From 10bc85962e4296d706ecadc429f0cafc9793f88f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 16 Jun 2020 13:55:27 +0300 Subject: [PATCH 01/49] Upgrade Synapse (1.15.0 -> 1.15.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 75357eddb..a03740bb8 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 105b3524bb68d4f0cc88674e8b6a910df82b9827 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 16 Jun 2020 19:22:45 +0300 Subject: [PATCH 02/49] Upgrade riot-web (1.6.4 -> 1.6.5) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 700e0ec3f..3e91de12d 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.5" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From d2a0ec6aa925290de3dd3da19b07d050ae9ecf6d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 23 Jun 2020 18:03:58 +0300 Subject: [PATCH 03/49] Upgrade riot-web (1.6.5 -> 1.6.6) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 3e91de12d..f4f4b018a 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.5" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.6" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From c341608480058c5475629f6b8c16add02000fbcc Mon Sep 17 00:00:00 2001 From: Pablo Date: Tue, 23 Jun 2020 19:22:52 -0300 Subject: [PATCH 04/49] Add variables to fine tune jitsi --- roles/matrix-jitsi/defaults/main.yml | 12 ++++++++ roles/matrix-jitsi/templates/web/config.js.j2 | 30 ++++++++++--------- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 21dae4481..71c90bdcc 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -96,6 +96,18 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false +# Jitsi Fine Tune +matrix_jitsi_web_config_disable_AudioLevels: False +matrix_jitsi_web_config_enable_LayerSuspension: False +matrix_jitsi_web_config_channelLastN: -1 +matrix_jitsi_web_config_enable_Video_Constraints: False + +# This settings work if matrix_jitsi_web_config_enable_Video_Constraints: true +matrix_jitsi_web_config_aspectRatio: 16 / 9 +matrix_jitsi_web_config_height_ideal: 720 +matrix_jitsi_web_config_height_max: 720 +matrix_jitsi_web_config_height_min: 240 + matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/templates/web/config.js.j2 b/roles/matrix-jitsi/templates/web/config.js.j2 index 7e24d30b8..6417acd50 100644 --- a/roles/matrix-jitsi/templates/web/config.js.j2 +++ b/roles/matrix-jitsi/templates/web/config.js.j2 @@ -81,7 +81,7 @@ var config = { // Audio // Disable measuring of audio levels. - // disableAudioLevels: false, + disableAudioLevels: {{ matrix_jitsi_web_config_disable_AudioLevels|to_json }}, // Start the conference in audio only mode (no video is being received nor // sent). @@ -109,24 +109,25 @@ var config = { // util#browser#usesNewGumFlow. The constraints are independency from // this config's resolution value. Defaults to requesting an ideal aspect // ratio of 16:9 with an ideal resolution of 720. - // constraints: { - // video: { - // aspectRatio: 16 / 9, - // height: { - // ideal: 720, - // max: 720, - // min: 240 - // } - // } - // }, - + {% if matrix_jitsi_web_config_enable_Video_Constraints %} + constraints: { + video: { + aspectRatio: {{ matrix_jitsi_web_config_aspectRatio }}, + height: { + ideal: {{ matrix_jitsi_web_config_height_ideal|to_json }}, + max: {{ matrix_jitsi_web_config_height_max|to_json }}, + min: {{ matrix_jitsi_web_config_height_min|to_json }} + } + } + }, + {% endif %} // Enable / disable simulcast support. // disableSimulcast: false, // Enable / disable layer suspension. If enabled, endpoints whose HD // layers are not in use will be suspended (no longer sent) until they // are requested again. - // enableLayerSuspension: false, + enableLayerSuspension: {{ matrix_jitsi_web_config_enable_LayerSuspension|to_json }}, // Suspend sending video if bandwidth estimation is too low. This may cause // problems with audio playback. Disabled until these are fixed. @@ -211,7 +212,7 @@ hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, // Misc // Default value for the channel "last N" attribute. -1 for unlimited. - channelLastN: -1, + channelLastN: {{ matrix_jitsi_web_config_channelLastN|to_json }}, // Disables or enables RTX (RFC 4588) (defaults to false). // disableRtx: false, @@ -488,3 +489,4 @@ hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, }; /* eslint-enable no-unused-vars, no-var */ + From 34523476487c96ad4b2a51c4ed1e62b2b2489977 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 24 Jun 2020 09:42:41 +0300 Subject: [PATCH 05/49] Suggest base domain serving in configuring-well-known.md Fixes #545 (Github Issue). --- docs/configuring-well-known.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 21a4343e9..959d3506e 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -48,12 +48,12 @@ If you're managing the base domain by yourself somehow, you'll need to set up se To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them. -You have 2 options when it comes to installing the files on the base domain's server: +You have 3 options when it comes to installing the files on the base domain's server: ### (Option 1): **Copying the files manually** to your base domain's server -**Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible. +**Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible. All you need to do is: @@ -65,7 +65,16 @@ This is relatively easy to do and possibly your only choice if you can only host It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again. -### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server +### (Option 2): **Serving the base domain** from the Matrix server via the playbook + +If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it. + +This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable. + +See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up. + + +### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server This option is less fragile and generally better. From d44541ff6e97b5a61f8cc316b8e385fa184277cc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 24 Jun 2020 10:22:19 +0300 Subject: [PATCH 06/49] Mention matrix_synapse_allow_public_rooms_over_federation in the docs Fixes #502 (Github Issue) --- docs/configuring-playbook-federation.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index ad818ab24..1e4ad61e3 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist: If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below). +## Exposing the room directory over federation + +By default, your server's public rooms directory is not exposed to other servers via federation. + +If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_synapse_allow_public_rooms_over_federation: true +``` + + ## Disabling federation To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): From 5c5f1c6ab96c4af559a272e69c561b34f25f9b15 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 24 Jun 2020 11:38:51 +0300 Subject: [PATCH 07/49] Add support for telling Riot to not default to E2EE Related to https://github.com/vector-im/riot-web/pull/13914 --- roles/matrix-base/defaults/main.yml | 5 +++++ .../templates/static-files/well-known/matrix-client.j2 | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 8a860b1ea..3a147124e 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -56,6 +56,11 @@ matrix_integration_manager_ui_url: ~ # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server matrix_riot_jitsi_preferredDomain: '' +# Controls whether Riot should use End-to-End Encryption by default. +# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE. +# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md +matrix_riot_e2ee_default: true + # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index edbaa62eb..a4c1c4391 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -23,4 +23,9 @@ "preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }} } {% endif %} + {% if not matrix_riot_e2ee_default %}, + "im.vector.riot.e2ee": { + "default": false + } + {% endif %} } From 3527200ac4feaa0986d0ffec80f41afc38a60cee Mon Sep 17 00:00:00 2001 From: Justin Croonenberghs Date: Wed, 24 Jun 2020 16:34:28 -0500 Subject: [PATCH 08/49] Added config hint for SMS verification --- docs/configuring-playbook-ma1sd.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index da9ff21e1..8b392965d 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -72,6 +72,20 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration and put your configuration in it. To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component. +## Example: SMS verification + +If your use case requires mobile verification, it is quite simple to integrate ma1sd with Twilio, an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration: + +```matrix_ma1sd_configuration_extension_yaml: | + threepid: + medium: + msisdn: + connectors: + twilio: + account_sid: '' + auth_token: '' + number: '+' +``` ## Troubleshooting From 25290f780cecc693554ff4cbb96023b4862dc041 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 25 Jun 2020 08:22:12 +0300 Subject: [PATCH 09/49] Link to Twilio --- docs/configuring-playbook-ma1sd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index 8b392965d..cd61fec1c 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -74,7 +74,7 @@ To learn more about how to do this, refer to the information about `matrix_ma1sd ## Example: SMS verification -If your use case requires mobile verification, it is quite simple to integrate ma1sd with Twilio, an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration: +If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration: ```matrix_ma1sd_configuration_extension_yaml: | threepid: From 224c21878efdb24b0a9f6ff09d594673b2c044b9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 25 Jun 2020 08:26:09 +0300 Subject: [PATCH 10/49] Fix code block a bit Related to #549 (Github Pull Request) --- docs/configuring-playbook-ma1sd.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index cd61fec1c..03d1ecded 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -76,7 +76,8 @@ To learn more about how to do this, refer to the information about `matrix_ma1sd If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration: -```matrix_ma1sd_configuration_extension_yaml: | +```yaml +matrix_ma1sd_configuration_extension_yaml: | threepid: medium: msisdn: From 69570de8a9e3e9273a147412a759d07d8b0e9e51 Mon Sep 17 00:00:00 2001 From: Pablo Date: Thu, 25 Jun 2020 11:20:40 -0300 Subject: [PATCH 11/49] Rename variables --- roles/matrix-jitsi/defaults/main.yml | 23 +++++++++++-------- roles/matrix-jitsi/templates/web/config.js.j2 | 15 ++++++------ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 71c90bdcc..d3ce0ac84 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -96,17 +96,20 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -# Jitsi Fine Tune -matrix_jitsi_web_config_disable_AudioLevels: False -matrix_jitsi_web_config_enable_LayerSuspension: False +# Jitsi_web Fine Tune default values. +# Useful to manage bandwidth and CPU consumption in server and client side +matrix_jitsi_web_config_disableAudioLevels: false +matrix_jitsi_web_config_enableLayerSuspension: false matrix_jitsi_web_config_channelLastN: -1 -matrix_jitsi_web_config_enable_Video_Constraints: False - -# This settings work if matrix_jitsi_web_config_enable_Video_Constraints: true -matrix_jitsi_web_config_aspectRatio: 16 / 9 -matrix_jitsi_web_config_height_ideal: 720 -matrix_jitsi_web_config_height_max: 720 -matrix_jitsi_web_config_height_min: 240 +# If 'matrix_jitsi_web_config_constraints_enabled: false' +# the video constraints will be disabled and will take the default values of jitsi +matrix_jitsi_web_config_constraints_enabled: false +# This settings work if matrix_jitsi_web_config_constraints_enabled: true +# See their definitions in config.js.j2 (templates / web) +matrix_jitsi_web_config_constraints_video_aspectRatio: 16 / 9 +matrix_jitsi_web_config_constraints_video_height_ideal: 720 +matrix_jitsi_web_config_constraints_video_height_max: 720 +matrix_jitsi_web_config_constraints_video_height_min: 240 matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/templates/web/config.js.j2 b/roles/matrix-jitsi/templates/web/config.js.j2 index 6417acd50..ad0e54102 100644 --- a/roles/matrix-jitsi/templates/web/config.js.j2 +++ b/roles/matrix-jitsi/templates/web/config.js.j2 @@ -81,7 +81,7 @@ var config = { // Audio // Disable measuring of audio levels. - disableAudioLevels: {{ matrix_jitsi_web_config_disable_AudioLevels|to_json }}, + disableAudioLevels: {{ matrix_jitsi_web_config_disableAudioLevels|to_json }}, // Start the conference in audio only mode (no video is being received nor // sent). @@ -109,14 +109,14 @@ var config = { // util#browser#usesNewGumFlow. The constraints are independency from // this config's resolution value. Defaults to requesting an ideal aspect // ratio of 16:9 with an ideal resolution of 720. - {% if matrix_jitsi_web_config_enable_Video_Constraints %} + {% if matrix_jitsi_web_config_constraints_enabled %} constraints: { video: { - aspectRatio: {{ matrix_jitsi_web_config_aspectRatio }}, + aspectRatio: {{ matrix_jitsi_web_config_constraints_video_aspectRatio }}, height: { - ideal: {{ matrix_jitsi_web_config_height_ideal|to_json }}, - max: {{ matrix_jitsi_web_config_height_max|to_json }}, - min: {{ matrix_jitsi_web_config_height_min|to_json }} + ideal: {{ matrix_jitsi_web_config_constraints_video_height_ideal|to_json }}, + max: {{ matrix_jitsi_web_config_constraints_video_height_max|to_json }}, + min: {{ matrix_jitsi_web_config_constraints_video_height_min|to_json }} } } }, @@ -127,7 +127,7 @@ var config = { // Enable / disable layer suspension. If enabled, endpoints whose HD // layers are not in use will be suspended (no longer sent) until they // are requested again. - enableLayerSuspension: {{ matrix_jitsi_web_config_enable_LayerSuspension|to_json }}, + enableLayerSuspension: {{ matrix_jitsi_web_config_enableLayerSuspension|to_json }}, // Suspend sending video if bandwidth estimation is too low. This may cause // problems with audio playback. Disabled until these are fixed. @@ -489,4 +489,3 @@ hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }}, }; /* eslint-enable no-unused-vars, no-var */ - From 671cd517973e9cb25590a195997ec39ef657d0de Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 26 Jun 2020 15:13:58 +0100 Subject: [PATCH 12/49] Improve the example Traefik config. Use playbook variables instead of textual place-holders for the domain names. --- docs/configuring-playbook-own-webserver.