: + # Regex of Matrix IDs who are allowed to use the bridge in relay mode. + # Relay mode is when a single Discord bot account relays messages of + # multiple Matrix users + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} + +selfService: + # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} + +# Override the default name patterns for users, rooms and groups +# +# Variable names must be prefixed with a ':' +namePatterns: + # The default displayname for a bridged user + # + # Available variables: + # + # name: username of the user + # discriminator: hashtag of the user (ex. #1234) + user: :name + + # A user's guild-specific displayname - if they've set a custom nick in + # a guild + # + # Available variables: + # + # name: username of the user + # discriminator: hashtag of the user (ex. #1234) + # displayname: the user's custom group-specific nick + # channel: the name of the channel + # guild: the name of the guild + userOverride: :name + + # Room names for bridged Discord channels + # + # Available variables: + # + # name: name of the channel + # guild: name of the guild + room: :name + + # Group names for bridged Discord servers + # + # Available variables: + # + # name: name of the guide + group: :name + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 new file mode 100644 index 000000000..e26128eff --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Discord server +{% for service in matrix_mx_puppet_discord_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_discord_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_discord_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_discord_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_discord_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_discord_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-discord + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml new file mode 100644 index 000000000..c7488cbbe --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -0,0 +1,86 @@ +# mx-puppet-instagram bridges instagram DMs +# See: https://github.com/Sorunome/mx-puppet-instagram + +matrix_mx_puppet_instagram_enabled: true + +matrix_mx_puppet_instagram_container_image_self_build: false + +matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest" +matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram" +matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config" +matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data" +matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src" + +matrix_mx_puppet_instagram_appservice_port: "8440" +matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_instagram_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_instagram_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_instagram_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-instagram.service depends on. +matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-instagram.service wants +matrix_mx_puppet_instagram_systemd_wanted_services_list: [] + +matrix_mx_puppet_instagram_appservice_token: '' +matrix_mx_puppet_instagram_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_instagram_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_instagram_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`. + +matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`. +matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_instagram_registration_yaml: | + as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}" + id: instagram-puppet + namespaces: + users: + - exclusive: true + regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _instagrampuppet_bot + url: {{ matrix_mx_puppet_instagram_appservice_address }} + +matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml new file mode 100644 index 000000000..dafa59c07 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -0,0 +1,17 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}" + when: matrix_mx_puppet_instagram_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} + when: matrix_mx_puppet_instagram_enabled|bool + diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml new file mode 100644 index 000000000..d0fe90e4b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml new file mode 100644 index 000000000..d60fbaf24 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -0,0 +1,78 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure mx-puppet-instagram image is pulled + docker_image: + name: "{{ matrix_mx_puppet_instagram_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" + when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + +- name: Ensure mx-puppet-instagram paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } + when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool + +- name: Ensure mx-puppet-instagram repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-instagram.git + dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build" + +- name: Ensure mx-puppet-instagram Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_instagram_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build" + +- name: Ensure mx-puppet-instagram config.yaml installed + copy: + content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-instagram-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-instagram.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + mode: 0644 + register: matrix_mx_puppet_instagram_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_instagram_systemd_service_result.changed" + + diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml new file mode 100644 index 000000000..4b5e67ac8 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-instagram service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + register: matrix_mx_puppet_instagram_service_stat + +- name: Ensure matrix-mx-puppet-instagram is stopped + service: + name: matrix-mx-puppet-instagram + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-instagram.