Rename to bot_maubot and fix permission error

group_vars/matrix_servers

@@ -1065,11 +1065,11 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: |
 ######################################################################
 
 # We don't enable bots by default.
-matrix_maubot_enabled: false
+matrix_bot_maubot_enabled: false
 
-matrix_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
+matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
 
-matrix_maubot_systemd_required_services_list: |
+matrix_bot_maubot_systemd_required_services_list: |
   {{
     ['docker.service']
     +

roles/matrix-bot-maubot/defaults/main.yml

@@ -0,0 +1,33 @@
+---
+
+matrix_bot_maubot_enabled: true
+matrix_bot_maubot_container_image_self_build: false
+matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"
+matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
+
+matrix_bot_maubot_version: latest
+matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}"
+matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
+
+matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"
+matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data"
+matrix_bot_maubot_container_data_dir: "/data"
+
+matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
+
+
+
+matrix_bot_maubot_logging_level: info
+matrix_bot_maubot_secret: ''
+matrix_bot_maubot_admin_user: ''
+matrix_bot_maubot_admin_password: ''
+matrix_mau_environment_variables_extension: ''
+
+# A list of extra arguments to pass to the container
+matrix_bot_maubot_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-matrix-registration-bot.service depends on
+matrix_bot_maubot_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-matrix-registration-bot.service wants
+matrix_bot_maubot_systemd_wanted_services_list: []

roles/matrix-maubot/tasks/init.yml → roles/matrix-bot-maubot/tasks/init.yml

@@ -2,4 +2,4 @@
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}"
-  when: matrix_maubot_enabled|bool
+  when: matrix_bot_maubot_enabled|bool

roles/matrix-maubot/tasks/main.yml → roles/matrix-bot-maubot/tasks/main.yml

@@ -5,19 +5,19 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup|bool and matrix_maubot_enabled|bool"
+  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
   tags:
     - setup-all
-    - setup-maubot
+    - setup-bot-maubot
 
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup|bool and matrix_maubot_enabled|bool"
+  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
   tags:
     - setup-all
-    - setup-maubot
+    - setup-bot-maubot
 
 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup|bool and not matrix_maubot_enabled|bool"
+  when: "run_setup|bool and not matrix_bot_maubot_enabled|bool"
   tags:
     - setup-all
-    - setup-maubot
+    - setup-bot-maubot

roles/matrix-maubot/tasks/setup_install.yml → roles/matrix-bot-maubot/tasks/setup_install.yml

@@ -4,30 +4,30 @@
   file:
     path: "{{ item.path }}"
     state: directory
-    mode: 0750
+    mode: 0755
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   with_items:
-    - {path: "{{ matrix_maubot_base_path }}", when: true}
-    - - {path: "{{ matrix_maubot_data_path }}", when: true}
-    - {path: "{{ matrix_maubot_docker_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_maubot_base_path }}", when: true}
+    - - {path: "{{ matrix_bot_maubot_data_path }}", when: true}
+    - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true}
   when: "item.when|bool"
 
 - name: Ensure maubot configuration file created
   template:
     src: "{{ role_path }}/templates/config/config.yaml.j2"
-    dest: "{{ matrix_maubot_base_path }}/config.yaml"
+    dest: "{{ matrix_bot_maubot_base_path }}/config.yaml"
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-    mode: 0640
+    mode: "u=rwx"
 
 - name: Ensure maubot image is pulled
   docker_image:
-    name: "{{ matrix_maubot_docker_image }}"
+    name: "{{ matrix_bot_maubot_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_maubot_docker_image_force_pull }}"
-  when: "not matrix_maubot_container_image_self_build|bool"
+    force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}"
+  when: "not matrix_bot_maubot_container_image_self_build|bool"
   register: result
   retries: "{{ matrix_container_retries_count }}"
   delay: "{{ matrix_container_retries_delay }}"
@@ -35,37 +35,37 @@
 