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 4adcd934b..f97f622f7 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments: - '--label "traefik.enable=true"' # The Nginx proxy container will receive traffic from these subdomains - # (Replace DOMAIN with your domain, e.g. example.com) - - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"' + - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"' # (The 'web-secure' entrypoint must bind to port 443 in Traefik config) - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"' @@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments: - '--label "traefik.enable=true"' # The Synapse container will receive traffic from this subdomain - # (Replace DOMAIN with your domain, e.g. example.com) - - '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"' + - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"' # (The 'synapse' entrypoint must bind to port 8448 in Traefik config) - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"' From 0fea35cdd2195f9634c9148dec9783031de73408 Mon Sep 17 00:00:00 2001 From: jdreichmann Date: Sat, 27 Jun 2020 12:40:27 +0200 Subject: [PATCH 13/49] mx-puppet-instagram: add role --- group_vars/matrix_servers | 31 +++++++ .../defaults/main.yml | 86 +++++++++++++++++++ .../tasks/init.yml | 17 ++++ .../tasks/main.yml | 21 +++++ .../tasks/setup_install.yml | 78 +++++++++++++++++ .../tasks/setup_uninstall.yml | 24 ++++++ .../tasks/validate_config.yml | 10 +++ .../templates/config.yaml.j2 | 82 ++++++++++++++++++ .../matrix-mx-puppet-instagram.service.j2 | 41 +++++++++ setup.yml | 1 + 10 files changed, 391 insertions(+) create mode 100644 roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ff69cd8fb..7581d7f44 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -392,6 +392,37 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-instagram +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_instagram_enabled: false + +matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_instagram_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" + +matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" + +matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-instagram +# +###################################################################### + + ###################################################################### # # matrix-corporal diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml new file mode 100644 index 000000000..c7488cbbe --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -0,0 +1,86 @@ +# mx-puppet-instagram bridges instagram DMs +# See: https://github.com/Sorunome/mx-puppet-instagram + +matrix_mx_puppet_instagram_enabled: true + +matrix_mx_puppet_instagram_container_image_self_build: false + +matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest" +matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram" +matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config" +matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data" +matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src" + +matrix_mx_puppet_instagram_appservice_port: "8440" +matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_instagram_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_instagram_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_instagram_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-instagram.service depends on. +matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-instagram.service wants +matrix_mx_puppet_instagram_systemd_wanted_services_list: [] + +matrix_mx_puppet_instagram_appservice_token: '' +matrix_mx_puppet_instagram_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_instagram_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_instagram_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`. + +matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`. +matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_instagram_registration_yaml: | + as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}" + id: instagram-puppet + namespaces: + users: + - exclusive: true + regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _instagrampuppet_bot + url: {{ matrix_mx_puppet_instagram_appservice_address }} + +matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml new file mode 100644 index 000000000..dafa59c07 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -0,0 +1,17 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}" + when: matrix_mx_puppet_instagram_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} + when: matrix_mx_puppet_instagram_enabled|bool + diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml new file mode 100644 index 000000000..d0fe90e4b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml new file mode 100644 index 000000000..d60fbaf24 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -0,0 +1,78 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure mx-puppet-instagram image is pulled + docker_image: + name: "{{ matrix_mx_puppet_instagram_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" + when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + +- name: Ensure mx-puppet-instagram paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } + when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool + +- name: Ensure mx-puppet-instagram repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-instagram.git + dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build" + +- name: Ensure mx-puppet-instagram Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_instagram_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build" + +- name: Ensure mx-puppet-instagram config.yaml installed + copy: + content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-instagram-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-instagram.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + mode: 0644 + register: matrix_mx_puppet_instagram_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_instagram_systemd_service_result.changed" + + diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml new file mode 100644 index 000000000..4b5e67ac8 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-instagram service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + register: matrix_mx_puppet_instagram_service_stat + +- name: Ensure matrix-mx-puppet-instagram is stopped + service: + name: matrix-mx-puppet-instagram + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-instagram.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + state: absent + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml new file mode 100644 index 000000000..b6d9d994e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_instagram_appservice_token" + - "matrix_mx_puppet_instagram_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 new file mode 100644 index 000000000..634fbaecd --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -0,0 +1,82 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_instagram_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_instagram_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }} + {% if matrix_mx_puppet_instagram_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }} + {% endif %} + +presence: + # Bridge Instagram online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 new file mode 100644 index 000000000..4c4b74a58 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix mx-puppet-instagram bridge +{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_instagram_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_instagram_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-instagram + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 4831873e2..247950d4c 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack + - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-synapse - matrix-riot-web From f7ea5705f1fd5a29001a2a1f5963955d792e8950 Mon Sep 17 00:00:00 2001 From: Pablo Date: Sat, 27 Jun 2020 16:54:30 -0300 Subject: [PATCH 14/49] =?UTF-8?q?Agrego=20documentaci=C3=B3n=20de=20las=20?= =?UTF-8?q?variables=20de=20ajuste=20fino=20(Fine=20tune)=20de=20Jitsi.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/configuring-playbook-jitsi.md | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 21a440f64..2a25fb02a 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -81,6 +81,47 @@ matrix_jitsi_jvb_container_extra_arguments: - '--env "DOCKER_HOST_ADDRESS="' ``` +## (Optional) Fine tune Jitsi + +You may want to suspend unused video layers until they are requested again, to save up resources on both server and clients. +Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/) +For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_enableLayerSuspension: true +``` + +You may wish to disable audio levels to avoid excessive refresh of the client-side page and decrease the CPU consumption involved. +For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_disableAudioLevels: true +``` + +You may want to limit the number of video feeds forwarded to each client, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes. +This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4). +Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf) +For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_channelLastN: 4 +``` + +To enable the variables that allow you to manage the video configuration you must add the following line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_constraints_enabled: true +``` + +You may want to limit the maximum video resolution, to save up resources on both server and clients. +For example, to set resolution to 480. +For this add this two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +```yaml +matrix_jitsi_web_config_constraints_video_height_ideal: 480 +matrix_jitsi_web_config_constraints_video_height_max: 480 +``` + ## Apply changes Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` From 19b9a1b16c9af0e1409794a1eb4f5d0f604351f2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 28 Jun 2020 09:01:48 +0300 Subject: [PATCH 15/49] Expose mautrix-hangouts port if matrix-nginx-proxy is disabled --- group_vars/matrix_servers | 2 ++ roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 5 +++++ .