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + state: absent + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml new file mode 100644 index 000000000..b6d9d994e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_instagram_appservice_token" + - "matrix_mx_puppet_instagram_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 new file mode 100644 index 000000000..634fbaecd --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -0,0 +1,82 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_instagram_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_instagram_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }} + {% if matrix_mx_puppet_instagram_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }} + {% endif %} + +presence: + # Bridge Instagram online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 new file mode 100644 index 000000000..4c4b74a58 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix mx-puppet-instagram bridge +{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_instagram_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_instagram_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-instagram + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml new file mode 100644 index 000000000..bea26d394 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -0,0 +1,95 @@ +# Mx Puppet Steam is a Matrix <-> Steam bridge +# See: https://github.com/matrix-steam/mx-puppet-steam + +matrix_mx_puppet_steam_enabled: true + +matrix_mx_puppet_steam_container_image_self_build: false + +# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_steam_container_http_host_bind_port: '' + +matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest" +matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam" +matrix_mx_puppet_steam_config_path: "{{ matrix_mx_puppet_steam_base_path }}/config" +matrix_mx_puppet_steam_data_path: "{{ matrix_mx_puppet_steam_base_path }}/data" +matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_path }}/docker-src" + +matrix_mx_puppet_steam_appservice_port: "8432" + +matrix_mx_puppet_steam_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}' + +matrix_mx_puppet_steam_client_id: '' +matrix_mx_puppet_steam_client_secret: '' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_steam_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_steam_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_steam_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-steam.service depends on. +matrix_mx_puppet_steam_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-steam.service wants +matrix_mx_puppet_steam_systemd_wanted_services_list: [] + +matrix_mx_puppet_steam_appservice_token: '' +matrix_mx_puppet_steam_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_steam_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_steam_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_steam_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_steam_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_steam_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_steam_configuration_yaml`. + +matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`. +matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_steam_registration_yaml: | + as_token: "{{ matrix_mx_puppet_steam_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_steam_homeserver_token }}" + id: steam-puppet + namespaces: + users: + - exclusive: true + regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _steampuppet_bot + url: {{ matrix_mx_puppet_steam_appservice_address }} + +matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml new file mode 100644 index 000000000..60b660746 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -0,0 +1,23 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}" + when: matrix_mx_puppet_steam_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} + when: matrix_mx_puppet_steam_enabled|bool + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml new file mode 100644 index 000000000..cd6bb1477 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-steam + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-steam + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml new file mode 100644 index 000000000..be41c6458 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Steam image is pulled + docker_image: + name: "{{ matrix_mx_puppet_steam_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" + when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + +- name: Ensure MX Puppet Steam paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" } + when: matrix_mx_puppet_steam_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Steam repository is present on self build + git: + repo: https://github.com/icewind1991/mx-puppet-steam.git + dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" + +- name: Ensure MX Puppet Steam Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_steam_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_steam_base_path }}/database.db" + register: matrix_mx_puppet_steam_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped + service: + name: matrix-mx-puppet-steam + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_steam_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-steam database file to ./data directory + command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db" + when: "matrix_mx_puppet_steam_stat_database.stat.exists" + +- name: Ensure mx-puppet-steam config.yaml installed + copy: + content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-steam steam-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-steam.