 - name: Ensure maubot repository is present on self-build
   git:
-    repo: "{{ matrix_maubot_docker_repo }}"
-    dest: "{{ matrix_maubot_docker_src_files_path }}"
+    repo: "{{ matrix_bot_maubot_docker_repo }}"
+    dest: "{{ matrix_bot_maubot_docker_src_files_path }}"
     force: "yes"
   become: true
   become_user: "{{ matrix_user_username }}"
-  register: matrix_maubot_git_pull_results
-  when: "matrix_maubot_container_image_self_build|bool"
+  register: matrix_bot_maubot_git_pull_results
+  when: "matrix_bot_maubot_container_image_self_build|bool"
 
 - name: Ensure maubot image is built
   docker_image:
-    name: "{{ matrix_maubot_docker_image }}"
+    name: "{{ matrix_bot_maubot_docker_image }}"
     source: build
-    force_source: "{{ matrix_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
     build:
       dockerfile: Dockerfile
-      path: "{{ matrix_maubot_docker_src_files_path }}"
+      path: "{{ matrix_bot_maubot_docker_src_files_path }}"
       pull: true
-  when: "matrix_maubot_container_image_self_build|bool"
+  when: "matrix_bot_maubot_container_image_self_build|bool"
 
 - name: Ensure matrix-maubot.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2"
     dest: "{{ matrix_systemd_path }}/matrix-maubot.service"
     mode: 0644
-  register: matrix_maubot_systemd_service_result
+  register: matrix_bot_maubot_systemd_service_result
 
 - name: Ensure systemd reloaded after matrix-maubot.service installation
   service:
     daemon_reload: true
-  when: "matrix_maubot_systemd_service_result.changed|bool"
+  when: "matrix_bot_maubot_systemd_service_result.changed|bool"
 
 - name: Ensure matrix-maubot.service restarted, if necessary
   service:

roles/matrix-maubot/tasks/setup_uninstall.yml → roles/matrix-bot-maubot/tasks/setup_uninstall.yml

@@ -3,7 +3,7 @@
 - name: Check existence of matrix-maubot service
   stat:
     path: "{{ matrix_systemd_path }}/matrix-maubot.service"
-  register: matrix_maubot_service_stat
+  register: matrix_bot_maubot_service_stat
 
 - name: Ensure matrix-maubot is stopped
   service:
@@ -12,25 +12,25 @@
     enabled: false
     daemon_reload: true
   register: stopping_result
-  when: "matrix_maubot_service_stat.stat.exists|bool"
+  when: "matrix_bot_maubot_service_stat.stat.exists|bool"
 
 - name: Ensure matrix-maubot.service doesn't exist
   file:
     path: "{{ matrix_systemd_path }}/matrix-maubot.service"
     state: absent
-  when: "matrix_maubot_service_stat.stat.exists|bool"
+  when: "matrix_bot_maubot_service_stat.stat.exists|bool"
 
 - name: Ensure systemd reloaded after matrix-maubot.service removal
   service:
     daemon_reload: true
-  when: "matrix_maubot_service_stat.stat.exists|bool"
+  when: "matrix_bot_maubot_service_stat.stat.exists|bool"
 
 - name: Ensure Matrix maubot paths don't exist
   file:
-    path: "{{ matrix_maubot_base_path }}"
+    path: "{{ matrix_bot_maubot_base_path }}"
     state: absent
 
 - name: Ensure maubot Docker image doesn't exist
   docker_image:
-    name: "{{ matrix_maubot_docker_image }}"
+    name: "{{ matrix_bot_maubot_docker_image }}"
     state: absent

roles/matrix-maubot/tasks/validate_config.yml → roles/matrix-bot-maubot/tasks/validate_config.yml

@@ -6,6 +6,5 @@
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
   with_items:
-    - matrix_maubot_secret
-    - matrix_maubot_admin_user
-    - matrix_maubot_admin_password
+    - matrix_bot_maubot_secret
+    - matrix_bot_maubot_admins

roles/matrix-maubot/templates/config/config.yaml.j2 → roles/matrix-bot-maubot/templates/config/config.yaml.j2