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 3 +++ roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ff69cd8fb..914d53c85 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -232,6 +232,8 @@ matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" +matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" + matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" ###################################################################### diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 31f4fe985..8430527af 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -20,6 +20,11 @@ matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' +# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. +matrix_mautrix_hangouts_container_http_host_bind_port: '' + # A list of extra arguments to pass to the container matrix_mautrix_hangouts_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index f33aff632..dc6ffda06 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -30,6 +30,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_mautrix_hangouts_container_http_host_bind_port %} + -p {{ matrix_mautrix_hangouts_container_http_host_bind_port }}:8080 \ + {% endif %} -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ {% for arg in matrix_mautrix_hangouts_container_extra_arguments %} diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index d3990b688..36b146089 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -26,7 +26,7 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}' -# Controls whether the matrix-telegram container exposes its HTTP port (tcp/8080 in the container). +# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. matrix_mautrix_telegram_container_http_host_bind_port: '' From 2073cd6caecdc8258d6f383f2a0e33da6b0e329e Mon Sep 17 00:00:00 2001 From: jdreichmann Date: Sun, 28 Jun 2020 10:40:14 +0200 Subject: [PATCH 16/49] mx-puppet-instagram: change tokens appservice<>homeserver in order to not collide with mx-puppet-slack --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7581d7f44..eb9f415a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -410,9 +410,9 @@ matrix_mx_puppet_instagram_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" +matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" -matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" +matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" From ad05c7f758b4eefea9337dca5951539e55b7352e Mon Sep 17 00:00:00 2001 From: jdreichmann Date: Sun, 28 Jun 2020 10:46:39 +0200 Subject: [PATCH 17/49] mx-puppet-instagram: add documentation on how to setup & use the bridge --- README.md | 2 ++ ...ing-playbook-bridge-mx-puppet-instagram.md | 36 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-instagram.md diff --git a/README.md b/README.md index a5ec78d3b..154d3bfca 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms diff --git a/docs/configuring-playbook-bridge-mx-puppet-instagram.md b/docs/configuring-playbook-bridge-mx-puppet-instagram.md new file mode 100644 index 000000000..3dad98449 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-instagram.md @@ -0,0 +1,36 @@ +# Setting up mx-puppet-instagram (optional) + +The playbook can install and configure +[mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you. + +This allows you to bridge Instagram DirectMessages into Matrix. + +To enable the [Instagram](https://www.instagram.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_instagram_enabled: true +``` + + +## Usage + +Once the bot is enabled, you need to start a chat with `Instagram Puppet Bridge` with +the handle `@_instagrampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Send `link ` to the bridge bot to link your instagram account. + +The `list` commands shows which accounts are linked and which `puppetId` is associated. + +For double-puppeting, you probably want to issue these commands: + +- `settype $puppetId puppet` to enable puppeting for the link (instead of relaying) +- `setautoinvite $puppetId 1` to automatically invite you to chats +- `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting) + +If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out. + +The `help` command shows which commands are available, though at the time of writing, not every command is fully implemented. + From 4cf59098adafe1227eb4249d4d12efda0102f9b5 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sun, 28 Jun 2020 21:47:19 +0200 Subject: [PATCH 18/49] Update ma1sd to v2.4.0 --- roles/matrix-ma1sd/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 64cf7c9a0..9e21d862d 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -5,7 +5,7 @@ matrix_ma1sd_enabled: true matrix_ma1sd_container_image_self_build: false -matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.3.0" +matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0" matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}" matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd" From 0162fe31d151ca5a82555ffb5e5465df3d88a19e Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sun, 28 Jun 2020 21:47:39 +0200 Subject: [PATCH 19/49] Re-enable ma1sd user directory search --- CHANGELOG.md | 12 ++++++++++++ group_vars/matrix_servers | 5 +---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 799ac45e4..41a781dcd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +# 2020-06-28 + +## (Post Mortem / fixed Security Issue) Re-enabling User Directory search powered by the ma1sd Identity Server + +User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database. + +ma1sd's [security issue](https://github.com/ma1uta/ma1sd/issues/44) has been fixed in version `2.4.0`, with [this commit](ma1uta/ma1sd@2bb5a734d11662b06471113cf3d6b4cee5e33a85). `ma1sd 2.4.0` is now the default version for this playbook. For more information on what happened, please check the mentioned issue. + +We are re-enabling user directory search with this update. Those who would like to keep it disabled can use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false` + +As always, re-running the playbook is enough to get the updated bits. + # 2020-06-11 ## SMS bridging requires db reset diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 914d53c85..85dab4dd2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -646,10 +646,7 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" -# Not proxying the user directory search to the identity server by default anymore, -# because it currently leaks data. -# See: https://github.com/ma1uta/ma1sd/issues/44 -matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false +matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" From 784cb3e325b1a96a2717b719b360aa709c0f43dd Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sun, 28 Jun 2020 22:00:08 +0200 Subject: [PATCH 20/49] Update Jitsi to stable-4627-1 --- roles/matrix-jitsi/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index d3ce0ac84..531a9d37c 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -50,7 +50,7 @@ matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: '' -matrix_jitsi_web_docker_image: "jitsi/web:stable-4548-1" +matrix_jitsi_web_docker_image: "jitsi/web:stable-4627-1" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -111,7 +111,7 @@ matrix_jitsi_web_config_constraints_video_height_ideal: 720 matrix_jitsi_web_config_constraints_video_height_max: 720 matrix_jitsi_web_config_constraints_video_height_min: 240 -matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4627-1" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -125,7 +125,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4548-1" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4627-1" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -142,7 +142,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: '' -matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4548-1" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4627-1" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" From 635f385971779c3b927edc731c89ce0a543da1af Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 29 Jun 2020 14:53:23 +0300 Subject: [PATCH 21/49] Use pre-built arm64 image for ma1sd ma1sd 2.4.0 announced experimental support for arm64. We're making use of those arm64 images instead of self-building. --- group_vars/matrix_servers | 12 +++++++++++- roles/matrix-ma1sd/defaults/main.yml | 4 +++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 85dab4dd2..155dd8bc3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -564,7 +564,17 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. matrix_ma1sd_enabled: true -matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +# There's no prebuilt ma1sd image for the `arm32` architecture. +# We're relying on self-building there. +matrix_ma1sd_architecture: "{{ + { + 'amd64': 'amd64', + 'arm32': 'arm32', + 'arm64': 'arm64', + }[matrix_architecture] +}}" + +matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 9e21d862d..822cc9422 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -5,7 +5,9 @@ matrix_ma1sd_enabled: true matrix_ma1sd_container_image_self_build: false -matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0" +matrix_ma1sd_architecture: "amd64" + +matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}" matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}" matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd" From de545f9c5f2e081e64df2048721170f482f5018c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 29 Jun 2020 14:58:03 +0300 Subject: [PATCH 22/49] Update docs on self-building and remove useless variable `matrix_container_images_self_build` was not really doing anything anymore. It previously was influencing `matrix_*_self_build` variables, but it's no longer the case since some time ago. Individual `matrix_*_self_build` variables are still available. People that would like to toggle self-building for a specific component ought to use those. These variables are also controlled automatically (via `group_vars/matrix_servers`) depending on `matrix_architecture`. In other words, self-building is being done automatically for all components when they don't have a prebuilt image for the specified architecture. Some components only support `amd64`, while others also have images for other architectures. --- docs/alternative-architectures.md | 9 +++------ docs/self-building.md | 19 ++++++++++--------- roles/matrix-base/defaults/main.yml | 4 ---- 3 files changed, 13 insertions(+), 19 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 4ca9646e3..7a3e35eb3 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -1,6 +1,6 @@ # Alternative architectures -As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. +As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. To that end add the following variable to your `vars.yaml` file: @@ -21,9 +21,6 @@ matrix_architecture: "arm32" ## Implementation details -This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection. +For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture). -On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: -- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well -- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well -- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling. +For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. diff --git a/docs/self-building.md b/docs/self-building.md index e49120903..8413fb5e7 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -2,22 +2,23 @@ **Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.** -The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd). +The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required. -To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: -```yaml -matrix_container_images_self_build: true -``` -Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well. +For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building). +To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image. + +Note that **not all components support self-building yet**. List of roles where self-building the Docker image is currently possible: - `matrix-synapse` - `matrix-riot-web` - `matrix-coturn` - `matrix-ma1sd` - `matrix-mailer` -- `matrix-mautrix-facebook` -- `matrix-mautrix-hangouts` -- `matrix-mx-puppet-skype` +- `matrix-bridge-mautrix-facebook` +- `matrix-bridge-mautrix-hangouts` +- `matrix-bridge-mx-puppet-skype` Adding self-building support to other roles is welcome. Feel free to contribute! + +If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles. diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 3a147124e..804da22cc 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -99,7 +99,3 @@ run_setup: true run_self_check: true run_start: true run_stop: true - -# Building every docker image from source on the target host -# Controlling docker image build is possible on a per unit base -matrix_container_images_self_build: false From 13186a1ddcdee7db05d01ef8d780f105e9aa6a06 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Mon, 29 Jun 2020 15:28:43 +0300 Subject: [PATCH 23/49] Add mx-puppet-twitter Signed-off-by: Tulir Asokan --- README.md | 2 + ...uring-playbook-bridge-mx-puppet-twitter.md | 34 ++++++ group_vars/matrix_servers | 30 +++++ .../defaults/main.yml | 103 ++++++++++++++++++ .../tasks/init.yml | 70 ++++++++++++ .../tasks/main.yml | 21 ++++ .../tasks/setup_install.yml | 93 ++++++++++++++++ .../tasks/setup_uninstall.yml | 24 ++++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 92 ++++++++++++++++ .../matrix-mx-puppet-twitter.service.j2 | 44 ++++++++ setup.yml | 1 + 12 files changed, 524 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-twitter.md create mode 100644 roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 diff --git a/README.md b/README.md index a5ec78d3b..fcee4d2da 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,8 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional) +- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional) + - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) diff --git a/docs/configuring-playbook-bridge-mx-puppet-twitter.md b/docs/configuring-playbook-bridge-mx-puppet-twitter.md new file mode 100644 index 000000000..dd2c9c120 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Twitter (optional) + +The playbook can install and configure +[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Twitter](https://twitter.com) bridge, make an app on [developer.twitter.com](https://developer.twitter.com/en/apps) +and fill out the following playbook configuration. + +```yaml +matrix_mx_puppet_twitter_enabled: true +matrix_mx_puppet_twitter_consumer_key: '' +matrix_mx_puppet_twitter_consumer_secret: '' +matrix_mx_puppet_twitter_access_token: '' +matrix_mx_puppet_twitter_access_token_secret: '' +matrix_mx_puppet_twitter_environment: '' +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Twitter Puppet Bridge` with +the handle `@_twitterpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +To log in, use `link` and click the link. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 85dab4dd2..275601da3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -393,6 +393,36 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov # ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-twitter +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_twitter_enabled: false + +matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_twitter_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" + +matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" + +matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-twitter +# +###################################################################### + ###################################################################### # diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml new file mode 100644 index 000000000..edf15a6d8 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -0,0 +1,103 @@ +# Mx Puppet Twitter is a Matrix <-> Twitter bridge +# See: https://github.com/Sorunome/mx-puppet-twitter + +matrix_mx_puppet_twitter_enabled: true + +matrix_mx_puppet_twitter_container_image_self_build: false + +# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_twitter_container_http_host_bind_port: '' + +matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest" +matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter" +matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config" +matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data" +matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src" + +matrix_mx_puppet_twitter_appservice_port: "8432" + +matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}' + +matrix_mx_puppet_twitter_consumer_key: '' +matrix_mx_puppet_twitter_consumer_secret: '' +matrix_mx_puppet_twitter_access_token: '' +matrix_mx_puppet_twitter_access_token_secret: '' +matrix_mx_puppet_twitter_environment: '' +matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook' +matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_twitter_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_twitter_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_twitter_container_extra_arguments: [] + +# List of systemd services that mx-puppet-twitter.service depends on. +matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service'] + +# List of systemd services that mx-puppet-twitter.service wants +matrix_mx_puppet_twitter_systemd_wanted_services_list: [] + +matrix_mx_puppet_twitter_appservice_token: '' +matrix_mx_puppet_twitter_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_twitter_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_twitter_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`. + +matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`. +matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" + +# The prefix for user IDs and aliases +matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ + +matrix_mx_puppet_twitter_registration_yaml: | + as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}" + id: twitter-puppet + namespaces: + users: + - exclusive: true + regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _twitterpuppet_bot + url: {{ matrix_mx_puppet_twitter_appservice_address }} + +matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml new file mode 100644 index 000000000..8f4aca6c6 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -0,0 +1,70 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}" + when: matrix_mx_puppet_twitter_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} + when: matrix_mx_puppet_twitter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your plabook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } + + - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_mx_puppet_twitter_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` + URL endpoint to the matrix-mx-puppet-twitter container. + You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml new file mode 100644 index 000000000..af355df36 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml new file mode 100644 index 000000000..4773055d7 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Twitter image is pulled + docker_image: + name: "{{ matrix_mx_puppet_twitter_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" + when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + +- name: Ensure MX Puppet Twitter paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } + when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Twitter repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-twitter.git + dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + +- name: Ensure MX Puppet Twitter Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_twitter_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db" + register: matrix_mx_puppet_twitter_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped + service: + name: matrix-mx-puppet-twitter + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_twitter_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory + command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db" + when: "matrix_mx_puppet_twitter_stat_database.stat.exists" + +- name: Ensure mx-puppet-twitter config.yaml installed + copy: + content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-twitter twitter-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-twitter.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + mode: 0644 + register: matrix_mx_puppet_twitter_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_twitter_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1d663531b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-twitter service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + register: matrix_mx_puppet_twitter_service_stat + +- name: Ensure matrix-mx-puppet-twitter is stopped + service: + name: matrix-mx-puppet-twitter + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-twitter.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + state: absent + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml new file mode 100644 index 000000000..d13a39e1e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_twitter_appservice_token" + - "matrix_mx_puppet_twitter_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 new file mode 100644 index 000000000..7d3033b39 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -0,0 +1,92 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_twitter_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_twitter_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }} + {% if matrix_mx_puppet_twitter_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }} + {% endif %} + +twitter: + consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}" + consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}" + accessToken: "{{ matrix_mx_puppet_twitter_access_token }}" + accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}" + environment: "{{ matrix_mx_puppet_twitter_environment }}" + server: + url: "{{ matrix_mx_puppet_twitter_webhook_url }}" + path: "{{ matrix_mx_puppet_twitter_webhook_path }}" + +presence: + # Bridge Twitter online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 new file mode 100644 index 000000000..9245f02b2 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -0,0 +1,44 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Twitter server +{% for service in matrix_mx_puppet_twitter_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_mx_puppet_twitter_container_http_host_bind_port %} + -p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \ + {% endif %} + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_twitter_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_twitter_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-twitter + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 4831873e2..056e76de8 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack + - matrix-bridge-mx-puppet-twitter - matrix-bridge-sms - matrix-synapse - matrix-riot-web From 5b960bcfb53d4a83d01ea774b45736885f1d4f18 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Mon, 29 Jun 2020 18:04:40 +0300 Subject: [PATCH 24/49] Make sender_localpart configurable for mx-puppet-twitter --- roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index edf15a6d8..8299fd81f 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -82,6 +82,7 @@ matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configurati # The prefix for user IDs and aliases matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ +matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot matrix_mx_puppet_twitter_registration_yaml: | as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}" @@ -97,7 +98,7 @@ matrix_mx_puppet_twitter_registration_yaml: | regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' protocols: [] rate_limited: false - sender_localpart: _twitterpuppet_bot + sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}" url: {{ matrix_mx_puppet_twitter_appservice_address }} matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" From f41c5e89e592e6423c92625f814afb3824a94306 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 29 Jun 2020 18:41:06 +0300 Subject: [PATCH 25/49] Upgrade riot-web (1.6.6 -> 1.6.7) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index f4f4b018a..bbf7c0f1d 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.6" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.7" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 8b59402f7918228a1bd583cad96ae77a38f0523c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 30 Jun 2020 14:28:41 +0300 Subject: [PATCH 26/49] Upgrade Coturn (4.5.1.2 -> 4.5.1.3) 4.5.1.3 fixes a security vulnerability: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index ef314d89b..104019a4e 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -2,7 +2,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false -matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.2" +matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" # The Docker network that Coturn would be put into. From 9686a0fc5b4271a7a992354ff301481e1a6c8440 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 30 Jun 2020 17:39:19 +0300 Subject: [PATCH 27/49] Expose mx-puppet-twitter port when matrix-nginx-proxy disabled --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index becbdf672..68e5487be 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -417,6 +417,8 @@ matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_ke matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" +matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}" + ###################################################################### # # /matrix-bridge-mx-puppet-twitter From b5bed60e6b0fd459d2010d4b9073e20e42680e92 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 30 Jun 2020 17:51:56 +0300 Subject: [PATCH 28/49] Announce mx-puppet-instagram and mx-puppet-twitter support Related to #551 and #555 (Github Pull Requests). --- CHANGELOG.md | 9 +++++++++ README.md | 4 ++++ docs/configuring-playbook.md | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41a781dcd..55466e916 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2020-06-30 + +## Instagram and Twitter bridging support + +Thanks to [Johanna Dorothea Reichmann](https://github.com/jdreichmann)'s