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-steam.service" + mode: 0644 + register: matrix_mx_puppet_steam_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_steam_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1ee95eb33 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-steam service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-steam.service" + register: matrix_mx_puppet_steam_service_stat + +- name: Ensure matrix-mx-puppet-steam is stopped + service: + name: matrix-mx-puppet-steam + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_steam_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-steam.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-steam.service" + state: absent + when: "matrix_mx_puppet_steam_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml new file mode 100644 index 000000000..a8bc6a420 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_steam_appservice_token" + - "matrix_mx_puppet_steam_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 new file mode 100644 index 000000000..d08982ca9 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -0,0 +1,99 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_steam_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_steam_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_steam_homeserver_address }} + {% if matrix_mx_puppet_steam_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_steam_login_shared_secret }} + {% endif %} + # Display name of the bridge bot + displayname: Steam Puppet Bridge + # Optionally specify a different media URL used for the media store + # + # This is where Steam will download user profile pictures and media + # from + #mediaUrl: https://external-url.org + +presence: + # Bridge Steam online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 5000 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} + +relay: + # Regex of Matrix IDs who are allowed to use the bridge in relay mode. + # Relay mode is when a single Steam bot account relays messages of + # multiple Matrix users + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} + +selfService: + # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 new file mode 100644 index 000000000..53518d42e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Steam server +{% for service in matrix_mx_puppet_steam_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_steam_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_steam_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_steam_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_steam_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_steam_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-steam + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml new file mode 100644 index 000000000..8299fd81f --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -0,0 +1,104 @@ +# Mx Puppet Twitter is a Matrix <-> Twitter bridge +# See: https://github.com/Sorunome/mx-puppet-twitter + +matrix_mx_puppet_twitter_enabled: true + +matrix_mx_puppet_twitter_container_image_self_build: false + +# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_twitter_container_http_host_bind_port: '' + +matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest" +matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter" +matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config" +matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data" +matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src" + +matrix_mx_puppet_twitter_appservice_port: "8432" + +matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}' + +matrix_mx_puppet_twitter_consumer_key: '' +matrix_mx_puppet_twitter_consumer_secret: '' +matrix_mx_puppet_twitter_access_token: '' +matrix_mx_puppet_twitter_access_token_secret: '' +matrix_mx_puppet_twitter_environment: '' +matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook' +matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_twitter_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_twitter_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_twitter_container_extra_arguments: [] + +# List of systemd services that mx-puppet-twitter.service depends on. +matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service'] + +# List of systemd services that mx-puppet-twitter.service wants +matrix_mx_puppet_twitter_systemd_wanted_services_list: [] + +matrix_mx_puppet_twitter_appservice_token: '' +matrix_mx_puppet_twitter_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_twitter_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_twitter_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`. + +matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`. +matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" + +# The prefix for user IDs and aliases +matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ +matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot + +matrix_mx_puppet_twitter_registration_yaml: | + as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}" + id: twitter-puppet + namespaces: + users: + - exclusive: true + regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}" + url: {{ matrix_mx_puppet_twitter_appservice_address }} + +matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml new file mode 100644 index 000000000..8f4aca6c6 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -0,0 +1,70 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}" + when: matrix_mx_puppet_twitter_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} + when: matrix_mx_puppet_twitter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your plabook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } + + - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_mx_puppet_twitter_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` + URL endpoint to the matrix-mx-puppet-twitter container. + You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml new file mode 100644 index 000000000..af355df36 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml new file mode 100644 index 000000000..4773055d7 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Twitter image is pulled + docker_image: + name: "{{ matrix_mx_puppet_twitter_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" + when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + +- name: Ensure MX Puppet Twitter paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } + when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Twitter repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-twitter.git + dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + +- name: Ensure MX Puppet Twitter Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_twitter_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db" + register: matrix_mx_puppet_twitter_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped + service: + name: matrix-mx-puppet-twitter + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_twitter_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory + command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db" + when: "matrix_mx_puppet_twitter_stat_database.stat.exists" + +- name: Ensure mx-puppet-twitter config.yaml installed + copy: + content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-twitter twitter-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-twitter.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + mode: 0644 + register: matrix_mx_puppet_twitter_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_twitter_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1d663531b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-twitter service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + register: matrix_mx_puppet_twitter_service_stat + +- name: Ensure matrix-mx-puppet-twitter is stopped + service: + name: matrix-mx-puppet-twitter + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-twitter.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + state: absent + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml new file mode 100644 index 000000000..d13a39e1e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_twitter_appservice_token" + - "matrix_mx_puppet_twitter_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 new file mode 100644 index 000000000..7d3033b39 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -0,0 +1,92 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_twitter_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_twitter_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }} + {% if matrix_mx_puppet_twitter_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }} + {% endif %} + +twitter: + consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}" + consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}" + accessToken: "{{ matrix_mx_puppet_twitter_access_token }}" + accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}" + environment: "{{ matrix_mx_puppet_twitter_environment }}" + server: + url: "{{ matrix_mx_puppet_twitter_webhook_url }}" + path: "{{ matrix_mx_puppet_twitter_webhook_path }}" + +presence: + # Bridge Twitter online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 new file mode 100644 index 000000000..9245f02b2 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -0,0 +1,44 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Twitter server +{% for service in matrix_mx_puppet_twitter_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_mx_puppet_twitter_container_http_host_bind_port %} + -p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \ + {% endif %} + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_twitter_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_twitter_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-twitter + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index d1561757c..f7c15109e 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -8,6 +8,7 @@ url: "{{ corporal_client_api_url_endpoint_public }}" follow_redirects: none return_content: true + check_mode: no register: result_corporal_client_api ignore_errors: true diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index ef314d89b..104019a4e 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -2,7 +2,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false -matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.2" +matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" # The Docker network that Coturn would be put into. diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 21dae4481..37ee0fdda 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -49,8 +49,9 @@ matrix_jitsi_jibri_xmpp_password: '' matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: '' +matrix_jitsi_container_image_tag: "stable-4627-1" -matrix_jitsi_web_docker_image: "jitsi/web:stable-4548-1" +matrix_jitsi_web_docker_image: "jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -96,7 +97,22 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1" +# Jitsi_web Fine Tune default values. +# Useful to manage bandwidth and CPU consumption in server and client side +matrix_jitsi_web_config_disableAudioLevels: false +matrix_jitsi_web_config_enableLayerSuspension: false +matrix_jitsi_web_config_channelLastN: -1 +# If 'matrix_jitsi_web_config_constraints_enabled: false' +# the video constraints will be disabled and will take the default values of jitsi +matrix_jitsi_web_config_constraints_enabled: false +# This settings work if matrix_jitsi_web_config_constraints_enabled: true +# See their definitions in config.js.j2 (templates / web) +matrix_jitsi_web_config_constraints_video_aspectRatio: 16 / 9 +matrix_jitsi_web_config_constraints_video_height_ideal: 720 +matrix_jitsi_web_config_constraints_video_height_max: 720 +matrix_jitsi_web_config_constraints_video_height_min: 240 + +matrix_jitsi_prosody_docker_image: "jitsi/prosody:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -110,7 +126,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4548-1" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -127,7 +143,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: '' -matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4548-1" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" diff --git a/roles/matrix-jitsi/templates/web/config.js.j2 b/roles/matrix-jitsi/templates/web/config.js.j2 index 7e24d30b8..ad0e54102 100644 --- a/roles/matrix-jitsi/templates/web/config.js.j2 +++ b/roles/matrix-jitsi/templates/web/config.js.j2 @@ -81,7 +81,7 @@ var config = { // Audio // Disable measuring of audio levels. - // disableAudioLevels: false, + disableAudioLevels: {{ matrix_jitsi_web_config_disableAudioLevels|to_json }}, // Start the conference in audio only mode (no video is being received nor // sent). @@ -109,24 +109,25 @@ var config = { // util#browser#usesNewGumFlow. The constraints are independency from // this config's resolution value. Defaults to requesting an ideal aspect // ratio of 16:9 with an ideal resolution of 720. - // constraints: { - // video: { - // aspectRatio: 16 / 9, - // height: { - // ideal: 720, - // max: 720, - // min: 240 - // } - // } - // }, - + {% if matrix_jitsi_web_config_constraints_enabled %} + constraints: { + video: { + aspectRatio: {{ matrix_jitsi_web_config_constraints_video_aspectRatio }}, + height: { + ideal: {{ matrix_jitsi_web_config_constraints_video_height_ideal|to_json }}, + max: {{ matrix_jitsi_web_config_constraints_video_height_max|to_json }}, + min: {{ matrix_jitsi_web_config_constraints_video_height_min|to_json }} + } + } + }, + {% endif %} // Enable / disable simulcast support. // disableSimulcast: false, // Enable / disable layer suspension. If enabled, endpoints whose HD // layers are not in use will be suspended (no longer sent) until they // are requested again. - // enableLayerSuspension: false, + enableLayerSuspension: {{ matrix_jitsi_web_config_enableLayerSuspension|to_json }}, // Suspend sending video if bandwidth estimation is too low. This may cause // problems with audio playback. Disabled until these are fixed. @@ -211,7 +212,7 @@ hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, // Misc // Default value for the channel "last N" attribute. -1 for unlimited. - channelLastN: -1, + channelLastN: {{ matrix_jitsi_web_config_channelLastN|to_json }}, // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 64cf7c9a0..822cc9422 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -5,7 +5,9 @@ matrix_ma1sd_enabled: true matrix_ma1sd_container_image_self_build: false -matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.3.0" +matrix_ma1sd_architecture: "amd64" + +matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}" matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}" matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd" diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml index 2e0812630..b8a7faaa3 100644 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml @@ -8,6 +8,7 @@ url: "{{ ma1sd_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" + check_mode: no register: result_ma1sd ignore_errors: true diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index e7a4cfac1..2cf1ef064 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -12,6 +12,7 @@ follow_redirects: none return_content: true validate_certs: "{{ well_known_file_check.validate_certs }}" + check_mode: no register: result_well_known_matrix ignore_errors: true @@ -39,6 +40,7 @@ follow_redirects: "{{ well_known_file_check.follow_redirects }}" return_content: true validate_certs: "{{ well_known_file_check.validate_certs }}" + check_mode: no register: result_well_known_identity ignore_errors: true diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 700e0ec3f..bbf7c0f1d 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.7" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" diff --git a/roles/matrix-riot-web/tasks/self_check_riot_web.yml b/roles/matrix-riot-web/tasks/self_check_riot_web.yml index 1a845b3e5..4c3e2b4bb 100644 --- a/roles/matrix-riot-web/tasks/self_check_riot_web.yml +++ b/roles/matrix-riot-web/tasks/self_check_riot_web.yml @@ -9,6 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}" register: result_riot_web + check_mode: no ignore_errors: true - name: Fail if riot-web not working diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 75357eddb..6fc7eab2c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.16.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" @@ -162,6 +162,11 @@ matrix_synapse_allow_public_rooms_over_federation: false # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# reCAPTCHA API for validating registration attempts +matrix_synapse_enable_registration_captcha: false +matrix_synapse_recaptcha_public_key: '' +matrix_synapse_recaptcha_private_key: '' + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index fc691cc6d..30244d500 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,6 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true + check_mode: no when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 2a716d6b5..57c9e56b1 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,6 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true + check_mode: no when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working diff --git a/roles/matrix-synapse/templates/synapse/env-synapse.j2 b/roles/matrix-synapse/templates/synapse/env-synapse.j2 deleted file mode 100644 index c0f4b647a..000000000 --- a/roles/matrix-synapse/templates/synapse/env-synapse.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#jinja2: lstrip_blocks: "True" -SYNAPSE_CONFIG_PATH=/data/homeserver.yaml -SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 93cf43960..fb432f870 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -288,7 +288,7 @@ listeners: # number of monthly active users. # # 'limit_usage_by_mau' disables/enables monthly active user blocking. When -# anabled and a limit is reached the server returns a 'ResourceLimitError' +# enabled and a limit is reached the server returns a 'ResourceLimitError' # with error type Codes.RESOURCE_LIMIT_EXCEEDED # # 'max_mau_value' is the hard limit of monthly active users above which @@ -934,18 +934,18 @@ url_preview_accept_language: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_public_key: "YOUR_PUBLIC_KEY" +recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|to_json }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_private_key: "YOUR_PRIVATE_KEY" +recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|to_json }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha # public/private key. Defaults to 'false'. # -#enable_registration_captcha: true +enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha|to_json }} # The API endpoint to use for verifying m.login.recaptcha responses. # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify". @@ -1182,7 +1182,11 @@ account_threepid_delegates: #enable_3pid_changes: false # Users who register on this homeserver will automatically be joined -# to these rooms +# to these rooms. +# +# By default, any room aliases included in this list will be created +# as a publicly joinable room when the first user registers for the +# homeserver. This behaviour can be customised with the settings below. # #auto_join_rooms: # - "#example:example.com" @@ -1194,11 +1198,63 @@ auto_join_rooms: # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the # homeserver registers. +# +# By default the auto-created rooms are publicly joinable from any federated +# server. Use the autocreate_auto_join_rooms_federated and +# autocreate_auto_join_room_preset settings below to customise this behaviour. +# # Setting to false means that if the rooms are not manually created, # users cannot be auto-joined since they do not exist. # +# Defaults to true. Uncomment the following line to disable automatically +# creating auto-join rooms. +# autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }} +# Whether the auto_join_rooms that are auto-created are available via +# federation. Only has an effect if autocreate_auto_join_rooms is true. +# +# Note that whether a room is federated cannot be modified after +# creation. +# +# Defaults to true: the room will be joinable from other servers. +# Uncomment the following to prevent users from other homeservers from +# joining these rooms. +# +#autocreate_auto_join_rooms_federated: false + +# The room preset to use when auto-creating one of auto_join_rooms. Only has an +# effect if autocreate_auto_join_rooms is true. +# +# This can be one of "public_chat", "private_chat", or "trusted_private_chat". +# If a value of "private_chat" or "trusted_private_chat" is used then +# auto_join_mxid_localpart must also be configured. +# +# Defaults to "public_chat", meaning that the room is joinable by anyone, including +# federated servers if autocreate_auto_join_rooms_federated is true (the default). +# Uncomment the following to require an invitation to join these rooms. +# +#autocreate_auto_join_room_preset: private_chat + +# The local part of the user id which is used to create auto_join_rooms if +# autocreate_auto_join_rooms is true. If this is not provided then the +# initial user account that registers will be used to create the rooms. +# +# The user id is also used to invite new users to any auto-join rooms which +# are set to invite-only. +# +# It *must* be configured if autocreate_auto_join_room_preset is set to +# "private_chat" or "trusted_private_chat". +# +# Note that this must be specified in order for new users to be correctly +# invited to any auto-join rooms which have been set to invite-only (either +# at the time of creation or subsequently). +# +# Note that, if the room already exists, this user must be joined and +# have the appropriate permissions to invite new members. +# +#auto_join_mxid_localpart: system + # When auto_join_rooms is specified, setting this flag to false prevents # guest accounts from being automatically joined to the rooms. # @@ -1431,7 +1487,7 @@ saml2_config: # The lifetime of a SAML session. This defines how long a user has to # complete the authentication process, if allow_unsolicited is unset. - # The default is 5 minutes. + # The default is 15 minutes. # #saml_session_lifetime: 5m @@ -1516,7 +1572,7 @@ saml2_config: # use an OpenID Connect Provider for authentication, instead of its internal # password database. # -# See https://github.com/matrix-org/synapse/blob/master/openid.md. +# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md. # oidc_config: # Uncomment the following to enable authorization against an OpenID Connect @@ -1960,6 +2016,27 @@ push: # example_stop_events_from: ['@bad:example.com'] spam_checker: {{ matrix_synapse_spam_checker|to_json }} + +## Rooms ## + +# Controls whether locally-created rooms should be end-to-end encrypted by +# default. +# +# Possible options are "all", "invite", and "off". They are defined as: +# +# * "all": any locally-created room +# * "invite": any room created with the "private_chat" or "trusted_private_chat" +# room creation presets +# * "off": this option will take no effect +# +# The default value is "off". +# +# Note that this option will only affect rooms created after it is set. It +# will also not affect rooms created by other servers. +# +#encryption_enabled_by_default_for_room_type: invite + + # Uncomment to allow non-server-admin users to create groups on this server # enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }} diff --git a/setup.yml b/setup.yml index 4831873e2..372664a6e 100755 --- a/setup.yml +++ b/setup.yml @@ -16,8 +16,12 @@ - matrix-bridge-mautrix-hangouts - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp + - matrix-bridge-mx-puppet-discord + - matrix-bridge-mx-puppet-steam - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack + - matrix-bridge-mx-puppet-twitter + - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-synapse - matrix-riot-web