@@ -50,7 +50,7 @@ server:
     hostname: 0.0.0.0
     port: 29316
     # Public base URL where the server is visible.
-    public_url: {{ matrix_maubot_bot_server }}
+    public_url: {{ matrix_bot_maubot_bot_server }}
     # The base management API path.
     base_path: /_matrix/maubot/v1
     # The base path for the UI.
@@ -64,7 +64,7 @@ server:
     appservice_base_path: /_matrix/app/v1
     # The shared secret to sign API access tokens.
     # Set to "generate" to generate and save a new token at startup.
-    unshared_secret: {{ matrix_maubot_secret }}
+    unshared_secret: {{ matrix_bot_maubot_secret }}
 
 # Known homeservers. This is required for the `mbc auth` command and also allows
 # more convenient access from the management UI. This is not required to create
@@ -73,14 +73,16 @@ server:
 homeservers:
   {{  matrix_domain }}:
     # Client-server API URL
-        url: {{ matrix_maubot_bot_server }}
+        url: {{ matrix_bot_maubot_bot_server }}
     # registration_shared_secret from synapse config
     # You can leave this empty if you don't have access to the homeserver.
     # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will.
         secret: {{ matrix_registration_shared_secret }}
-admins:
-    root: ''
-  {{ matrix_maubot_admin_user }}: {{ matrix_maubot_admin_password }}
+
+# List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password
+# to prevent normal login. Root is a special user that can't have a password and will always exist.
+admins: {{ matrix_bot_maubot_admins | combine( {"root": ""} ) }}
+
 api_features:
     login: true
     plugin: true

roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 → roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2

@@ -1,11 +1,11 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Maubot
-{% for service in matrix_maubot_systemd_required_services_list %}
+{% for service in matrix_bot_maubot_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
-{% for service in matrix_maubot_systemd_wanted_services_list %}
+{% for service in matrix_bot_maubot_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
@@ -18,13 +18,15 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \
 			--log-driver=none \
-			--cap-drop=ALL \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--read-only \
-			--mount type=bind,src={{ matrix_maubot_base_path }},dst=/data \
+            -e UID={{ matrix_user_uid }} \
+            -e GID={{ matrix_user_gid }} \
+            -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \
+			{% for arg in matrix_bot_maubot_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			--network={{ matrix_docker_network }} \
             -p 29316:29316 \
-			{{ matrix_maubot_docker_image }}
+			{{ matrix_bot_maubot_docker_image }}
 
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true'

roles/matrix-maubot/defaults/main.yml

@@ -1,32 +0,0 @@
----
-
-matrix_maubot_enabled: true
-matrix_maubot_container_image_self_build: false
-matrix_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"
-matrix_maubot_docker_src_files_path: "{{ matrix_maubot_base_path }}/docker-src"
-
-matrix_maubot_version: latest
-matrix_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_maubot_version }}"
-matrix_maubot_docker_image_force_pull: "{{ matrix_maubot_docker_image.endswith(':latest') }}"
-
-matrix_maubot_base_path: "{{ matrix_base_data_path }}/maubot"
-matrix_maubot_data_path: "{{ matrix_maubot_base_path }}/data"
-
-matrix_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
-
-
-
-matrix_maubot_logging_level: info
-matrix_maubot_secret: ''
-matrix_maubot_admin_user: ''
-matrix_maubot_admin_password: ''
-matrix_mau_environment_variables_extension: ''
-
-# A list of extra arguments to pass to the container
-matrix_maubot_container_extra_arguments: []
-
-# List of systemd services that matrix-bot-matrix-registration-bot.service depends on
-matrix_maubot_systemd_required_services_list: ['docker.service']
-
-# List of systemd services that matrix-bot-matrix-registration-bot.service wants
-matrix_maubot_systemd_wanted_services_list: []

setup.yml

@@ -66,4 +66,4 @@
     - matrix-postgres-backup
     - matrix-backup-borg
     - matrix-common-after
-    - matrix-maubot
+    - matrix-bot-maubot