efforts, the playbook now supports bridging to [Instagram](https://www.instagram.com/) via the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge. See our [Setting up MX Puppet Instagram bridging](docs/configuring-playbook-bridge-mx-puppet-instagram.md) documentation page for getting started. + +Thanks to [Tulir Asokan](https://github.com/tulir)'s efforts, the playbook now supports bridging to [Twitter](https://twitter.com/) via the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge. See our [Setting up MX Puppet Twitter bridging](docs/configuring-playbook-bridge-mx-puppet-twitter.md) documentation page for getting started. + + # 2020-06-28 ## (Post Mortem / fixed Security Issue) Re-enabling User Directory search powered by the ma1sd Identity Server diff --git a/README.md b/README.md index a0353c527..cea399f5c 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation +- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms @@ -154,6 +156,8 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional) +- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional) + - [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional) - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 208db5bb0..ed15cd9f5 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -101,6 +101,10 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) +- [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (optional) + +- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional) From 42e7f5e9bcb9810bf57afb226998cc9af76e6b46 Mon Sep 17 00:00:00 2001 From: Hugues Morisset Date: Thu, 11 Jun 2020 17:54:36 +0200 Subject: [PATCH 29/49] Add mx-puppet-discord --- README.md | 2 + ...uring-playbook-bridge-mx-puppet-discord.md | 34 +++++ group_vars/matrix_servers | 30 ++++ .../defaults/main.yml | 95 ++++++++++++ .../tasks/init.yml | 23 +++ .../tasks/main.yml | 21 +++ .../tasks/setup_install.yml | 93 ++++++++++++ .../tasks/setup_uninstall.yml | 24 +++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 138 ++++++++++++++++++ .../matrix-mx-puppet-discord.service.j2 | 41 ++++++ setup.yml | 1 + 12 files changed, 512 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-discord.md create mode 100644 roles/matrix-bridge-mx-puppet-discord/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 diff --git a/README.md b/README.md index cea399f5c..9bbfb9648 100644 --- a/README.md +++ b/README.md @@ -160,6 +160,8 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional) +- [pneumaticat/mx-puppet-discord](https://hub.docker.com/r/pneumaticat/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Disocrd](https:/discordapp.com) (optional) + - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md new file mode 100644 index 000000000..11ca8be65 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Discord (optional) + +The playbook can install and configure +[mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Discord](https://discordapp.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_discord_enabled: true +matrix_mx_puppet_discord_client_id: "" +matrix_mx_puppet_discord_client_secret: "" +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Discord Puppet Bridge` with +the handle `@_discordpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Three authentication methods are available, Legacy Token, OAuth and xoxc token. +See mx-puppet-discord [documentation](https://github.com/matrix-discord/mx-puppet-discord) +for more information about how to configure the bridge. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 68e5487be..1b9d9dfc5 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -456,6 +456,36 @@ matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_ # ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-discord +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_discord_enabled: false + +matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}" + +matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}" + +matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-discord +# +###################################################################### + ###################################################################### # diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml new file mode 100644 index 000000000..cf7b13bea --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -0,0 +1,95 @@ +# Mx Puppet Discord is a Matrix <-> Discord bridge +# See: https://github.com/matrix-discord/mx-puppet-discord + +matrix_mx_puppet_discord_enabled: true + +matrix_mx_puppet_discord_container_image_self_build: false + +# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_discord_container_http_host_bind_port: '' + +matrix_mx_puppet_discord_docker_image: "pneumaticat/mx-puppet-discord:latest" +matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord" +matrix_mx_puppet_discord_config_path: "{{ matrix_mx_puppet_discord_base_path }}/config" +matrix_mx_puppet_discord_data_path: "{{ matrix_mx_puppet_discord_base_path }}/data" +matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_base_path }}/docker-src" + +matrix_mx_puppet_discord_appservice_port: "8432" + +matrix_mx_puppet_discord_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' + +matrix_mx_puppet_discord_client_id: '' +matrix_mx_puppet_discord_client_secret: '' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_discord_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_discord_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_discord_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-discord.service depends on. +matrix_mx_puppet_discord_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-discord.service wants +matrix_mx_puppet_discord_systemd_wanted_services_list: [] + +matrix_mx_puppet_discord_appservice_token: '' +matrix_mx_puppet_discord_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_discord_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_discord_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_discord_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_discord_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_discord_configuration_yaml`. + +matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`. +matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_discord_registration_yaml: | + as_token: "{{ matrix_mx_puppet_discord_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_discord_homeserver_token }}" + id: discord-puppet + namespaces: + users: + - exclusive: true + regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _discordpuppet_bot + url: {{ matrix_mx_puppet_discord_appservice_address }} + +matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml new file mode 100644 index 000000000..5d461931b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -0,0 +1,23 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}" + when: matrix_mx_puppet_discord_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} + when: matrix_mx_puppet_discord_enabled|bool + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml new file mode 100644 index 000000000..3ca32335c --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-discord + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-discord + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml new file mode 100644 index 000000000..e1aef147e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Discord image is pulled + docker_image: + name: "{{ matrix_mx_puppet_discord_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" + when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + +- name: Ensure MX Puppet Discord paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" } + when: matrix_mx_puppet_discord_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Discord repository is present on self build + git: + repo: https://github.com/matrix-discord/mx-puppet-discord.git + dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" + +- name: Ensure MX Puppet Discord Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_discord_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_discord_base_path }}/database.db" + register: matrix_mx_puppet_discord_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped + service: + name: matrix-mx-puppet-discord + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_discord_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-discord database file to ./data directory + command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" + when: "matrix_mx_puppet_discord_stat_database.stat.exists" + +- name: Ensure mx-puppet-discord config.yaml installed + copy: + content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-discord discord-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-discord.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-discord.service" + mode: 0644 + register: matrix_mx_puppet_discord_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_discord_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml new file mode 100644 index 000000000..b5b83c98f --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-discord service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-discord.service" + register: matrix_mx_puppet_discord_service_stat + +- name: Ensure matrix-mx-puppet-discord is stopped + service: + name: matrix-mx-puppet-discord + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_discord_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-discord.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-discord.service" + state: absent + when: "matrix_mx_puppet_discord_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml new file mode 100644 index 000000000..c253eda29 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_discord_appservice_token" + - "matrix_mx_puppet_discord_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 new file mode 100644 index 000000000..2c7037961 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -0,0 +1,138 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_discord_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_discord_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }} + {% if matrix_mx_puppet_discord_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }} + {% endif %} + # Display name of the bridge bot + displayname: Discord Puppet Bridge + # Optionally specify a different media URL used for the media store + # + # This is where Discord will download user profile pictures and media + # from + #mediaUrl: https://external-url.org + +presence: + # Bridge Discord online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} + +relay: + # Regex of Matrix IDs who are allowed to use the bridge in relay mode. + # Relay mode is when a single Discord bot account relays messages of + # multiple Matrix users + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} + +selfService: + # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} + +# Override the default name patterns for users, rooms and groups +# +# Variable names must be prefixed with a ':' +namePatterns: + # The default displayname for a bridged user + # + # Available variables: + # + # name: username of the user + # discriminator: hashtag of the user (ex. #1234) + user: :name + + # A user's guild-specific displayname - if they've set a custom nick in + # a guild + # + # Available variables: + # + # name: username of the user + # discriminator: hashtag of the user (ex. #1234) + # displayname: the user's custom group-specific nick + # channel: the name of the channel + # guild: the name of the guild + userOverride: :name + + # Room names for bridged Discord channels + # + # Available variables: + # + # name: name of the channel + # guild: name of the guild + room: :name + + # Group names for bridged Discord servers + # + # Available variables: + # + # name: name of the guide + group: :name + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 new file mode 100644 index 000000000..e26128eff --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Discord server +{% for service in matrix_mx_puppet_discord_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_discord_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_discord_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_discord_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_discord_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_discord_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-discord + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index d9a896ccf..923190362 100755 --- a/setup.yml +++ b/setup.yml @@ -16,6 +16,7 @@ - matrix-bridge-mautrix-hangouts - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp + - matrix-bridge-mx-puppet-discord - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack - matrix-bridge-mx-puppet-twitter From eb0df37247dd0b56d9719999806429146f066f56 Mon Sep 17 00:00:00 2001 From: Hugues Morisset Date: Wed, 1 Jul 2020 10:18:29 +0200 Subject: [PATCH 30/49] Mx-puppet-discord Use official docker image https://github.com/matrix-discord/mx-puppet-discord/issues/80 Thanks Sorunome for setting up the automated build --- README.md | 2 +- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9bbfb9648..c78fd2e60 100644 --- a/README.md +++ b/README.md @@ -160,7 +160,7 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional) -- [pneumaticat/mx-puppet-discord](https://hub.docker.com/r/pneumaticat/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Disocrd](https:/discordapp.com) (optional) +- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https:/discordapp.com) (optional) - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index cf7b13bea..12c597d46 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mx_puppet_discord_container_image_self_build: false # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_docker_image: "pneumaticat/mx-puppet-discord:latest" +matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord" From 76352bcbd8a3a8c4df4d06555589e877b1484959 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Jul 2020 19:01:14 +0300 Subject: [PATCH 31/49] Announce mx-puppet-discord bridging support Related to #540 (Github Pull Request). --- CHANGELOG.md | 9 +++++++++ README.md | 4 +++- docs/configuring-playbook-bridge-appservice-discord.md | 2 ++ docs/configuring-playbook-bridge-mx-puppet-discord.md | 2 ++ docs/configuring-playbook.md | 2 ++ 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 55466e916..e7c7c7105 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2020-07-01 + +## Discord bridging support via mx-puppet-discord + +Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge. See our [Setting up MX Puppet Discord bridging](docs/configuring-playbook-bridge-mx-puppet-discord.md) documentation page for getting started. + +**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md). You're free too use the bridge that serves you better, or even both (for different users and use-cases). + + # 2020-06-30 ## Instagram and Twitter bridging support diff --git a/README.md b/README.md index c78fd2e60..765754d1e 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,9 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation -- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation +- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation + +- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 96f8377e4..3e98d69e9 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,5 +1,7 @@ # Setting up Appservice Discord (optional) +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook. + The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. See the project's [documentation](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/README.md) to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 11ca8be65..7a3e986c7 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,5 +1,7 @@ # Setting up MX Puppet Discord (optional) +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook. + The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index ed15cd9f5..9265cc8d9 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -105,6 +105,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (optional) +- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional) From 57f498217a15b351936eaf4d0980094c33886ddc Mon Sep 17 00:00:00 2001 From: Hugues Morisset Date: Wed, 1 Jul 2020 13:46:58 +0200 Subject: [PATCH 32/49] Add mx-puppet-steam --- README.md | 2 + ...iguring-playbook-bridge-mx-puppet-steam.md | 34 +++++++ group_vars/matrix_servers | 29 ++++++ .../defaults/main.yml | 95 ++++++++++++++++++ .../tasks/init.yml | 23 +++++ .../tasks/main.yml | 21 ++++ .../tasks/setup_install.yml | 93 +++++++++++++++++ .../tasks/setup_uninstall.yml | 24 +++++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 99 +++++++++++++++++++ .../systemd/matrix-mx-puppet-steam.service.j2 | 41 ++++++++ setup.yml | 1 + 12 files changed, 472 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-steam.md create mode 100644 roles/matrix-bridge-mx-puppet-steam/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 diff --git a/README.md b/README.md index 765754d1e..db2b1c309 100644 --- a/README.md +++ b/README.md @@ -164,6 +164,8 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https:/discordapp.com) (optional) +- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional) + - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) diff --git a/docs/configuring-playbook-bridge-mx-puppet-steam.md b/docs/configuring-playbook-bridge-mx-puppet-steam.md new file mode 100644 index 000000000..ab4929212 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Steam (optional) + +The playbook can install and configure +[mx-puppet-steam](https://github.com/matrix-steam/mx-puppet-steam) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Steam](https://steamapp.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_steam_enabled: true +matrix_mx_puppet_steam_client_id: "" +matrix_mx_puppet_steam_client_secret: "" +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Steam Puppet Bridge` with +the handle `@_steampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Three authentication methods are available, Legacy Token, OAuth and xoxc token. +See mx-puppet-steam [documentation](https://github.com/matrix-steam/mx-puppet-steam) +for more information about how to configure the bridge. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1b9d9dfc5..b8af1894f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -486,6 +486,35 @@ matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_pr # ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-steam +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_steam_enabled: false + +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_steam_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}" + +matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}" + +matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-steam +# +###################################################################### ###################################################################### # diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml new file mode 100644 index 000000000..bea26d394 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -0,0 +1,95 @@ +# Mx Puppet Steam is a Matrix <-> Steam bridge +# See: https://github.com/matrix-steam/mx-puppet-steam + +matrix_mx_puppet_steam_enabled: true + +matrix_mx_puppet_steam_container_image_self_build: false + +# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_steam_container_http_host_bind_port: '' + +matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest" +matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam" +matrix_mx_puppet_steam_config_path: "{{ matrix_mx_puppet_steam_base_path }}/config" +matrix_mx_puppet_steam_data_path: "{{ matrix_mx_puppet_steam_base_path }}/data" +matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_path }}/docker-src" + +matrix_mx_puppet_steam_appservice_port: "8432" + +matrix_mx_puppet_steam_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}' + +matrix_mx_puppet_steam_client_id: '' +matrix_mx_puppet_steam_client_secret: '' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_steam_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_steam_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_steam_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-steam.service depends on. +matrix_mx_puppet_steam_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-steam.service wants +matrix_mx_puppet_steam_systemd_wanted_services_list: [] + +matrix_mx_puppet_steam_appservice_token: '' +matrix_mx_puppet_steam_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_steam_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_steam_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_steam_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_steam_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_steam_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_steam_configuration_yaml`. + +matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`. +matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_steam_registration_yaml: | + as_token: "{{ matrix_mx_puppet_steam_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_steam_homeserver_token }}" + id: steam-puppet + namespaces: + users: + - exclusive: true + regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _steampuppet_bot + url: {{ matrix_mx_puppet_steam_appservice_address }} + +matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml new file mode 100644 index 000000000..60b660746 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -0,0 +1,23 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}" + when: matrix_mx_puppet_steam_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} + when: matrix_mx_puppet_steam_enabled|bool + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml new file mode 100644 index 000000000..cd6bb1477 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-steam + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-steam + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml new file mode 100644 index 000000000..3a2fa7628 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Steam image is pulled + docker_image: + name: "{{ matrix_mx_puppet_steam_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" + when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + +- name: Ensure MX Puppet Steam paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" } + when: matrix_mx_puppet_steam_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Steam repository is present on self build + git: + repo: https://github.com/matrix-steam/mx-puppet-steam.git + dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" + +- name: Ensure MX Puppet Steam Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_steam_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_steam_base_path }}/database.db" + register: matrix_mx_puppet_steam_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped + service: + name: matrix-mx-puppet-steam + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_steam_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-steam database file to ./data directory + command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db" + when: "matrix_mx_puppet_steam_stat_database.stat.exists" + +- name: Ensure mx-puppet-steam config.yaml installed + copy: + content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-steam steam-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-steam.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-steam.service" + mode: 0644 + register: matrix_mx_puppet_steam_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_steam_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1ee95eb33 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-steam service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-steam.service" + register: matrix_mx_puppet_steam_service_stat + +- name: Ensure matrix-mx-puppet-steam is stopped + service: + name: matrix-mx-puppet-steam + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_steam_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-steam.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-steam.service" + state: absent + when: "matrix_mx_puppet_steam_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml new file mode 100644 index 000000000..a8bc6a420 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_steam_appservice_token" + - "matrix_mx_puppet_steam_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 new file mode 100644 index 000000000..d08982ca9 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -0,0 +1,99 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_steam_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_steam_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_steam_homeserver_address }} + {% if matrix_mx_puppet_steam_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_steam_login_shared_secret }} + {% endif %} + # Display name of the bridge bot + displayname: Steam Puppet Bridge + # Optionally specify a different media URL used for the media store + # + # This is where Steam will download user profile pictures and media + # from + #mediaUrl: https://external-url.org + +presence: + # Bridge Steam online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 5000 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} + +relay: + # Regex of Matrix IDs who are allowed to use the bridge in relay mode. + # Relay mode is when a single Steam bot account relays messages of + # multiple Matrix users + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} + +selfService: + # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) + # + # Same format as in provisioning + whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} + blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 new file mode 100644 index 000000000..53518d42e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Steam server +{% for service in matrix_mx_puppet_steam_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_steam_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_steam_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_steam_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_steam_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_steam_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-steam + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 923190362..372664a6e 100755 --- a/setup.yml +++ b/setup.yml @@ -17,6 +17,7 @@ - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-discord + - matrix-bridge-mx-puppet-steam - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack - matrix-bridge-mx-puppet-twitter From 78382b0ce480be00669e1d5841076b747ec4f28e Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 2 Jul 2020 10:38:25 -0500 Subject: [PATCH 33/49] Upgrade Synapse (1.15.1 -> 1.15.2) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a03740bb8..d9b5b61d4 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.2" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From a8f7ccf3f32e6f81e2acd4c67d848fffcb82e901 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 3 Jul 2020 12:10:57 +0300 Subject: [PATCH 34/49] Announce mx-puppet-steam bridging support Related to #557 (Github Pull Request). --- CHANGELOG.md | 7 +++++++ README.md | 2 ++ docs/configuring-playbook.md | 2 ++ 3 files changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7c7c7105..881bb00a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# 2020-07-03 + +## Steam bridging support via mx-puppet-steam + +Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started. + + # 2020-07-01 ## Discord bridging support via mx-puppet-discord diff --git a/README.md b/README.md index db2b1c309..65fa8c084 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation +- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 9265cc8d9..7e81d3a7f 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -107,6 +107,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional) +- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional) From b08ee2f2fa4b6498912a6b0fa4b833ef37527c6e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 3 Jul 2020 13:10:59 +0300 Subject: [PATCH 35/49] Move Jitsi container image tag to a variable Related to #554 (Github Pull Request). --- roles/matrix-jitsi/defaults/main.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 531a9d37c..37ee0fdda 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -49,8 +49,9 @@ matrix_jitsi_jibri_xmpp_password: '' matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: '' +matrix_jitsi_container_image_tag: "stable-4627-1" -matrix_jitsi_web_docker_image: "jitsi/web:stable-4627-1" +matrix_jitsi_web_docker_image: "jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -111,7 +112,7 @@ matrix_jitsi_web_config_constraints_video_height_ideal: 720 matrix_jitsi_web_config_constraints_video_height_max: 720 matrix_jitsi_web_config_constraints_video_height_min: 240 -matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4627-1" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -125,7 +126,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4627-1" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -142,7 +143,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: '' -matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4627-1" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" From 1f21f0c09ad16d56404e6f9e0bc5b4d2b0ec13d7 Mon Sep 17 00:00:00 2001 From: Justin Croonenberghs Date: Fri, 3 Jul 2020 18:33:25 -0500 Subject: [PATCH 36/49] Add variables for reCAPTCHA validation --- docs/configuring-captcha.md | 24 +++++++++++++++++++ docs/configuring-playbook-ma1sd.md | 2 ++ roles/matrix-synapse/defaults/main.yml | 5 ++++ .../templates/synapse/homeserver.yaml.j2 | 6 ++--- 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 docs/configuring-captcha.md diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md new file mode 100644 index 000000000..5183b92b3 --- /dev/null +++ b/docs/configuring-captcha.md @@ -0,0 +1,24 @@ +(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md)) + +# Overview +Captcha can be enabled for this home server. This file explains how to do that. +The captcha mechanism used is Google's ReCaptcha. This requires API keys from Google. + +## Getting keys + +Requires a site/secret key pair from: + + + +Must be a reCAPTCHA v2 key using the "I'm not a robot" Checkbox option + +## Setting ReCaptcha Keys + +Once registered as above, set the following values: + + matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' + matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' + +In addition, you MUST enable captchas via: + + matrix_synapse_enable_registration_captcha: true diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index 03d1ecded..06a5a5b97 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu - `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse +- `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation. + - `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering - variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d9b5b61d4..ee38b1790 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -162,6 +162,11 @@ matrix_synapse_allow_public_rooms_over_federation: false # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# reCAPTCHA API for validating registration attempts +matrix_synapse_enable_registration_captcha: false +matrix_synapse_recaptcha_public_key: '' +matrix_synapse_recaptcha_private_key: '' + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 93cf43960..e0b57f691 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -934,18 +934,18 @@ url_preview_accept_language: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_public_key: "YOUR_PUBLIC_KEY" +#recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_private_key: "YOUR_PRIVATE_KEY" +#recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha # public/private key. Defaults to 'false'. # -#enable_registration_captcha: true +enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha }} # The API endpoint to use for verifying m.login.recaptcha responses. # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify". From 35c2655fa46a4f981c6c969511faf37d13129a4b Mon Sep 17 00:00:00 2001 From: Justin Croonenberghs Date: Fri, 3 Jul 2020 19:01:03 -0500 Subject: [PATCH 37/49] Removed troublesome #s --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e0b57f691..3cbb5a78f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -934,12 +934,12 @@ url_preview_accept_language: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key }} +recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key }} +recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha From b2a0830638db5d7475849054c83b65d02e3730a1 Mon Sep 17 00:00:00 2001 From: Justin Croonenberghs Date: Fri, 3 Jul 2020 19:10:00 -0500 Subject: [PATCH 38/49] Better URL for reCAPTCHA doc --- docs/configuring-captcha.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md index 5183b92b3..208dfdee3 100644 --- a/docs/configuring-captcha.md +++ b/docs/configuring-captcha.md @@ -8,7 +8,7 @@ The captcha mechanism used is Google's ReCaptcha. This requires API keys from Go Requires a site/secret key pair from: - + Must be a reCAPTCHA v2 key using the "I'm not a robot" Checkbox option From f758ee90cb386899908403b19d74aec5b1b1946e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 4 Jul 2020 09:31:52 +0300 Subject: [PATCH 39/49] Add |to_json to some values --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 3cbb5a78f..a02eb48fe 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -934,18 +934,18 @@ url_preview_accept_language: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key }} +recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|to_json }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key }} +recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|to_json }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha # public/private key. Defaults to 'false'. # -enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha }} +enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha|to_json }} # The API endpoint to use for verifying m.login.recaptcha responses. # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify". From f7e4281751ce619f71acd26ea00f9b2942c02798 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 4 Jul 2020 09:35:20 +0300 Subject: [PATCH 40/49] Simplify enabling recaptcha instructions a bit --- docs/configuring-captcha.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md index 208dfdee3..d137cf99e 100644 --- a/docs/configuring-captcha.md +++ b/docs/configuring-captcha.md @@ -2,7 +2,7 @@ # Overview Captcha can be enabled for this home server. This file explains how to do that. -The captcha mechanism used is Google's ReCaptcha. This requires API keys from Google. +The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. ## Getting keys @@ -10,15 +10,14 @@ Requires a site/secret key pair from: -Must be a reCAPTCHA v2 key using the "I'm not a robot" Checkbox option +Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option ## Setting ReCaptcha Keys Once registered as above, set the following values: - matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' - matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' - -In addition, you MUST enable captchas via: - - matrix_synapse_enable_registration_captcha: true +```yaml +matrix_synapse_enable_registration_captcha: true +matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' +matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' +``` From eb2766386f727ddf31844df6c1634884e274d2da Mon Sep 17 00:00:00 2001 From: dasTholo Date: Sat, 4 Jul 2020 10:17:46 +0200 Subject: [PATCH 41/49] swap links --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 65fa8c084..22e08e1c6 100644 --- a/README.md +++ b/README.md @@ -54,9 +54,9 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation -- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation +- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation -- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation +- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation From e2a5278d417718d68c41daca500308ca2649e135 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 4 Jul 2020 14:18:37 +0300 Subject: [PATCH 42/49] Fix some other swapped Twitter/Discord references --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 22e08e1c6..dda85cb35 100644 --- a/README.md +++ b/README.md @@ -54,9 +54,9 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation -- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation +- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation -- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation +- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation From b6b5435746edd916703f487b6b04825e4e6b9df6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 4 Jul 2020 14:20:02 +0300 Subject: [PATCH 43/49] Fix some broken links --- docs/configuring-playbook-bridge-mx-puppet-steam.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-steam.md b/docs/configuring-playbook-bridge-mx-puppet-steam.md index ab4929212..b64e67118 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-steam.md +++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md @@ -1,7 +1,7 @@ # Setting up MX Puppet Steam (optional) The playbook can install and configure -[mx-puppet-steam](https://github.com/matrix-steam/mx-puppet-steam) for you. +[mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you. See the project page to learn what it does and why it might be useful to you. @@ -23,7 +23,7 @@ the handle `@_steampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). Three authentication methods are available, Legacy Token, OAuth and xoxc token. -See mx-puppet-steam [documentation](https://github.com/matrix-steam/mx-puppet-steam) +See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam) for more information about how to configure the bridge. Once logged in, send `list` to the bot user to list the available rooms. From 6293f1bdb0f11a60a97e65410d7b751834985d20 Mon Sep 17 00:00:00 2001 From: shadow Date: Sat, 4 Jul 2020 13:33:33 +0200 Subject: [PATCH 44/49] Run all API self checks in check_mode --- roles/matrix-corporal/tasks/self_check_corporal.yml | 1 + roles/matrix-ma1sd/tasks/self_check_ma1sd.yml | 1 + roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml | 2 ++ roles/matrix-riot-web/tasks/self_check_riot_web.yml | 1 + roles/matrix-synapse/tasks/self_check_client_api.yml | 1 + roles/matrix-synapse/tasks/self_check_federation_api.yml | 1 + 6 files changed, 7 insertions(+) diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml index d1561757c..f7c15109e 100644 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/matrix-corporal/tasks/self_check_corporal.yml @@ -8,6 +8,7 @@ url: "{{ corporal_client_api_url_endpoint_public }}" follow_redirects: none return_content: true + check_mode: no register: result_corporal_client_api ignore_errors: true diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml index 2e0812630..b8a7faaa3 100644 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml @@ -8,6 +8,7 @@ url: "{{ ma1sd_url_endpoint_public }}" follow_redirects: none validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" + check_mode: no register: result_ma1sd ignore_errors: true diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index e7a4cfac1..2cf1ef064 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -12,6 +12,7 @@ follow_redirects: none return_content: true validate_certs: "{{ well_known_file_check.validate_certs }}" + check_mode: no register: result_well_known_matrix ignore_errors: true @@ -39,6 +40,7 @@ follow_redirects: "{{ well_known_file_check.follow_redirects }}" return_content: true validate_certs: "{{ well_known_file_check.validate_certs }}" + check_mode: no register: result_well_known_identity ignore_errors: true diff --git a/roles/matrix-riot-web/tasks/self_check_riot_web.yml b/roles/matrix-riot-web/tasks/self_check_riot_web.yml index 1a845b3e5..4c3e2b4bb 100644 --- a/roles/matrix-riot-web/tasks/self_check_riot_web.yml +++ b/roles/matrix-riot-web/tasks/self_check_riot_web.yml @@ -9,6 +9,7 @@ follow_redirects: none validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}" register: result_riot_web + check_mode: no ignore_errors: true - name: Fail if riot-web not working diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index fc691cc6d..30244d500 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,6 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true + check_mode: no when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 2a716d6b5..57c9e56b1 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,6 +7,7 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true + check_mode: no when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working From 8b19ceb6fc1cbe32e5939cb754d5f8b8a7cd5d73 Mon Sep 17 00:00:00 2001 From: Panagiotis Vasilopoulos Date: Sun, 5 Jul 2020 10:26:34 +0300 Subject: [PATCH 45/49] Fixed Steam link --- docs/configuring-playbook-bridge-mx-puppet-steam.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-steam.md b/docs/configuring-playbook-bridge-mx-puppet-steam.md index b64e67118..616efbe24 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-steam.md +++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md @@ -5,7 +5,7 @@ The playbook can install and configure See the project page to learn what it does and why it might be useful to you. -To enable the [Steam](https://steamapp.com/) bridge just use the following +To enable the [Steam](https://steampowered.com/) bridge just use the following playbook configuration: From baed917a134236991c65229e892542976a19752e Mon Sep 17 00:00:00 2001 From: Panagiotis Vasilopoulos Date: Sun, 5 Jul 2020 23:28:03 +0300 Subject: [PATCH 46/49] Fixed repository link for mx-puppet-steam - https://github.com/icewind1991/mx-puppet-steam is the link that's referenced by the documentation. - The previous link, https://github.com/matrix-steam/mx-puppet-steam, is invalid/inaccessible to the public. --- roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 3a2fa7628..be41c6458 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -32,7 +32,7 @@ - name: Ensure MX Puppet Steam repository is present on self build git: - repo: https://github.com/matrix-steam/mx-puppet-steam.git + repo: https://github.com/icewind1991/mx-puppet-steam.git dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" force: "yes" when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" From 227f1a28e38f804d95ffe720e17bc724ab10546a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Jul 2020 11:05:34 +0300 Subject: [PATCH 47/49] Allow matrix_user_uid/matrix_user_gid to be specified manually --- roles/matrix-base/defaults/main.yml | 6 ++++++ roles/matrix-base/tasks/setup_matrix_user.yml | 2 ++ roles/matrix-base/tasks/validate_config.yml | 10 ---------- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 804da22cc..0cdd6e32a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -26,6 +26,12 @@ matrix_federation_public_port: 8448 matrix_user_username: "matrix" matrix_user_groupname: "matrix" +# By default, the playbook creates the user (`matrix_user_username`) +# and group (`matrix_user_groupname`) with a random id. +# To use a specific user/group id, override these variables. +matrix_user_uid: ~ +matrix_user_gid: ~ + matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index 700201a89..295643e91 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -3,6 +3,7 @@ - name: Ensure Matrix group is created group: name: "{{ matrix_user_groupname }}" + gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}" state: present register: matrix_group @@ -13,6 +14,7 @@ - name: Ensure Matrix user is created user: name: "{{ matrix_user_username }}" + uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present group: "{{ matrix_user_groupname }}" register: matrix_user diff --git a/roles/matrix-base/tasks/validate_config.yml b/roles/matrix-base/tasks/validate_config.yml index 526866190..ed97d539c 100644 --- a/roles/matrix-base/tasks/validate_config.yml +++ b/roles/matrix-base/tasks/validate_config.yml @@ -1,11 +1 @@ --- - -- name: (Deprecation) Warn about unused user/group variables - fail: - msg: > - The `{{ item }}` variable defined in your configuration is not used by this playbook anymore. - User/group creation is now dynamic. You can remove these variables from your configuration, as they have no effect on anything. - when: "item in vars" - with_items: - - 'matrix_user_uid' - - 'matrix_user_gid' From 18ab677a963745e23f95a8ba90a02d731094d0c8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Jul 2020 00:22:47 +0300 Subject: [PATCH 48/49] Remove useless file --- roles/matrix-synapse/templates/synapse/env-synapse.j2 | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 roles/matrix-synapse/templates/synapse/env-synapse.j2 diff --git a/roles/matrix-synapse/templates/synapse/env-synapse.j2 b/roles/matrix-synapse/templates/synapse/env-synapse.j2 deleted file mode 100644 index c0f4b647a..000000000 --- a/roles/matrix-synapse/templates/synapse/env-synapse.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#jinja2: lstrip_blocks: "True" -SYNAPSE_CONFIG_PATH=/data/homeserver.yaml -SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} From 928982cffecc6b73988ed478b84a8e8fffb1c76e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Jul 2020 14:08:46 +0300 Subject: [PATCH 49/49] Upgrade Synapse (v1.15.2 -> v1.16.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 85 ++++++++++++++++++- 2 files changed, 82 insertions(+), 5 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ee38b1790..6fc7eab2c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.2" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.16.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index a02eb48fe..fb432f870 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -288,7 +288,7 @@ listeners: # number of monthly active users. # # 'limit_usage_by_mau' disables/enables monthly active user blocking. When -# anabled and a limit is reached the server returns a 'ResourceLimitError' +# enabled and a limit is reached the server returns a 'ResourceLimitError' # with error type Codes.RESOURCE_LIMIT_EXCEEDED # # 'max_mau_value' is the hard limit of monthly active users above which @@ -1182,7 +1182,11 @@ account_threepid_delegates: #enable_3pid_changes: false # Users who register on this homeserver will automatically be joined -# to these rooms +# to these rooms. +# +# By default, any room aliases included in this list will be created +# as a publicly joinable room when the first user registers for the +# homeserver. This behaviour can be customised with the settings below. # #auto_join_rooms: # - "#example:example.com" @@ -1194,11 +1198,63 @@ auto_join_rooms: # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the # homeserver registers. +# +# By default the auto-created rooms are publicly joinable from any federated +# server. Use the autocreate_auto_join_rooms_federated and +# autocreate_auto_join_room_preset settings below to customise this behaviour. +# # Setting to false means that if the rooms are not manually created, # users cannot be auto-joined since they do not exist. # +# Defaults to true. Uncomment the following line to disable automatically +# creating auto-join rooms. +# autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }} +# Whether the auto_join_rooms that are auto-created are available via +# federation. Only has an effect if autocreate_auto_join_rooms is true. +# +# Note that whether a room is federated cannot be modified after +# creation. +# +# Defaults to true: the room will be joinable from other servers. +# Uncomment the following to prevent users from other homeservers from +# joining these rooms. +# +#autocreate_auto_join_rooms_federated: false + +# The room preset to use when auto-creating one of auto_join_rooms. Only has an +# effect if autocreate_auto_join_rooms is true. +# +# This can be one of "public_chat", "private_chat", or "trusted_private_chat". +# If a value of "private_chat" or "trusted_private_chat" is used then +# auto_join_mxid_localpart must also be configured. +# +# Defaults to "public_chat", meaning that the room is joinable by anyone, including +# federated servers if autocreate_auto_join_rooms_federated is true (the default). +# Uncomment the following to require an invitation to join these rooms. +# +#autocreate_auto_join_room_preset: private_chat + +# The local part of the user id which is used to create auto_join_rooms if +# autocreate_auto_join_rooms is true. If this is not provided then the +# initial user account that registers will be used to create the rooms. +# +# The user id is also used to invite new users to any auto-join rooms which +# are set to invite-only. +# +# It *must* be configured if autocreate_auto_join_room_preset is set to +# "private_chat" or "trusted_private_chat". +# +# Note that this must be specified in order for new users to be correctly +# invited to any auto-join rooms which have been set to invite-only (either +# at the time of creation or subsequently). +# +# Note that, if the room already exists, this user must be joined and +# have the appropriate permissions to invite new members. +# +#auto_join_mxid_localpart: system + # When auto_join_rooms is specified, setting this flag to false prevents # guest accounts from being automatically joined to the rooms. # @@ -1431,7 +1487,7 @@ saml2_config: # The lifetime of a SAML session. This defines how long a user has to # complete the authentication process, if allow_unsolicited is unset. - # The default is 5 minutes. + # The default is 15 minutes. # #saml_session_lifetime: 5m @@ -1516,7 +1572,7 @@ saml2_config: # use an OpenID Connect Provider for authentication, instead of its internal # password database. # -# See https://github.com/matrix-org/synapse/blob/master/openid.md. +# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md. # oidc_config: # Uncomment the following to enable authorization against an OpenID Connect @@ -1960,6 +2016,27 @@ push: # example_stop_events_from: ['@bad:example.com'] spam_checker: {{ matrix_synapse_spam_checker|to_json }} + +## Rooms ## + +# Controls whether locally-created rooms should be end-to-end encrypted by +# default. +# +# Possible options are "all", "invite", and "off". They are defined as: +# +# * "all": any locally-created room +# * "invite": any room created with the "private_chat" or "trusted_private_chat" +# room creation presets +# * "off": this option will take no effect +# +# The default value is "off". +# +# Note that this option will only affect rooms created after it is set. It +# will also not affect rooms created by other servers. +# +#encryption_enabled_by_default_for_room_type: invite + + # Uncomment to allow non-server-admin users to create groups on this server # enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }}