diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f716c9a1..372a27be3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,59 @@ +# 2024-03-26 + +## (Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis + +**TLDR**: if the playbook used installed Redis as a dependency for you before, it will now replace it with [KeyDB](https://docs.keydb.dev/) (a drop-in alternative) due to [Redis having changed its license](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now uses [KeyDB](https://docs.keydb.dev/) (a drop-in alternative for Redis), instead of [Redis](https://redis.io/). + +The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), [enabling Hookshot encryption](docs/configuring-playbook-bridge-hookshot.md#end-to-bridge-encryption), etc.) or if you explicitly enabled the service (`redis_enabled: true` or `keydb_enabled: true`). + +This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the Limitations of [the new license](https://redis.com/legal/rsalv2-agreement/) (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis's. + +Next time your run the playbook (via the `setup-all` tag), **Redis will be automatically uninstalled and replaced with KeyDB**. Some Synapse downtime may occur while the switch happens. + +Users on `arm32` should be aware that there's **neither a prebuilt `arm32` container image for KeyDB**, nor the KeyDB role supports self-building yet. Users on this architecture likely don't run Synapse with workers, etc., so they're likely in no need of KeyDB (or Redis). If Redis is necessary in an `arm32` deployment, disabling KeyDB and making the playbook fall back to Redis is possible (see below). + +**The playbook still supports Redis** and you can keep using Redis (for now) if you'd like, by adding this additional configuration to your `vars.yml` file: + +```yml +# Explicitly disable KeyDB, which will auto-enable Redis +# if the playbook requires it as a dependency for its operation. +keydb_enabled: false +``` + + + +# 2024-03-24 + +## Initial work on IPv6 support + +Thanks to [Tilo Spannagel](https://github.com/tilosp), the playbook can now enable IPv6 for container networks for various components (roles) via [the `devture_systemd_docker_base_ipv6_enabled` variable](https://github.com/devture/com.devture.ansible.role.systemd_docker_base/blob/c11a526bb8e318b42eb52055056377bb31154f13/defaults/main.yml#L14-L31). + +It should be noted that: + +- Matrix roles (`roles/custom/matrix-*`) respect this variable, but external roles (those defined in `requirements.yml` and installed via `just roles`) do not respect it yet. Additional work is necessary +- changing the variable subsequently may not change existing container networks. Refer to [these instructions](https://github.com/devture/com.devture.ansible.role.systemd_docker_base/blob/c11a526bb8e318b42eb52055056377bb31154f13/defaults/main.yml#L26-L30) +- this is all very new and untested + +## Pantalaimon support + +Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install the [Pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you. It's already possible to integrate it with [Draupnir](docs/configuring-playbook-bot-draupnir.md) to allow it to work in E2EE rooms - see our Draupnir docs for details. + +See our [Setting up Pantalaimon](docs/configuring-playbook-pantalaimon.md) documentation to get started. + + +# 2024-03-05 + +## Support for Draupnir-for-all + +Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) (aka multi-instance Draupnir running in appservice mode). + +This is an alternative to [running Draupnir in bot mode](./docs/configuring-playbook-bot-draupnir.md), which is still supported by the playbook. + +The documentation page for [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) contains more information on how to install it. + + # 2024-02-19 ## Support for bridging to Facebook/Messenger via the new mautrix-meta bridge diff --git a/README.md b/README.md index 460399308..880d9e772 100644 --- a/README.md +++ b/README.md @@ -172,6 +172,7 @@ Various services that don't fit any other category. | [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) | | [Jitsi](https://jitsi.org/) | x | An open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) | | [Cactus Comments](https://cactus.chat) | x | A federated comment system built on matrix | [Link](docs/configuring-playbook-cactus-comments.md) | +| [Pantalaimon](https://github.com/matrix-org/pantalaimon) | x | An E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) | ## Installation diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md new file mode 100644 index 000000000..b3ffe05f3 --- /dev/null +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -0,0 +1,100 @@ +# Setting up Draupnir for All/D4A (optional) + +The playbook can install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool for you in appservice mode. + +Appservice mode can be used together with the regular [Draupnir bot](configuring-playbook-bot-draupnir.md) or independently. Details about the differences between the 2 modes are described below. + + +## Draupnir Appservice mode compared to Draupnir bot mode + +The administrative functions for managing the appservice are alpha quality and very limited. However, the experience of using an appservice-provisioned Draupnir is on par with the experience of using Draupnir from bot mode except in the case of avatar customisation as described later on in this document. + +Draupnir for all is the way to go if you need more than 1 Draupnir instance, but you don't need access to Synapse Admin features as they are not accessible through Draupnir for All (Even though the commands do show up in help). + +Draupnir for all in the playbook is rate-limit-exempt automatically as its appservice configuration file does not specify any rate limits. + +Normal Draupnir does come with the benefit of access to Synapse Admin features. You are also able to more easily customise your normal Draupnir than D4A as D4A even on the branch with the Avatar command (To be Upstreamed to Mainline Draupnir) that command is clunky as it requires the use of things like Element devtools. In normal draupnir this is a quick operation where you login to Draupnir with a normal client and set Avatar and Display name normally. + +Draupnir for all does not support external tooling like [MRU](https://mru.rory.gay) as it can't access Draupnir's user account. + + +## Installation + +### 1. Create a main management room. + +The playbook does not create a management room for your Main Draupnir. This task you have to do on your own. + +The management room has to be given an alias and be public when you are setting up the bot for the first time as the bot does not differentiate between invites +and invites to the management room. + +This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element calls this powerlevel. + +As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions. +>Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. + +### 2. Give your main management room an alias. + +Give the room from step 1 an alias. This alias can be anything you want and its recommended for increased security during the setup phase of the bot that you make this alias be a random string. You can give your room a secondary human readable alias when it has been locked down after setup phase. + +### 3. Adjusting the playbook configuration. + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +You must replace `ALIAS_FROM_STEP_2_GOES_HERE` with the alias you created in step 2. + +```yaml +matrix_appservice_draupnir_for_all_enabled: true + +matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE" +``` + +### 4. Installing + +After configuring the playbook, run the [installation](installing.md) command: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:matrix-homeserver-domain` you have succesfully installed Draupnir for All and can now start using it. + +The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for allis almost identical to Draupnir bot mode. + +### 1. Granting Users the ability to use D4A + +Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended. + +The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297)) + +To allow users or whole homeservers you type /plain @draupnir-main:matrix-homeserver-domain allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially. + +### 2. How to provision a D4A once you are allowed to. + +Open a DM with @draupnir-main:matrix-homeserver-domain and if using Element send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience. + +Congratulations if you made it all the way here because you now have a fully working Draupnir for all deployment. + +### Configuration of D4A + +You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for more configuration documentation. Please note that the playbook ships a full copy of the example config that does transfer to provisioned draupnirs in the production-bots.yaml.j2 file in the template directory of the role. + +Please note that Config extension does not affect the appservices config as this config is not extensible in current Draupnir anyways. Config extension instead touches the config passed to the Draupnirs that your Appservice creates. So for example below makes all provisioned Draupnirs protect all joined rooms. + +You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. + +For example to change draupnir's `protectAllJoinedRooms` option to `true` you would add the following to your `vars.yml` file. + +```yaml +matrix_appservice_draupnir_for_all_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_draupnir_for_all_yaml`. + protectAllJoinedRooms: true +``` diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 3c4d2569e..27b2a06a6 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -4,6 +4,9 @@ The playbook can install and configure the [draupnir](https://github.com/the-dra See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you. +This documentation page is about installing Draupnir in bot mode. As an alternative, you can run a multi-instance Draupnir deployment by installing [Draupnir in appservice mode](./configuring-playbook-appservice-draupnir-for-all.md) (called Draupnir-for-all) instead. + + If your migrating from Mjolnir skip to step 5b. ## 1. Register the bot account @@ -40,14 +43,57 @@ The following command works on semi up to date Windows 10 installs and All Windo ## 4. Create a management room -Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. + +If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below). Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. Finally invite the `@bot.draupnir:DOMAIN` account you created earlier into the room. -## 5a. Adjusting the playbook configuration +## 5. Adjusting the playbook configuration + +Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). + +### 5a. Configuration with E2EE support + +When using Pantalaimon, Draupnir will log in to its bot account itself through Pantalaimon, so configure its username and password. + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md +matrix_pantalaimon_enabled: true + +# Enable Draupnir +matrix_bot_draupnir_enabled: true + +# Tell Draupnir to use Pantalaimon +matrix_bot_draupnir_pantalaimon_use: true + +# User name and password for the bot. Required when using Pantalaimon. +matrix_bot_draupnir_pantalaimon_username: "DRAUPNIR_USERNAME_FROM_STEP_1" +matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account + +matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + +The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Draupnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: + +```yaml +# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" + +# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" +``` + +### 5b. Configuration without E2EE support + +When NOT using Pantalaimon, Draupnir does not log in by itself and you must give it an access token for its bot account. Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): @@ -61,7 +107,7 @@ matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` -## 5b. Migrating from Mjolnir (Only required if migrating.) +### 5c. Migrating from Mjolnir (Only required if migrating.) Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable mjolnir if you're doing migration. That is all you need to do due to that Draupnir can complete migration on its own. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index efedceebe..69a89ac8e 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -37,7 +37,9 @@ The following command works on semi up to date Windows 10 installs and All Windo ## 4. Create a management room -Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. + +If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below). Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. @@ -46,6 +48,47 @@ Finally invite the `@bot.mjolnir:DOMAIN` account you created earlier into the ro ## 5. Adjusting the playbook configuration +Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). + +### 5a. Configuration with E2EE support + +When using Pantalaimon, Mjolnir will log in to its bot account itself through Pantalaimon, so configure its username and password. + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md +matrix_pantalaimon_enabled: true + +# Enable Mjolnir +matrix_bot_mjolnir_enabled: true + +# Tell Mjolnir to use Pantalaimon +matrix_bot_mjolnir_pantalaimon_use: true + +# User name and password for the bot. Required when using Pantalaimon. +matrix_bot_mjolnir_pantalaimon_username: "MJOLNIR_USERNAME_FROM_STEP_1" +matrix_bot_mjolnir_pantalaimon_password: ### you should create a secure password for the bot account + +matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + +The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Mjolnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: + +```yaml +# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" + +# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" +``` + +### 5b. Configuration without E2EE support + +When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give it an access token for its bot account. + Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values. diff --git a/docs/configuring-playbook-bridge-mautrix-meta-instagram.md b/docs/configuring-playbook-bridge-mautrix-meta-instagram.md index 0e30de56a..674f01b81 100644 --- a/docs/configuring-playbook-bridge-mautrix-meta-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-meta-instagram.md @@ -56,7 +56,7 @@ If you don't define the `matrix_admin` in your configuration (e.g. `matrix_admin You may redefine `matrix_mautrix_meta_instagram_bridge_permissions_default` any way you see fit, or add extra permissions using `matrix_mautrix_meta_instagram_bridge_permissions_custom` like this: ```yaml -matrix_mautrix_meta_instagram_bridge_permissions_custom: | +matrix_mautrix_meta_instagram_bridge_permissions_custom: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` diff --git a/docs/configuring-playbook-bridge-mautrix-meta-messenger.md b/docs/configuring-playbook-bridge-mautrix-meta-messenger.md index 541f52112..8a7d62330 100644 --- a/docs/configuring-playbook-bridge-mautrix-meta-messenger.md +++ b/docs/configuring-playbook-bridge-mautrix-meta-messenger.md @@ -9,9 +9,9 @@ This documentation page only deals with the bridge's ability to bridge to Facebo ## Migrating from the old mautrix-facebook bridge -If you've been using the [mautrix-facebook](./configuring-playbook-bridge-mautrix-facebook.md) bridge, you may wish to get rid of it first. +If you've been using the [mautrix-facebook](./configuring-playbook-bridge-mautrix-facebook.md) bridge, it's possible to migrate the database using [instructions from the bridge documentation](https://docs.mau.fi/bridges/go/meta/facebook-migration.html) (advanced). -To do so, send a `clean-rooms` command to the management room with the old bridge bot (`@facebookbot:YOUR_DOMAIN`). +Then you may wish to get rid of the Facebook bridge. To do so, send a `clean-rooms` command to the management room with the old bridge bot (`@facebookbot:YOUR_DOMAIN`). This would give you a list of portals and groups of portals you may purge. Proceed with sending commands like `clean recommended`, etc. @@ -67,7 +67,7 @@ If you don't define the `matrix_admin` in your configuration (e.g. `matrix_admin You may redefine `matrix_mautrix_meta_messenger_bridge_permissions_default` any way you see fit, or add extra permissions using `matrix_mautrix_meta_messenger_bridge_permissions_custom` like this: ```yaml -matrix_mautrix_meta_messenger_bridge_permissions_custom: | +matrix_mautrix_meta_messenger_bridge_permissions_custom: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` diff --git a/docs/configuring-playbook-client-schildichat.md b/docs/configuring-playbook-client-schildichat.md index eeab99a76..2892fa592 100644 --- a/docs/configuring-playbook-client-schildichat.md +++ b/docs/configuring-playbook-client-schildichat.md @@ -2,7 +2,7 @@ By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application. -**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2023-08-31), SchildiChat is 10 releases behind (it being based on element-web `v1.11.30`, while element-web is now on `v1.11.40`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk! +**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2024-02-26), SchildiChat is 22 releases behind (it being based on element-web `v1.11.36`, while element-web is now on `v1.11.58`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk! ## Enabling SchildiChat diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 5d11b4990..fe8cfc40b 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -54,7 +54,6 @@ matrix_synapse_reverse_proxy_companion_federation_api_enabled: false Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection. -**NOTE**: this approach hasn't been tested with the new Traefik-only setup that the playbook started using in 2024-01. It may not work. The following changes in the configuration file (`inventory/host_vars/matrix./vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other: diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index c6e78d02d..4ceb67459 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -40,16 +40,14 @@ Encryption support is off by default. If you would like to enable encryption, ad ```yaml matrix_bridges_encryption_enabled: true +matrix_bridges_encryption_default: true ``` **Alternatively**, for a specific bridge: ```yaml -matrix_mautrix_SERVICENAME_configuration_extension_yaml: | - bridge: - encryption: - allow: true - default: true +matrix_mautrix_SERVICENAME_bridge_encryption_enabled: true +matrix_mautrix_SERVICENAME_bridge_encryption_default: true ``` ## relay mode diff --git a/docs/configuring-playbook-pantalaimon.md b/docs/configuring-playbook-pantalaimon.md new file mode 100644 index 000000000..6f6146e1e --- /dev/null +++ b/docs/configuring-playbook-pantalaimon.md @@ -0,0 +1,21 @@ +# Setting up pantalaimon (optional) + +The playbook can install and configure the [pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you. + +See the project's [documentation](https://github.com/matrix-org/pantalaimon) to learn what it does and why it might be useful to you. + +This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [Draupnir](configuring-playbook-bot-draupnir.md) and [Mjolnir](configuring-playbook-bot-mjolnir.md) roles (and possibly others) can use it. + +## 1. Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +matrix_pantalaimon_enabled: true +``` + +The default configuration should suffice. For advanced configuration, you can override the variables documented in the role's [defaults](../roles/custom/matrix-pantalaimon/defaults/main.yml). + +## 2. Installing + +After configuring the playbook, run the [installation](installing.md) command. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fb4597fc8..86139e1a4 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -105,7 +105,9 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) -- [Matrix User Verification Service](configuring-playbook-user-verification-service.md) (optional, advanced) +- [Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (optional, advanced) + +- [Setting up Pantalaimon (E2EE aware proxy daemon)](configuring-playbook-pantalaimon.md) (optional, advanced) ### Bridging other networks @@ -195,6 +197,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Draupnir](configuring-playbook-bot-draupnir.md) - a moderation tool/bot, forked from Mjolnir and maintained by its former leader developer (optional) +- [Setting up Draupnir for all](configuring-playbook-appservice-draupnir-for-all.md) - like the [Draupnir bot](configuring-playbook-bot-draupnir.md) mentioned above, but running in appservice mode and supporting multiple instances (optional) + - [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional) diff --git a/docs/self-building.md b/docs/self-building.md index affe23860..4304f4ded 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -40,6 +40,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl - `matrix-bot-matrix-reminder-bot` - `matrix-bot-maubot` - `matrix-email2matrix` +- `matrix-pantalaimon` Adding self-building support to other roles is welcome. Feel free to contribute! diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index dd7a27c21..d7b8658b3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -71,6 +71,8 @@ matrix_homeserver_container_extra_arguments_auto: | {{ (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else []) + + (['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else []) + + (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else []) + (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else []) @@ -140,6 +142,8 @@ matrix_homeserver_app_service_config_files_auto: | {{ (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else []) + + (['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else []) + + (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else []) + (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else []) @@ -274,6 +278,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else []) + + ([{'name': 'matrix-appservice-draupnir-for-all.service', 'priority': 4000, 'groups': ['matrix', 'bridges', 'draupnir-for-all', 'appservice-draupnir-for-all']}] if matrix_appservice_draupnir_for_all_enabled else []) + + ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else []) + ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else []) @@ -402,6 +408,10 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else []) + + ([{'name': (keydb_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'keydb']}] if keydb_enabled else []) + + + ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) + + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else []) + ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else []) @@ -473,6 +483,27 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d ###################################################################### +######################################################################## +# # +# geerlingguy/ansible-role-docker # +# # +######################################################################## + +docker_daemon_options: | + {{ + { + 'experimental': devture_systemd_docker_base_ipv6_enabled, + 'ip6tables': devture_systemd_docker_base_ipv6_enabled, + } + }} + +######################################################################## +# # +# /geerlingguy/ansible-role-docker # +# # +######################################################################## + + ###################################################################### # # matrix-base @@ -1891,12 +1922,14 @@ matrix_hookshot_systemd_wanted_services_list: | matrix_addons_homeserver_systemd_services_list + ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else []) + + + ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else []) }} # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available. # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled), # because connectivity is still potentially troublesome and is to be investigated. -matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else '' }}" +matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}" matrix_hookshot_container_network: "{{ matrix_addons_container_network }}" @@ -1907,6 +1940,8 @@ matrix_hookshot_container_additional_networks_auto: | + ([redis_container_network] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else []) + + ([keydb_container_network] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else []) + + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else []) ) | unique }} @@ -2667,6 +2702,8 @@ matrix_bot_mjolnir_enabled: false matrix_bot_mjolnir_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + + + (['matrix-pantalaimon.service'] if matrix_bot_mjolnir_pantalaimon_use else []) }} matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2678,12 +2715,15 @@ matrix_bot_mjolnir_container_additional_networks_auto: |- ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) }} +matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" +matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" ###################################################################### # # /matrix-bot-mjolnir # ###################################################################### + ###################################################################### # # matrix-bot-draupnir @@ -2696,6 +2736,8 @@ matrix_bot_draupnir_enabled: false matrix_bot_draupnir_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + + + (['matrix-pantalaimon.service'] if matrix_bot_draupnir_pantalaimon_use else []) }} matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -2707,6 +2749,9 @@ matrix_bot_draupnir_container_additional_networks_auto: |- ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) }} +matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}" +matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" + ###################################################################### # # /matrix-bot-draupnir @@ -2714,6 +2759,74 @@ matrix_bot_draupnir_container_additional_networks_auto: |- ###################################################################### +###################################################################### +# +# matrix-appservice-draupnir-for-all +# +###################################################################### + +# We don't enable bots by default. +matrix_appservice_draupnir_for_all_enabled: false + +matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: | + {{ + matrix_addons_homeserver_systemd_services_list + + + ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) + }} + +matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +matrix_appservice_draupnir_for_all_container_network: "{{ matrix_addons_container_network }}" + +matrix_appservice_draupnir_for_all_container_additional_networks_auto: |- + {{ + ( + ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + + + ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != devture_postgres_container_network) else []) + ) | unique + }} + +matrix_appservice_draupnir_for_all_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.as.token', rounds=655555) | to_uuid }}" +matrix_appservice_draupnir_for_all_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.hs.token', rounds=655555) | to_uuid }}" + +matrix_appservice_draupnir_for_all_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.d4a.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-appservice-draupnir-for-all +# +###################################################################### + + +###################################################################### +# +# matrix-pantalaimon +# +###################################################################### + +matrix_pantalaimon_enabled: false + +matrix_pantalaimon_systemd_required_services_list_auto: | + {{ + matrix_addons_homeserver_systemd_services_list + }} + +matrix_pantalaimon_container_network: "{{ matrix_homeserver_container_network }}" + +matrix_pantalaimon_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_pantalaimon_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" + +###################################################################### +# +# /matrix-pantalaimon +# +###################################################################### + + ###################################################################### # # etke/backup_borg @@ -3599,6 +3712,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_appservice_discord_database_password, }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_appservice_draupnir_for_all_database_name, + 'username': matrix_appservice_draupnir_for_all_database_username, + 'password': matrix_appservice_draupnir_for_all_database_password, + }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ 'name': matrix_appservice_slack_database_name, 'username': matrix_appservice_slack_database_username, @@ -3901,7 +4020,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | # ###################################################################### -redis_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}" +redis_enabled: "{{ not keydb_enabled and (matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled)) }}" redis_identifier: matrix-redis @@ -3912,7 +4031,37 @@ redis_base_path: "{{ matrix_base_data_path }}/redis" ###################################################################### # -# /etle/redis +# /etke/redis +# +###################################################################### + +###################################################################### +# +# keydb +# +###################################################################### + +keydb_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}" + +keydb_identifier: matrix-keydb + +keydb_uid: "{{ matrix_user_uid }}" +keydb_gid: "{{ matrix_user_gid }}" + +keydb_base_path: "{{ matrix_base_data_path }}/keydb" + +keydb_arch: |- + {{ + ({ + 'amd64': 'x86_64', + 'arm32': 'arm32', + 'arm64': 'arm64', + })[matrix_architecture] + }} + +###################################################################### +# +# keydb # ###################################################################### @@ -3959,8 +4108,6 @@ matrix_client_element_enable_presence_by_hs_url: | else {matrix_client_element_default_hs_url: false} }} -matrix_client_element_welcome_user_id: ~ - matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### @@ -4072,8 +4219,6 @@ matrix_client_schildichat_enable_presence_by_hs_url: | else {matrix_client_schildichat_default_hs_url: false} }} -matrix_client_schildichat_welcome_user_id: ~ - matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### @@ -4123,6 +4268,8 @@ matrix_synapse_container_additional_networks_auto: | + ([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) + + ([keydb_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else []) + + ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else []) + ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else []) @@ -4205,6 +4352,8 @@ matrix_synapse_systemd_required_services_list_auto: | + ([redis_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) + + ([keydb_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else []) + + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} @@ -4216,9 +4365,9 @@ matrix_synapse_systemd_wanted_services_list_auto: | }} # Synapse workers (used for parallel load-scaling) need Redis for IPC. -matrix_synapse_redis_enabled: "{{ redis_enabled }}" -matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else '' }}" -matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else '' }}" +matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled }}" +matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '') }}" +matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else (keydb_connection_password if keydb_enabled else '') }}" matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" diff --git a/requirements.yml b/requirements.yml index 2e6893a99..f33c35b1c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.7-1.8.6-0 + version: v1.2.8-1.8.9-0 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-3 @@ -16,19 +16,22 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.6-0 + version: v2.0.1-2 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - version: v4.97-r0-0-1 + version: v4.97-r0-0-3 name: exim_relay - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.3.1-2 + version: v10.4.1-0 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9258-0 + version: v9364-1 name: jitsi +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git + version: v6.3.4-1 + name: keydb - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.8.0-1 + version: v2.10.0-0 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: 201c939eed363de269a83ba29784fc3244846048 @@ -43,10 +46,10 @@ version: v16.1-6 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: 7eadc992ca952fc29bf3fab5aa6335fa82ff01e5 + version: 046004a8cb9946979b72ce81c2526c8033ea8067 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.50.0-0 + version: v2.51.0-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git version: v1.7.0-3 @@ -55,10 +58,10 @@ version: v0.14.0-4 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.3-2 + version: v7.2.4-0 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: v1.0.0-2 + version: v1.1.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-4 @@ -67,7 +70,7 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.11.0-0 + version: v2.11.0-4 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.3-1 diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml new file mode 100644 index 000000000..21c98ee1b --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -0,0 +1,103 @@ +--- +# A moderation tool for Matrix +# Project source code URL: https://github.com/the-draupnir-project/Draupnir + +matrix_appservice_draupnir_for_all_enabled: true + +# renovate: datasource=docker depName=gnuxie/draupnir +matrix_appservice_draupnir_for_all_version: "1.87.0" + +matrix_appservice_draupnir_for_all_container_image_self_build: false +matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" + +matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}" +matrix_appservice_draupnir_for_all_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}" + +matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all" +matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config" +matrix_appservice_draupnir_for_all_data_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/data" +matrix_appservice_draupnir_for_all_docker_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src" + +matrix_appservice_draupnir_for_all_container_network: "" + +matrix_appservice_draupnir_for_all_container_additional_networks: "{{ matrix_appservice_draupnir_for_all_container_additional_networks_auto + matrix_appservice_draupnir_for_all_container_additional_networks_custom }}" +matrix_appservice_draupnir_for_all_container_additional_networks_auto: [] +matrix_appservice_draupnir_for_all_container_additional_networks_custom: [] + +# A list of extra arguments to pass to the container +matrix_appservice_draupnir_for_all_container_extra_arguments: [] + +# List of systemd services that matrix-bot-draupnir.service depends on +matrix_appservice_draupnir_for_all_systemd_required_services_list: "{{ matrix_appservice_draupnir_for_all_systemd_required_services_list_default + matrix_appservice_draupnir_for_all_systemd_required_services_list_auto + matrix_appservice_draupnir_for_all_systemd_required_services_list_custom }}" +matrix_appservice_draupnir_for_all_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: [] +matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: [] + +# List of systemd services that matrix-bot-draupnir.service wants +matrix_appservice_draupnir_for_all_systemd_wanted_services_list: [] + +# The room ID where people can use the bot. The bot has no access controls, so +# anyone in this room can use the bot - secure your room! +# This should be a room alias - not a matrix.to URL. +# Note: draupnir is fairly verbose - expect a lot of messages from it. +# This room is diffrent for Appservice Mode compared to normal mode. +# In Appservice mode it provides functions like user management. +matrix_appservice_draupnir_for_all_master_control_room_alias: "" + +# Placeholder Remenant of the fact that Cat belived Master Control Room to be separated from Access Control Policy List. +# The alias of the Policy list used to control who can provision a bot for them selfs. +# This should be a room alias - not a matrix.to URL. +# matrix_appservice_draupnir_for_all_management_policy_list_alias: "" + +matrix_appservice_draupnir_for_all_database_username: matrix_appservice_draupnir_for_all +matrix_appservice_draupnir_for_all_database_password: 'some-passsword' +matrix_appservice_draupnir_for_all_database_hostname: '' +matrix_appservice_draupnir_for_all_database_port: 5432 +matrix_appservice_draupnir_for_all_database_name: matrix_appservice_draupnir_for_all +matrix_appservice_draupnir_for_all_database_sslmode: disable + +matrix_appservice_draupnir_for_all_appservice_port: "9001" +matrix_appservice_draupnir_for_all_appservice_url: 'http://matrix-appservice-draupnir-for-all' + +matrix_appservice_draupnir_for_all_database_connection_string: 'postgresql://{{ matrix_appservice_draupnir_for_all_database_username }}:{{ matrix_appservice_draupnir_for_all_database_password }}@{{ matrix_appservice_draupnir_for_all_database_hostname }}:{{ matrix_appservice_draupnir_for_all_database_port }}/{{ matrix_appservice_draupnir_for_all_database_name }}?sslmode={{ matrix_appservice_draupnir_for_all_database_sslmode }}' + +matrix_appservice_draupnir_for_all_user_prefix: "draupnir_" + +matrix_appservice_draupnir_for_all_registration_yaml: | + id: "draupnir-for-all" + as_token: "{{ matrix_appservice_draupnir_for_all_appservice_token }}" + hs_token: "{{ matrix_appservice_draupnir_for_all_homeserver_token }}" + url: "{{ matrix_appservice_draupnir_for_all_appservice_url }}:{{ matrix_appservice_draupnir_for_all_appservice_port }}" + sender_localpart: draupnir-main + namespaces: + users: + - exclusive: true + regex: '@{{ matrix_appservice_draupnir_for_all_user_prefix }}*' + rate_limited: false + +matrix_appservice_draupnir_for_all_registration: "{{ matrix_appservice_draupnir_for_all_registration_yaml | from_yaml }}" +matrix_appservice_draupnir_for_all_configuration_appservice: "{{ lookup('template', 'templates/production-appservice.yaml.j2') | from_yaml }}" + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_draupnir_for_all_configuration_extension_yaml`) +# or completely replace this variable with your own template. + +matrix_appservice_draupnir_for_all_configuration_yaml: "{{ lookup('template', 'templates/production-bots.yaml.j2') }}" + +matrix_appservice_draupnir_for_all_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_draupnir_for_all_configuration_yaml`. + +matrix_appservice_draupnir_for_all_configuration_extension: "{{ matrix_appservice_draupnir_for_all_configuration_extension_yaml | from_yaml if matrix_appservice_draupnir_for_all_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_draupnir_for_all_configuration_yaml`. +matrix_appservice_draupnir_for_all_configuration: "{{ matrix_appservice_draupnir_for_all_configuration_yaml | from_yaml | combine(matrix_appservice_draupnir_for_all_configuration_extension, recursive=True) }}" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml new file mode 100644 index 000000000..8048ee95a --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- tags: + - setup-all + - setup-appservice-draupnir-for-all + - install-all + - install-appservice-draupnir-for-all + block: + - when: matrix_appservice_draupnir_for_all_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_appservice_draupnir_for_all_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-appservice-draupnir-for-all + block: + - when: not matrix_appservice_draupnir_for_all_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml new file mode 100644 index 000000000..e54956a2e --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml @@ -0,0 +1,96 @@ +--- + +- ansible.builtin.set_fact: + matrix_appservice_draupnir_for_all_requires_restart: false + +- name: Ensure matrix-appservice-draupnir-for-all paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true} + - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true} + - {path: "{{ matrix_appservice_draupnir_for_all_data_path }}", when: true} + - {path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"} + when: "item.when | bool" + +- name: Ensure draupnir Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_appservice_draupnir_for_all_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_draupnir_for_all_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_docker_image_force_pull }}" + when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure draupnir repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_appservice_draupnir_for_all_container_image_self_build_repo }}" + dest: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}" + version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_appservice_draupnir_for_all_git_pull_results + when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" + +- name: Ensure draupnir Docker image is built + community.docker.docker_image: + name: "{{ matrix_appservice_draupnir_for_all_docker_image }}" + source: build + force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}" + pull: true + when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" + +- name: Ensure matrix-appservice-draupnir-for-all appservice config installed + ansible.builtin.copy: + content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-draupnir-for-all bot config installed + ansible.builtin.copy: + content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-draupnir-for-all registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-draupnir-for-all container network is created + community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" + name: "{{ matrix_appservice_draupnir_for_all_container_network }}" + driver: bridge + +- name: Ensure matrix-appservice-draupnir-for-all.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-draupnir-for-all.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service" + mode: 0644 + register: matrix_appservice_draupnir_for_all_systemd_service_result + +- name: Ensure matrix-appservice-draupnir-for-all.service restarted, if necessary + ansible.builtin.service: + name: "matrix-appservice-draupnir-for-all.service" + state: restarted + daemon_reload: true + when: "matrix_appservice_draupnir_for_all_requires_restart | bool" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml new file mode 100644 index 000000000..f81cbfef3 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-appservice-draupnir-for-all service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service" + register: matrix_bot_draupnir_service_stat + +- when: matrix_bot_draupnir_service_stat.stat.exists | bool + block: + - name: Ensure matrix-appservice-draupnir-for-all is stopped + ansible.builtin.service: + name: matrix-appservice-draupnir-for-all + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-appservice-draupnir-for-all.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service" + state: absent + + - name: Ensure matrix-appservice-draupnir-for-all paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_draupnir_base_path }}" + state: absent diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml new file mode 100644 index 000000000..f0a1daf49 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required matrix-bot-draupnir variables are undefined + ansible.builtin.fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value." + with_items: + - "matrix_appservice_draupnir_for_all_master_control_room_alias" + - "matrix_bot_draupnir_container_network" + when: "vars[item] == '' or vars[item] is none" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 new file mode 100644 index 000000000..8bc927ad1 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 @@ -0,0 +1,18 @@ +homeserver: + # The Matrix server name, this will be the name of the server in your matrix id. + domain: "{{ matrix_domain }}" + # The url for the appservice to call the client server API from. + url: "{{ matrix_homeserver_url }}" + +# Database configuration for storing which Mjolnirs have been provisioned. +db: + engine: "postgres" + connectionString: "{{ matrix_appservice_draupnir_for_all_database_connection_string }}" + +# A room you have created that scopes who can access the appservice. +# See docs/access_control.md +adminRoom: "{{ matrix_appservice_draupnir_for_all_master_control_room_alias }}" + +# This is a web api that the widget connects to in order to interact with the appservice. +webAPI: + port: 9000 \ No newline at end of file diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 new file mode 100644 index 000000000..a40d7a105 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 @@ -0,0 +1,83 @@ +# The log level of terminal (or container) output, +# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. +# +# This should be at INFO or DEBUG in order to get support for Draupnir problems. +logLevel: "INFO" + +# Whether or not Draupnir should synchronize policy lists immediately after startup. +# Equivalent to running '!draupnir sync'. +syncOnStartup: true + +# Whether or not Draupnir should check moderation permissions in all protected rooms on startup. +# Equivalent to running `!draupnir verify`. +verifyPermissionsOnStartup: true + +# Whether Draupnir should check member lists quicker (by using a different endpoint), +# keep in mind that enabling this will miss invited (but not joined) users. +# +# Turn on if your bot is in (very) large rooms, or in large amounts of rooms. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for. +# +# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list, +# it will also remove the user's messages automatically. +# +# Typically this is useful to avoid having to give two commands to the bot. +# Advanced: Use asterisks to have the reason match using "globs" +# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting"). +# +# See here for more info: https://www.digitalocean.com/community/tools/glob +# Note: Keep in mind that glob is NOT regex! +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# Whether or not to add all joined rooms to the "protected rooms" list +# (excluding the management room and watched policy list rooms, see below). +# +# Note that this effectively makes the protectedRooms and associated commands useless +# for regular rooms. +# +# Note: the management room is *excluded* from this condition. +# Explicitly add it as a protected room to protect it. +# +# Note: Ban list rooms the bot is watching but didn't create will not be protected. +# Explicitly add these rooms as a protected room list if you want them protected. +protectAllJoinedRooms: false + +# Increase this delay to have Draupnir wait longer between two consecutive backgrounded +# operations. The total duration of operations will be longer, but the homeserver won't +# be affected as much. Conversely, decrease this delay to have Draupnir chain operations +# faster. The total duration of operations will generally be shorter, but the performance +# of the homeserver may be more impacted. +backgroundDelayMS: 500 + +# Misc options for command handling and commands +commands: + # Whether or not the `!draupnir` prefix is necessary to submit commands. + # + # If `true`, will allow commands like `!ban`, `!help`, etc. + # + # Note: Draupnir can also be pinged by display name instead of having to use + # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will address only my_moderator_bot. + allowNoPrefix: false + + # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`. + additionalPrefixes: + - "draupnir-bot" + - "draupnir_bot" + - "draupnir" + + # Whether or not commands with a wildcard (*) will require an additional `--force` argument + # in the command to be able to be submitted. + confirmWildcardBan: true + + # The default reasons to be prompted with if the reason is missing from a ban command. + ban: + defaultReasons: + - "spam" + - "brigading" + - "harassment" + - "disagreement" \ No newline at end of file diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 new file mode 100644 index 000000000..303e9e614 --- /dev/null +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 @@ -0,0 +1,48 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Draupnir for All appservice +{% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_draupnir_for_all_systemd_required_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-appservice-draupnir-for-all \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_appservice_draupnir_for_all_container_network }} \ + --mount type=bind,src={{ matrix_appservice_draupnir_for_all_config_path }},dst=/data/config,ro \ + --mount type=bind,src={{ matrix_appservice_draupnir_for_all_data_path }},dst=/data \ + {% for arg in matrix_appservice_draupnir_for_all_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_draupnir_for_all_docker_image }} \ + appservice -c /data/config/production-appservice.yaml -f /data/config/draupnir-for-all-registration.yaml -p {{ matrix_appservice_draupnir_for_all_appservice_port }} --draupnir-config /data/config/production-bots.yaml + +{% for network in matrix_appservice_draupnir_for_all_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-appservice-draupnir-for-all +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-appservice-draupnir-for-all + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-draupnir-for-all + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index a4c31bfcd..8bfecc833 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -16,6 +16,9 @@ matrix_admin: '' # Global var to enable/disable encryption across all bridges with encryption support matrix_bridges_encryption_enabled: false +# Global var to make encryption default/optional across all bridges with encryption support +matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}" + # Global var to enable/disable relay mode across all bridges with relay mode support matrix_bridges_relay_enabled: false diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 51548749d..e3b792bf5 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -94,6 +94,7 @@ - name: Ensure buscarron container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_buscarron_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-chatgpt/tasks/install.yml b/roles/custom/matrix-bot-chatgpt/tasks/install.yml index 9a09ab11a..68eaf7443 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/install.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/install.yml @@ -58,6 +58,7 @@ - name: Ensure chatgpt container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_chatgpt_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index e2a7ca9cb..03204f1b9 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_draupnir_enabled: true # renovate: datasource=docker depName=gnuxie/draupnir -matrix_bot_draupnir_version: "v1.86.2" +matrix_bot_draupnir_version: "v1.87.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" @@ -37,15 +37,34 @@ matrix_bot_draupnir_systemd_required_services_list_custom: [] # List of systemd services that matrix-bot-draupnir.service wants matrix_bot_draupnir_systemd_wanted_services_list: [] -# The access token for the bot user +# Whether Draupnir should talk to the homeserver through Pantalaimon +# If true, then other variables must be provided including pointing +# `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL. +matrix_bot_draupnir_pantalaimon_use: false + +# The access token for the bot user. Required when NOT using Pantalaimon. +# (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.) matrix_bot_draupnir_access_token: "" +# User name and password for the bot. Required when using Pantalaimon. +# (Otherwise provide `matrix_bot_draupnir_access_token` instead.) +matrix_bot_draupnir_pantalaimon_username: "" +matrix_bot_draupnir_pantalaimon_password: "" + # The room ID where people can use the bot. The bot has no access controls, so # anyone in this room can use the bot - secure your room! # This should be a room alias or room ID - not a matrix.to URL. -# Note: draupnir is fairly verbose - expect a lot of messages from it. +# Note: Draupnir is fairly verbose - expect a lot of messages from it. matrix_bot_draupnir_management_room: "" +# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_draupnir_homeserver_url: "" + +# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_draupnir_raw_homeserver_url: "" + # Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot. # This setting is described the following way in the Configuration. # diff --git a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml index 761ae8897..91830ac98 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml @@ -61,6 +61,7 @@ - name: Ensure matrix-bot-draupnir container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_draupnir_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml index b81378c47..efc5e7ddc 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml @@ -2,9 +2,20 @@ - name: Fail if required matrix-bot-draupnir variables are undefined ansible.builtin.fail: - msg: "The `{{ item }}` variable must be defined and have a non-null value." + msg: "The `{{ item.name }}` variable must be defined and have a non-null value." with_items: - - "matrix_bot_draupnir_access_token" - - "matrix_bot_draupnir_management_room" - - "matrix_bot_draupnir_container_network" - when: "vars[item] == '' or vars[item] is none" + - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_draupnir_management_room', when: true} + - {'name': 'matrix_bot_draupnir_container_network', when: true} + - {'name': 'matrix_bot_draupnir_homeserver_url', when: true} + - {'name': 'matrix_bot_draupnir_raw_homeserver_url', when: true} + - {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"} + when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)" + +- name: Fail if inappropriate variables are defined + ansible.builtin.fail: + msg: "The `{{ item.name }}` variable must be undefined or have a null value." + with_items: + - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"} + when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)" diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 36488a111..b4d3a0bcc 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -1,32 +1,34 @@ # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API), # set this to the pantalaimon URL if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" +homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }} # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. -rawHomeserverUrl: "{{ matrix_homeserver_url }}" +rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }} # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false. -accessToken: "{{ matrix_bot_draupnir_access_token }}" +accessToken: {{ matrix_bot_draupnir_access_token | to_json }} +{% if matrix_bot_draupnir_pantalaimon_use %} # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # Whether or not Draupnir will use pantalaimon to access the matrix homeserver, -# # set to `true` if you're using pantalaimon. -# # -# # Be sure to point homeserverUrl to the pantalaimon instance. -# # -# # Draupnir will log in using the given username and password once, -# # then store the resulting access token in a file under dataPath. -# use: false -# -# # The username to login with. -# username: draupnir -# -# # The password Draupnir will login with. -# # -# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. -# password: your_password +pantalaimon: + # Whether or not Draupnir will use pantalaimon to access the matrix homeserver, + # set to `true` if you're using pantalaimon. + # + # Be sure to point homeserverUrl to the pantalaimon instance. + # + # Draupnir will log in using the given username and password once, + # then store the resulting access token in a file under dataPath. + use: true + + # The username to login with. + username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }} + + # The password Draupnir will login with. + # + # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. + password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }} +{% endif %} # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers. dataPath: "/data" @@ -49,7 +51,7 @@ recordIgnoredInvites: false # # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room. # (see verboseLogging to adjust this a bit.) -managementRoom: "{{ matrix_bot_draupnir_management_room }}" +managementRoom: {{ matrix_bot_draupnir_management_room | to_json }} # Deprecated and will be removed in a future version. # Running with verboseLogging is unsupported. @@ -77,7 +79,7 @@ noop: false # Whether or not Draupnir should apply `m.room.server_acl` events. # DO NOT change this to `true` unless you are very confident that you know what you are doing. -disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}" +disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }} # Whether Draupnir should check member lists quicker (by using a different endpoint), # keep in mind that enabling this will miss invited (but not joined) users. @@ -161,7 +163,7 @@ commands: # The default reasons to be prompted with if the reason is missing from a ban command. ban: - defaultReasons: + defaultReasons: - "spam" - "brigading" - "harassment" diff --git a/roles/custom/matrix-bot-go-neb/tasks/install.yml b/roles/custom/matrix-bot-go-neb/tasks/install.yml index d251248af..96178ddb9 100644 --- a/roles/custom/matrix-bot-go-neb/tasks/install.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/install.yml @@ -45,6 +45,7 @@ - name: Ensure go-neb container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_go_neb_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index faf905363..93e219e89 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -111,6 +111,7 @@ - name: Ensure honoroit container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_honoroit_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 2b07f439e..652e2d4bb 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -58,6 +58,7 @@ - name: Ensure matrix-registration-bot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_matrix_registration_bot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 27b9f89ed..0489187cd 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -86,6 +86,7 @@ - name: Ensure matrix-reminder-bot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_matrix_reminder_bot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml index 0d3bb4cae..bceab14ec 100644 --- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml @@ -72,6 +72,7 @@ - name: Ensure maubot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_maubot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 4b5ac95bd..950f791fa 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -37,15 +37,34 @@ matrix_bot_mjolnir_systemd_required_services_list_custom: [] # List of systemd services that matrix-bot-mjolnir.service wants matrix_bot_mjolnir_systemd_wanted_services_list: [] -# The access token for the bot user +# Whether Mjolnir should talk to the homeserver through Pantalaimon +# If true, then other variables must be provided including pointing +# `matrix_bot_mjolnir_homeserver_url` to the Pantalaimon URL. +matrix_bot_mjolnir_pantalaimon_use: false + +# The access token for the bot user. Required when NOT using Pantalaimon. +# (Otherwise provide `matrix_bot_mjolnir_pantalaimon_username` and `matrix_bot_mjolnir_pantalaimon_password` instead.) matrix_bot_mjolnir_access_token: "" +# User name and password for the bot. Required when using Pantalaimon. +# (Otherwise provide `matrix_bot_mjolnir_access_token` instead.) +matrix_bot_mjolnir_pantalaimon_username: "" +matrix_bot_mjolnir_pantalaimon_password: "" + # The room ID where people can use the bot. The bot has no access controls, so # anyone in this room can use the bot - secure your room! # This should be a room alias or room ID - not a matrix.to URL. # Note: Mjolnir is fairly verbose - expect a lot of messages from it. matrix_bot_mjolnir_management_room: "" +# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API). +# Set this to the pantalaimon URL if you're using that. +matrix_bot_mjolnir_homeserver_url: "" + +# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +matrix_bot_mjolnir_raw_homeserver_url: "" + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml index 085049bdd..5fe1f4306 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml @@ -61,6 +61,7 @@ - name: Ensure matrix-bot-mjolnir container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_mjolnir_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml index 63289d7ba..7fd67e589 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml @@ -1,9 +1,21 @@ --- -- name: Fail if required variables are undefined +- name: Fail if required matrix-bot-mjolnir variables are undefined ansible.builtin.fail: - msg: "The `{{ item }}` variable must be defined and have a non-null value." + msg: "The `{{ item.name }}` variable must be defined and have a non-null value." with_items: - - "matrix_bot_mjolnir_access_token" - - "matrix_bot_mjolnir_management_room" - when: "vars[item] == '' or vars[item] is none" + - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ not matrix_bot_mjolnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_mjolnir_management_room', when: true} + - {'name': 'matrix_bot_mjolnir_container_network', when: true} + - {'name': 'matrix_bot_mjolnir_homeserver_url', when: true} + - {'name': 'matrix_bot_mjolnir_raw_homeserver_url', when: true} + - {'name': 'matrix_bot_mjolnir_pantalaimon_username', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_mjolnir_pantalaimon_password', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"} + when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)" + +- name: Fail if inappropriate variables are defined + ansible.builtin.fail: + msg: "The `{{ item.name }}` variable must be undefined or have a null value." + with_items: + - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"} + when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)" diff --git a/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 index 7643d65f7..23da8375e 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 @@ -1,32 +1,34 @@ # Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API), # set this to the pantalaimon URL if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" +homeserverUrl: {{ matrix_bot_mjolnir_homeserver_url | to_json }} # Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. -rawHomeserverUrl: "{{ matrix_homeserver_url }}" +rawHomeserverUrl: {{ matrix_bot_mjolnir_raw_homeserver_url | to_json }} # Matrix Access Token to use, Mjolnir will only use this if pantalaimon.use is false. -accessToken: "{{ matrix_bot_mjolnir_access_token }}" +accessToken: {{ matrix_bot_mjolnir_access_token | to_json }} +{% if matrix_bot_mjolnir_pantalaimon_use %} # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver, -# # set to `true` if you're using pantalaimon. -# # -# # Be sure to point homeserverUrl to the pantalaimon instance. -# # -# # Mjolnir will log in using the given username and password once, -# # then store the resulting access token in a file under dataPath. -# use: false -# -# # The username to login with. -# username: mjolnir -# -# # The password Mjolnir will login with. -# # -# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. -# password: your_password +pantalaimon: + # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver, + # set to `true` if you're using pantalaimon. + # + # Be sure to point homeserverUrl to the pantalaimon instance. + # + # Mjolnir will log in using the given username and password once, + # then store the resulting access token in a file under dataPath. + use: true + + # The username to login with. + username: {{ matrix_bot_mjolnir_pantalaimon_username | to_json }} + + # The password Mjolnir will login with. + # + # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. + password: {{ matrix_bot_mjolnir_pantalaimon_password | to_json }} +{% endif %} # The path Mjolnir will store its state/data in, leave default ("/data/storage") when using containers. dataPath: "/data" @@ -49,7 +51,7 @@ recordIgnoredInvites: false # # Note: By default, Mjolnir is fairly verbose - expect a lot of messages in this room. # (see verboseLogging to adjust this a bit.) -managementRoom: "{{ matrix_bot_mjolnir_management_room }}" +managementRoom: {{ matrix_bot_mjolnir_management_room | to_json }} # Whether Mjolnir should log a lot more messages in the room, # mainly involves "all-OK" messages, and debugging messages for when mjolnir checks bans in a room. diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml index 17f84e143..a14718289 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml @@ -81,6 +81,7 @@ - name: Ensure postmoogle container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_bot_postmoogle_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index 56d875f2a..ccfc3bad7 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -106,6 +106,7 @@ - name: Ensure matrix-appservice-discord container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_discord_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml index c322b3747..77eb3bf8c 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -190,6 +190,7 @@ - name: Ensure matrix-appservice-irc container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_irc_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index e567a6693..1dc7e6b96 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -130,7 +130,7 @@ matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_' # End-to-bridge encryption configuration matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}" +matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" # Specifies the default log level for all bridge loggers. matrix_appservice_kakaotalk_logging_level: WARNING diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml index 585604d02..8235d550e 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -99,6 +99,7 @@ - name: Ensure matrix-appservice-kakaotalk container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_kakaotalk_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml index 740918337..7ad2b26d6 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -84,6 +84,7 @@ - name: Ensure matrix-appservice-slack container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_slack_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index bb538e22b..145bf2165 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -83,6 +83,7 @@ - name: Ensure matrix-appservice-webhooks container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_appservice_webhooks_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 6fb00a1f9..9c84d9ba6 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -96,7 +96,7 @@ matrix_beeper_linkedin_logging_level: WARNING # Enable End-to-bridge encryption matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}" +matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}" # Default beeper-linkedin configuration template which covers the generic use case. diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c35c4f37d..4a0f88f0f 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -85,6 +85,7 @@ - name: Ensure beeper-linkedin container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_beeper_linkedin_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 3e4d41cd8..1100a8790 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -98,7 +98,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map: # Enable End-to-bridge encryption matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 211c0e75d..304d55039 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -128,6 +128,7 @@ - name: Ensure matrix-go-skype-bridge container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_go_skype_bridge_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml index 728a3975a..887ebe14c 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -31,6 +31,7 @@ - name: Ensure heisenbridge container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_heisenbridge_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml index 146a3f3eb..05b3005e5 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml @@ -109,6 +109,7 @@ - name: Ensure matrix-hookshot container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_hookshot_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index b7a9287d7..3f981af04 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -151,7 +151,7 @@ matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yam # Enable End-to-bridge encryption matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" +matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" # On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge. diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml index 77ff027e4..e160bc9f6 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -95,6 +95,7 @@ - name: Ensure mautrix-discord container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_discord_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index ecd5ae55b..b8130315e 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -203,5 +203,5 @@ matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_y # Enable End-to-bridge encryption matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}" +matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 8e81d85d0..d17488ee0 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure matrix-mautrix-facebook container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_facebook_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index be76e152a..e44ca39cd 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages -matrix_mautrix_gmessages_version: v0.2.4 +matrix_mautrix_gmessages_version: v0.3.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" @@ -139,7 +139,7 @@ matrix_mautrix_gmessages_bridge_login_shared_secret_map: # Enable End-to-bridge encryption matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" +matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml index 88a26cfde..f9387eb4a 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml @@ -144,6 +144,7 @@ - name: Ensure matrix-mautrix-gmessages container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_gmessages_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index 5d050eaaa..93f10de93 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -191,4 +191,4 @@ matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registrati # Enable End-to-bridge encryption matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}" +matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index eb33e14a2..3b3a55803 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure matrix-mautrix-googlechat container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_googlechat_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml index 621aa8be5..1aa5e5a71 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -187,4 +187,4 @@ matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_y # Enable End-to-bridge encryption matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}" +matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index a648972f0..eca5cc260 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure matrix-mautrix-hangouts container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_hangouts_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 23ead80f4..3814220bf 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -174,5 +174,5 @@ matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration # Enable End-to-bridge encryption matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}" +matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index e0d4da4a1..9ad03a5a6 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -77,6 +77,7 @@ - name: Ensure matrix-mautrix-instagram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_instagram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index da027a43b..4079143e4 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta -matrix_mautrix_meta_instagram_version: v0.1.0 +matrix_mautrix_meta_instagram_version: v0.2.0 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config" @@ -23,8 +23,10 @@ matrix_mautrix_meta_instagram_container_src_files_path: "{{ matrix_mautrix_meta_ matrix_mautrix_meta_instagram_container_image_self_build: false matrix_mautrix_meta_instagram_container_image_self_build_repo: "https://github.com/mautrix/meta.git" -matrix_mautrix_meta_instagram_container_image: "{{ matrix_mautrix_meta_instagram_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_instagram_version }}" +matrix_mautrix_meta_instagram_container_image: "{{ matrix_mautrix_meta_instagram_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_instagram_container_image_tag }}" matrix_mautrix_meta_instagram_container_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_meta_instagram_container_image_self_build else 'dock.mau.dev/' }}" +# Prebuilt container images for specific commit hashes are tagged with an architecture suffix (e.g. `HASH-amd64`). +matrix_mautrix_meta_instagram_container_image_tag: "{{ matrix_mautrix_meta_instagram_version }}{{ ('-' ~ matrix_architecture) if (matrix_mautrix_meta_instagram_version | length == 40) else '' }}" matrix_mautrix_meta_instagram_container_image_force_pull: "{{ matrix_mautrix_meta_instagram_container_image.endswith(':latest') }}" matrix_mautrix_meta_instagram_container_network: "" @@ -179,7 +181,17 @@ matrix_mautrix_meta_instagram_bridge_username_prefix: |- # Changing this may require that you change the regex in the appservice. matrix_mautrix_meta_instagram_bridge_username_template: "{{ matrix_mautrix_meta_instagram_bridge_username_prefix + '{{.}}' }}" -matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}' +matrix_mautrix_meta_instagram_bridge_displayname_suffix: |- + {{ + ({ + 'facebook': '(FB)', + 'facebook-tor': '(FB)', + 'messenger': '(FB)', + 'instagram': '(IG)', + })[matrix_mautrix_meta_instagram_meta_mode] + }} + +matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}' # The prefix for commands. Only required in non-management rooms. # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_instagram_meta_mode`): @@ -191,9 +203,13 @@ matrix_mautrix_meta_instagram_bridge_command_prefix: default # If false, created portal rooms will never be federated. matrix_mautrix_meta_instagram_bridge_federate_rooms: true +# Should the bridge create a space for each logged-in user and add bridged rooms to it? +# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. +matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces: true + # Enable End-to-bridge encryption matrix_mautrix_meta_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}" +matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}" matrix_mautrix_meta_instagram_bridge_encryption_appservice: false matrix_mautrix_meta_instagram_bridge_encryption_require: false @@ -266,5 +282,6 @@ matrix_mautrix_meta_instagram_registration_yaml: | url: {{ matrix_mautrix_meta_instagram_appservice_address }} sender_localpart: _bot_{{ matrix_mautrix_meta_instagram_appservice_username }} rate_limited: false + de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_meta_instagram_registration: "{{ matrix_mautrix_meta_instagram_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml index 906e5040d..b0240e298 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml @@ -104,6 +104,7 @@ - name: Ensure mautrix-meta-instagram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_meta_instagram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 index fe1287cc5..e48adf4b5 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 @@ -124,7 +124,7 @@ bridge: # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. - personal_filtering_spaces: false + personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }} # Should Matrix m.notice-type messages be bridged? bridge_notices: true # Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG? diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index e7d6ed321..7a9cd2f80 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta -matrix_mautrix_meta_messenger_version: v0.1.0 +matrix_mautrix_meta_messenger_version: v0.2.0 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config" @@ -23,8 +23,10 @@ matrix_mautrix_meta_messenger_container_src_files_path: "{{ matrix_mautrix_meta_ matrix_mautrix_meta_messenger_container_image_self_build: false matrix_mautrix_meta_messenger_container_image_self_build_repo: "https://github.com/mautrix/meta.git" -matrix_mautrix_meta_messenger_container_image: "{{ matrix_mautrix_meta_messenger_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_messenger_version }}" +matrix_mautrix_meta_messenger_container_image: "{{ matrix_mautrix_meta_messenger_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_messenger_container_image_tag }}" matrix_mautrix_meta_messenger_container_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_meta_messenger_container_image_self_build else 'dock.mau.dev/' }}" +# Prebuilt container images for specific commit hashes are tagged with an architecture suffix (e.g. `HASH-amd64`). +matrix_mautrix_meta_messenger_container_image_tag: "{{ matrix_mautrix_meta_messenger_version }}{{ ('-' ~ matrix_architecture) if (matrix_mautrix_meta_messenger_version | length == 40) else '' }}" matrix_mautrix_meta_messenger_container_image_force_pull: "{{ matrix_mautrix_meta_messenger_container_image.endswith(':latest') }}" matrix_mautrix_meta_messenger_container_network: "" @@ -179,7 +181,17 @@ matrix_mautrix_meta_messenger_bridge_username_prefix: |- # Changing this may require that you change the regex in the appservice. matrix_mautrix_meta_messenger_bridge_username_template: "{{ matrix_mautrix_meta_messenger_bridge_username_prefix + '{{.}}' }}" -matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}' +matrix_mautrix_meta_messenger_bridge_displayname_suffix: |- + {{ + ({ + 'facebook': '(FB)', + 'facebook-tor': '(FB)', + 'messenger': '(FB)', + 'instagram': '(IG)', + })[matrix_mautrix_meta_messenger_meta_mode] + }} + +matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}' # The prefix for commands. Only required in non-management rooms. # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_messenger_meta_mode`): @@ -191,9 +203,13 @@ matrix_mautrix_meta_messenger_bridge_command_prefix: default # If false, created portal rooms will never be federated. matrix_mautrix_meta_messenger_bridge_federate_rooms: true +# Should the bridge create a space for each logged-in user and add bridged rooms to it? +# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. +matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces: true + # Enable End-to-bridge encryption matrix_mautrix_meta_messenger_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}" +matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}" matrix_mautrix_meta_messenger_bridge_encryption_appservice: false matrix_mautrix_meta_messenger_bridge_encryption_require: false @@ -266,5 +282,6 @@ matrix_mautrix_meta_messenger_registration_yaml: | url: {{ matrix_mautrix_meta_messenger_appservice_address }} sender_localpart: _bot_{{ matrix_mautrix_meta_messenger_appservice_username }} rate_limited: false + de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_meta_messenger_registration: "{{ matrix_mautrix_meta_messenger_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml index d9f305be4..2b5738c90 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml @@ -104,6 +104,7 @@ - name: Ensure mautrix-meta-messenger container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_meta_messenger_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 index 09bb0c424..e2562c367 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 @@ -124,7 +124,7 @@ bridge: # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time. - personal_filtering_spaces: false + personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }} # Should Matrix m.notice-type messages be bridged? bridge_notices: true # Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG? diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 689510900..4e11de2da 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/ matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal -matrix_mautrix_signal_version: v0.5.0 +matrix_mautrix_signal_version: v0.5.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}" @@ -196,7 +196,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml # Enable End-to-bridge encryption matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" +matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_personal_filtering_spaces: true diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 8facac9b0..a04757499 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -138,6 +138,7 @@ - name: Ensure matrix-mautrix-signal container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_signal_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index d0f17d96f..dfe41b9e2 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -145,5 +145,5 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | # Enable End-to-bridge encryption matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" +matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml index c0ff0ba70..15a54d426 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -95,6 +95,7 @@ - name: Ensure matrix-mautrix-slack container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_slack_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 863e3a012..faa4d101f 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -234,5 +234,5 @@ matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)' # Enable End-to-bridge encryption matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}" +matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 7f384e909..410ee2022 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -150,6 +150,7 @@ - name: Ensure matrix-mautrix-telegram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_telegram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 091a6899d..30e8d153d 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -169,5 +169,5 @@ matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yam # Enable End-to-bridge encryption matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}" +matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 04fc858d2..bf7c3fa1a 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -79,6 +79,7 @@ - name: Ensure matrix-mautrix-twitter container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_twitter_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9919a3071..fdbe6145c 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp -matrix_mautrix_whatsapp_version: v0.10.5 +matrix_mautrix_whatsapp_version: v0.10.6 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" @@ -141,7 +141,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" -matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 0d620c07c..9e9a583b2 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -138,6 +138,7 @@ - name: Ensure matrix-mautrix-whatsapp container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_whatsapp_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml index 725296e6c..d7d24cf4a 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -93,6 +93,7 @@ - name: Ensure mautrix-wsproxy container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mautrix_wsproxy_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 7681587e3..c3037d8c6 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -114,6 +114,7 @@ - name: Ensure mx-puppet-discord container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_discord_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index d91f99c2a..55bb29aa3 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -115,6 +115,7 @@ - name: Ensure mx-puppet-groupme container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_groupme_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index ebd37688a..238ea1f2b 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -94,6 +94,7 @@ - name: Ensure mx-puppet-instagram container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_instagram_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 10480a7b6..9524f338c 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure mx-puppet-slack container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_slack_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index dc4f24bff..24ef30b59 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -115,6 +115,7 @@ - name: Ensure mx-puppet-steam container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_steam_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 50c51f5ea..e5e051841 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -125,6 +125,7 @@ - name: Ensure mx-puppet-twitter container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_mx_puppet_twitter_container_network }}" driver: bridge diff --git a/roles/custom/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml index b67bd5467..50337ed17 100644 --- a/roles/custom/matrix-bridge-sms/defaults/main.yml +++ b/roles/custom/matrix-bridge-sms/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sms_bridge_enabled: true # renovate: datasource=docker depName=folivonet/matrix-sms-bridge -matrix_sms_bridge_version: 0.5.8 +matrix_sms_bridge_version: 0.5.9 matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" diff --git a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml index 95ea5b3d4..6d0cfd08f 100644 --- a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml @@ -48,6 +48,7 @@ - name: Ensure matrix-sms-bridge container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_sms_bridge_container_network }}" driver: bridge diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml index ef318b716..be967e686 100644 --- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml @@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas matrix_cactus_comments_client_public_path_file_permissions: "0644" # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_cactus_comments_client_version: 2.27.0 +matrix_cactus_comments_client_version: 2.28.0 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}" diff --git a/roles/custom/matrix-cactus-comments-client/tasks/install.yml b/roles/custom/matrix-cactus-comments-client/tasks/install.yml index f0c797b65..53eaee90c 100644 --- a/roles/custom/matrix-cactus-comments-client/tasks/install.yml +++ b/roles/custom/matrix-cactus-comments-client/tasks/install.yml @@ -73,6 +73,7 @@ - name: Ensure matrix-cactus-comments-client container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_cactus_comments_client_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml index e4eb79387..162514f52 100644 --- a/roles/custom/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml @@ -66,6 +66,7 @@ - name: Ensure Cinny container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_cinny_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index cc65b6402..506f07f83 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.58 +matrix_client_element_version: v1.11.63 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -151,7 +151,6 @@ matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/su matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) matrix_client_element_room_directory_servers: ['matrix.org'] -matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml index f3273d229..0e5053d35 100644 --- a/roles/custom/matrix-client-element/tasks/setup_install.yml +++ b/roles/custom/matrix-client-element/tasks/setup_install.yml @@ -100,6 +100,7 @@ - name: Ensure Element container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_element_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index e9d9b4105..bf90b3d03 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -43,6 +43,7 @@ - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'} + - {'old': 'matrix_client_element_welcome_user_id', 'new': ''} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 180a8f818..dfb03fb10 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -26,7 +26,6 @@ "room_directory": { "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, - "welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 5ca6cb732..42cfd563a 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -78,6 +78,7 @@ - name: Ensure Hydrogen container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_hydrogen_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index ae79615c1..93e58bf7e 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_schildichat_enabled: true matrix_client_schildichat_container_image_self_build: false # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/schildichat-web -matrix_client_schildichat_version: v1.11.30-sc.2 +matrix_client_schildichat_version: v1.11.36-sc.3 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}" matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}" matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}" @@ -145,7 +145,6 @@ matrix_client_schildichat_bug_report_endpoint_url: "https://element.io/bugreport matrix_client_schildichat_show_lab_settings: true # noqa var-naming # schildichat public room directory server(s) matrix_client_schildichat_room_directory_servers: ['matrix.org'] -matrix_client_schildichat_welcome_user_id: ~ # Branding of schildichat matrix_client_schildichat_brand: "schildichat" diff --git a/roles/custom/matrix-client-schildichat/tasks/setup_install.yml b/roles/custom/matrix-client-schildichat/tasks/setup_install.yml index 6633878aa..f6bd61a17 100644 --- a/roles/custom/matrix-client-schildichat/tasks/setup_install.yml +++ b/roles/custom/matrix-client-schildichat/tasks/setup_install.yml @@ -99,6 +99,7 @@ - name: Ensure schildichat container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_client_schildichat_container_network }}" driver: bridge diff --git a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml index 966a74931..b5b5db54d 100644 --- a/roles/custom/matrix-client-schildichat/tasks/validate_config.yml +++ b/roles/custom/matrix-client-schildichat/tasks/validate_config.yml @@ -1,5 +1,14 @@ --- +- name: (Deprecation) Catch and report renamed Schildichat settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_client_schildichat_welcome_user_id', 'new': ''} + - name: Fail if required schildichat settings not defined ansible.builtin.fail: msg: > diff --git a/roles/custom/matrix-client-schildichat/templates/config.json.j2 b/roles/custom/matrix-client-schildichat/templates/config.json.j2 index fcf60f5d5..bd5ab79d2 100644 --- a/roles/custom/matrix-client-schildichat/templates/config.json.j2 +++ b/roles/custom/matrix-client-schildichat/templates/config.json.j2 @@ -26,7 +26,6 @@ "room_directory": { "servers": {{ matrix_client_schildichat_room_directory_servers | to_json }} }, - "welcome_user_id": {{ matrix_client_schildichat_welcome_user_id | to_json }}, {% if matrix_client_schildichat_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_schildichat_enable_presence_by_hs_url | to_json }}, {% endif %} diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 3bccf1078..3957c5c43 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -115,7 +115,7 @@ matrix_conduit_container_extra_arguments: [] # the original files into your inventory (e.g. in `inventory/host_vars//`) # and then change the specific host's `vars.yaml` file like this: # matrix_conduit_template_conduit_config: "{{ playbook_dir }}/inventory/host_vars//conduit.toml.j2" -matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit/conduit.toml.j2" +matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit.toml.j2" # Max size for uploads, in bytes matrix_conduit_max_request_size: 20_000_000 diff --git a/roles/custom/matrix-conduit/tasks/setup_install.yml b/roles/custom/matrix-conduit/tasks/setup_install.yml index 295b5c4f2..00d8a1330 100644 --- a/roles/custom/matrix-conduit/tasks/setup_install.yml +++ b/roles/custom/matrix-conduit/tasks/setup_install.yml @@ -36,6 +36,7 @@ - name: Ensure Conduit container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_conduit_container_network }}" driver: bridge diff --git a/roles/custom/matrix-corporal/tasks/setup_install.yml b/roles/custom/matrix-corporal/tasks/setup_install.yml index bfa0a2ac2..3213fc9f4 100644 --- a/roles/custom/matrix-corporal/tasks/setup_install.yml +++ b/roles/custom/matrix-corporal/tasks/setup_install.yml @@ -68,6 +68,7 @@ - name: Ensure Matrix Corporal container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_corporal_container_network }}" driver: bridge diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 05c96aced..248a15dd7 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -109,6 +109,7 @@ - name: Ensure Dendrite container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_dendrite_container_network }}" driver: bridge diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml index b1f0c242d..04c2248f9 100644 --- a/roles/custom/matrix-dimension/tasks/setup_install.yml +++ b/roles/custom/matrix-dimension/tasks/setup_install.yml @@ -130,6 +130,7 @@ - name: Ensure Dimension container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_dimension_container_network }}" driver: bridge diff --git a/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml index 17e13963d..f8ce0c48e 100644 --- a/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml @@ -58,6 +58,7 @@ - name: Ensure matrix-dynamic-dns container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_dynamic_dns_container_network }}" driver: bridge diff --git a/roles/custom/matrix-email2matrix/tasks/setup_install.yml b/roles/custom/matrix-email2matrix/tasks/setup_install.yml index f6fe55e23..5d49e7d47 100644 --- a/roles/custom/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_install.yml @@ -58,6 +58,7 @@ - name: Ensure matrix-email2matrix container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_email2matrix_container_network }}" driver: bridge diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml index c54a2f65e..760d4728f 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml @@ -53,6 +53,7 @@ - name: Ensure matrix-ldap-registration-proxy container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_ldap_registration_proxy_container_network }}" driver: bridge diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 index cc996d857..8ce1832f1 100644 --- a/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 +++ b/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2 @@ -5,7 +5,7 @@ traefik.enable=true traefik.docker.network={{ matrix_ldap_registration_proxy_container_labels_traefik_docker_network }} {% endif %} -{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_enabled %} +{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_enabled %} ############################################################ # # # Registration # @@ -16,20 +16,20 @@ traefik.http.services.matrix-ldap-registration-proxy.loadbalancer.server.port={{ traefik.http.middlewares.matrix-ldap-registration-proxy-registration-endpoint-replacepath.replacepath.path=/register -traefik.http.routers.matrix-ldap-registration-proxy-registration.rule={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_rule }} +traefik.http.routers.matrix-ldap-registration-proxy-registration.rule={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_rule }} traefik.http.routers.matrix-ldap-registration-proxy-registration.middlewares=matrix-ldap-registration-proxy-registration-endpoint-replacepath -{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_priority | int > 0 %} -traefik.http.routers.matrix-ldap-registration-proxy-registration.priority={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_priority }} +{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority | int > 0 %} +traefik.http.routers.matrix-ldap-registration-proxy-registration.priority={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_priority }} {% endif %} traefik.http.routers.matrix-ldap-registration-proxy-registration.service=matrix-ldap-registration-proxy -traefik.http.routers.matrix-ldap-registration-proxy-registration.entrypoints={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_entrypoints }} +traefik.http.routers.matrix-ldap-registration-proxy-registration.entrypoints={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_entrypoints }} -traefik.http.routers.matrix-ldap-registration-proxy-registration.tls={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls | to_json }} -{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls %} -traefik.http.routers.matrix-ldap-registration-proxy-registration.tls.certResolver={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls_certResolver }} +traefik.http.routers.matrix-ldap-registration-proxy-registration.tls={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls | to_json }} +{% if matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls %} +traefik.http.routers.matrix-ldap-registration-proxy-registration.tls.certResolver={{ matrix_ldap_registration_proxy_container_labels_registration_endpoint_traefik_tls_certResolver }} {% endif %} ############################################################ diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml index 4a408b468..0fcdb8c0a 100644 --- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml @@ -134,6 +134,7 @@ - name: Ensure ma1sd container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_ma1sd_container_network }}" driver: bridge diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index bab6155bb..63a225674 100755 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -386,6 +386,21 @@ matrix_media_repo_datastore_s3_opts_bucket_name: "your-media-bucket" # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. # matrix_media_repo_datastore_s3_opts_storage_class: "STANDARD" +# When set, if the requesting user/server supports being redirected, and MMR is capable +# of performing that redirection, they will be redirected to the given object location. +# The object ID used in S3 is assumed to be the file name, and will simply be appended. +# It is therefore important to include any trailing slashes or path information. For +# example, an object with ID "hello/world" will get converted to "https://mycdn.example.org/hello/world". +# Note that MMR may not redirect in all cases, even if the client/server requests the +# capability. MMR may still be responsible for bandwidth charges incurred from going to +# the bucket directly. +# matrix_media_repo_datastore_s3_opts_public_base_url: "https://mycdn.example.org/" + +# Set to `true` to bypass any local cache when `publicBaseUrl` is set. Has no effect +# when `publicBaseUrl` is unset. Defaults to false (cached media will be served by MMR +# before redirection if present). +matrix_media_repo_datastore_s3_opts_redirect_when_cached: true + # Options for controlling archives. Archives are exports of a particular user's content for # the purpose of GDPR or moving media to a different server. diff --git a/roles/custom/matrix-media-repo/tasks/setup_install.yml b/roles/custom/matrix-media-repo/tasks/setup_install.yml index b36df6d9a..a25b3f130 100755 --- a/roles/custom/matrix-media-repo/tasks/setup_install.yml +++ b/roles/custom/matrix-media-repo/tasks/setup_install.yml @@ -79,6 +79,7 @@ - name: Ensure media-repo container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_media_repo_container_network }}" driver: bridge diff --git a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 index 8dec40b18..ee7d151b6 100644 --- a/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 @@ -236,6 +236,23 @@ datastores: # See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use. #storageClass: STANDARD {% endif %} +{% if matrix_media_repo_datastore_s3_opts_public_base_url is defined %} + publicBaseUrl: {{ matrix_media_repo_datastore_s3_opts_public_base_url | to_json }} +{% else %} + # When set, if the requesting user/server supports being redirected, and MMR is capable + # of performing that redirection, they will be redirected to the given object location. + # The object ID used in S3 is assumed to be the file name, and will simply be appended. + # It is therefore important to include any trailing slashes or path information. For + # example, an object with ID "hello/world" will get converted to "https://mycdn.example.org/hello/world". + # Note that MMR may not redirect in all cases, even if the client/server requests the + # capability. MMR may still be responsible for bandwidth charges incurred from going to + # the bucket directly. + #publicBaseUrl: "https://mycdn.example.org/" +{% endif %} + # Set to `true` to bypass any local cache when `publicBaseUrl` is set. Has no effect + # when `publicBaseUrl` is unset. Defaults to false (cached media will be served by MMR + # before redirection if present). + redirectWhenCached: {{ matrix_media_repo_datastore_s3_opts_redirect_when_cached | to_json }} {% endif %} # Options for controlling archives. Archives are exports of a particular user's content for diff --git a/roles/custom/matrix-pantalaimon/defaults/main.yml b/roles/custom/matrix-pantalaimon/defaults/main.yml new file mode 100644 index 000000000..b8f5c0d4c --- /dev/null +++ b/roles/custom/matrix-pantalaimon/defaults/main.yml @@ -0,0 +1,57 @@ +--- +# E2EE aware proxy daemon for matrix clients. +# Project source code URL: https://github.com/matrix-org/pantalaimon + +matrix_pantalaimon_enabled: true + +matrix_pantalaimon_version: "0.10.5" + +matrix_pantalaimon_container_image_self_build: false +matrix_pantalaimon_container_image_self_build_repo: "https://github.com/matrix-org/pantalaimon.git" +matrix_pantalaimon_container_image_self_build_repo_version: "{{ 'main' if matrix_pantalaimon_version == 'latest' else matrix_pantalaimon_version }}" + +matrix_pantalaimon_docker_image: "{{ matrix_pantalaimon_docker_image_name_prefix }}matrixdotorg/pantalaimon:v{{ matrix_pantalaimon_version }}" +matrix_pantalaimon_docker_image_name_prefix: "{{ 'localhost/' if matrix_pantalaimon_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_pantalaimon_docker_image_force_pull: "{{ matrix_pantalaimon_docker_image.endswith(':latest') }}" + +matrix_pantalaimon_base_path: "{{ matrix_base_data_path }}/pantalaimon" +matrix_pantalaimon_data_path: "{{ matrix_pantalaimon_base_path }}/data" +matrix_pantalaimon_container_src_files_path: "{{ matrix_pantalaimon_base_path }}/container-src" + +# The base container network +matrix_pantalaimon_container_network: '' + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +matrix_pantalaimon_container_additional_networks: "{{ matrix_pantalaimon_container_additional_networks_auto + matrix_pantalaimon_container_additional_networks_custom }}" +matrix_pantalaimon_container_additional_networks_auto: [] +matrix_pantalaimon_container_additional_networks_custom: [] + +# A list of extra arguments to pass to the container +matrix_pantalaimon_container_extra_arguments: [] + +# List of systemd services that matrix-pantalaimon.service depends on +matrix_pantalaimon_systemd_required_services_list: "{{ matrix_pantalaimon_systemd_required_services_list_default + matrix_pantalaimon_systemd_required_services_list_auto + matrix_pantalaimon_systemd_required_services_list_custom }}" +matrix_pantalaimon_systemd_required_services_list_default: ['docker.service'] +matrix_pantalaimon_systemd_required_services_list_auto: [] +matrix_pantalaimon_systemd_required_services_list_custom: [] + +# List of systemd services that matrix-pantalaimon.service wants +matrix_pantalaimon_systemd_wanted_services_list: "{{ matrix_pantalaimon_systemd_wanted_services_list_default + matrix_pantalaimon_systemd_wanted_services_list_auto + matrix_pantalaimon_systemd_wanted_services_list_custom }}" +matrix_pantalaimon_systemd_wanted_services_list_default: [] +matrix_pantalaimon_systemd_wanted_services_list_auto: [] +matrix_pantalaimon_systemd_wanted_services_list_custom: [] + +# Pantalaimon log level, case-insensitive (Error, Warning, Info, Debug) +matrix_pantalaimon_log_level: Warning + +# Base URL where matrix-pantalaimon can reach your homeserver C-S API. +# If the homeserver runs on the same machine, you may need to add its service to `matrix_pantalaimon_systemd_required_services_list`. +matrix_pantalaimon_homeserver_url: "" + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can +# completely replace this variable with your own template. +matrix_pantalaimon_configuration: "{{ lookup('template', 'templates/pantalaimon.conf.j2') }}" diff --git a/roles/custom/matrix-pantalaimon/tasks/install.yml b/roles/custom/matrix-pantalaimon/tasks/install.yml new file mode 100644 index 000000000..74a90cce2 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/install.yml @@ -0,0 +1,67 @@ +--- + +- name: Ensure matrix-pantalaimon paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_pantalaimon_base_path }}", when: true} + - {path: "{{ matrix_pantalaimon_data_path }}", when: true} + - {path: "{{ matrix_pantalaimon_container_src_files_path }}", when: "{{ matrix_pantalaimon_container_image_self_build }}"} + when: "item.when | bool" + +- name: Ensure matrix-pantalaimon config installed + ansible.builtin.copy: + content: "{{ matrix_pantalaimon_configuration }}" + dest: "{{ matrix_pantalaimon_data_path }}/pantalaimon.conf" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure pantalaimon container image is pulled + community.docker.docker_image: + name: "{{ matrix_pantalaimon_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_pantalaimon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_pantalaimon_docker_image_force_pull }}" + when: "not matrix_pantalaimon_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure pantalaimon repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_pantalaimon_container_image_self_build_repo }}" + version: "{{ matrix_pantalaimon_container_image_self_build_repo_version }}" + dest: "{{ matrix_pantalaimon_container_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_pantalaimon_git_pull_results + when: "matrix_pantalaimon_container_image_self_build | bool" + +- name: Ensure pantalaimon container image is built + community.docker.docker_image: + name: "{{ matrix_pantalaimon_docker_image }}" + source: build + force_source: "{{ matrix_pantalaimon_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_pantalaimon_container_src_files_path }}" + pull: true + when: "matrix_pantalaimon_container_image_self_build | bool" + +- name: Ensure pantalaimon container network is created + community.general.docker_network: + name: "{{ matrix_pantalaimon_container_network }}" + driver: bridge + +- name: Ensure matrix-pantalaimon.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-pantalaimon.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-pantalaimon.service" + mode: 0644 diff --git a/roles/custom/matrix-pantalaimon/tasks/main.yml b/roles/custom/matrix-pantalaimon/tasks/main.yml new file mode 100644 index 000000000..63cdef198 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- tags: + - setup-all + - setup-pantalaimon + - install-all + - install-pantalaimon + block: + - when: matrix_pantalaimon_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_pantalaimon_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-pantalaimon + block: + - when: not matrix_pantalaimon_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-pantalaimon/tasks/uninstall.yml b/roles/custom/matrix-pantalaimon/tasks/uninstall.yml new file mode 100644 index 000000000..a6c7cd5f6 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-pantalaimon service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-pantalaimon.service" + register: matrix_pantalaimon_service_stat + +- when: matrix_pantalaimon_service_stat.stat.exists | bool + block: + - name: Ensure matrix-pantalaimon is stopped + ansible.builtin.service: + name: matrix-pantalaimon + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-pantalaimon.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-pantalaimon.service" + state: absent + + - name: Ensure matrix-pantalaimon paths don't exist + ansible.builtin.file: + path: "{{ matrix_pantalaimon_base_path }}" + state: absent diff --git a/roles/custom/matrix-pantalaimon/tasks/validate_config.yml b/roles/custom/matrix-pantalaimon/tasks/validate_config.yml new file mode 100644 index 000000000..00fc96ced --- /dev/null +++ b/roles/custom/matrix-pantalaimon/tasks/validate_config.yml @@ -0,0 +1,8 @@ +--- + +- name: Fail if required variables are undefined + ansible.builtin.fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value." + with_items: + - "matrix_pantalaimon_homeserver_url" + when: "vars[item] == '' or vars[item] is none" diff --git a/roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 b/roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 new file mode 100644 index 000000000..9e8f6fd97 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/templates/pantalaimon.conf.j2 @@ -0,0 +1,10 @@ +[Default] +LogLevel = {{ matrix_pantalaimon_log_level }} + +[homeserver] +Homeserver = {{ matrix_pantalaimon_homeserver_url }} +ListenAddress = 0.0.0.0 +ListenPort = 8009 +SSL = False +UseKeyring = False +IgnoreVerification = True diff --git a/roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 b/roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 new file mode 100644 index 000000000..be752e561 --- /dev/null +++ b/roles/custom/matrix-pantalaimon/templates/systemd/matrix-pantalaimon.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Pantalaimon +{% for service in matrix_pantalaimon_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_pantalaimon_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-pantalaimon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-pantalaimon 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-pantalaimon \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_pantalaimon_container_network }} \ + --mount type=bind,src={{ matrix_pantalaimon_data_path }},dst=/data \ + {% for arg in matrix_pantalaimon_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_pantalaimon_docker_image }} + +{% for network in matrix_pantalaimon_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-pantalaimon +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-pantalaimon + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-pantalaimon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-pantalaimon 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-pantalaimon + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml index 37cf96c29..2133e54a0 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml @@ -42,6 +42,7 @@ - name: Ensure prometheus-nginxlog-exporter container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_prometheus_nginxlog_exporter_container_network }}" driver: bridge diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml index bb2e45a1b..0598a0b7b 100644 --- a/roles/custom/matrix-rageshake/defaults/main.yml +++ b/roles/custom/matrix-rageshake/defaults/main.yml @@ -17,7 +17,7 @@ matrix_rageshake_path_prefix: / # There are no stable container image tags yet. # See: https://github.com/matrix-org/rageshake/issues/69 # renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake -matrix_rageshake_version: 1.11.0 +matrix_rageshake_version: 1.12.0 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake" matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config" diff --git a/roles/custom/matrix-rageshake/tasks/install.yml b/roles/custom/matrix-rageshake/tasks/install.yml index a1db9a877..f19304b8a 100644 --- a/roles/custom/matrix-rageshake/tasks/install.yml +++ b/roles/custom/matrix-rageshake/tasks/install.yml @@ -67,6 +67,7 @@ - name: Ensure rageshake container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_rageshake_container_network }}" driver: bridge diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml index db0085086..9c6791365 100644 --- a/roles/custom/matrix-registration/tasks/setup_install.yml +++ b/roles/custom/matrix-registration/tasks/setup_install.yml @@ -109,6 +109,7 @@ - name: Ensure matrix-registration container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_registration_container_network }}" driver: bridge diff --git a/roles/custom/matrix-sliding-sync/tasks/install.yml b/roles/custom/matrix-sliding-sync/tasks/install.yml index cb41cec06..7e7f2569c 100644 --- a/roles/custom/matrix-sliding-sync/tasks/install.yml +++ b/roles/custom/matrix-sliding-sync/tasks/install.yml @@ -60,6 +60,7 @@ - name: Ensure matrix-sliding-sync container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_sliding_sync_container_network }}" driver: bridge diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index e76c383b2..fc83e7100 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -8,7 +8,7 @@ matrix_static_files_enabled: true matrix_static_files_identifier: matrix-static-files # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_static_files_version: 2.27.0 +matrix_static_files_version: 2.28.0 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}" matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" diff --git a/roles/custom/matrix-static-files/tasks/install.yml b/roles/custom/matrix-static-files/tasks/install.yml index 94de62b8e..8d715de78 100644 --- a/roles/custom/matrix-static-files/tasks/install.yml +++ b/roles/custom/matrix-static-files/tasks/install.yml @@ -83,6 +83,7 @@ - name: Ensure matrix-static-files container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_static_files_container_network }}" driver: bridge diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml index 7c7d8261b..a365f2951 100644 --- a/roles/custom/matrix-sygnal/defaults/main.yml +++ b/roles/custom/matrix-sygnal/defaults/main.yml @@ -13,7 +13,7 @@ matrix_sygnal_hostname: '' matrix_sygnal_path_prefix: / # renovate: datasource=docker depName=matrixdotorg/sygnal -matrix_sygnal_version: v0.13.0 +matrix_sygnal_version: v0.14.0 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" diff --git a/roles/custom/matrix-sygnal/tasks/install.yml b/roles/custom/matrix-sygnal/tasks/install.yml index 7ee75a94e..a3015a385 100644 --- a/roles/custom/matrix-sygnal/tasks/install.yml +++ b/roles/custom/matrix-sygnal/tasks/install.yml @@ -41,6 +41,7 @@ - name: Ensure Sygnal container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_sygnal_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse-admin/tasks/setup_install.yml b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml index 2eefe06f6..d8819524f 100644 --- a/roles/custom/matrix-synapse-admin/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml @@ -53,6 +53,7 @@ - name: Ensure matrix-synapse-admin container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_admin_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml b/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml index 7e1bbf55f..bb26c0acf 100644 --- a/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml +++ b/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml @@ -70,6 +70,7 @@ - name: Ensure matrix-synapse-auto-compressor container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_auto_compressor_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml index 6a2293b2f..8af00cf67 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml @@ -41,6 +41,7 @@ - name: Ensure matrix-synapse-reverse-proxy-companion container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_reverse_proxy_companion_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 943d04032..c9499207a 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.101.0 +matrix_synapse_version: v1.104.0 matrix_synapse_username: '' matrix_synapse_uid: '' @@ -1038,6 +1038,7 @@ matrix_synapse_redis_enabled: false matrix_synapse_redis_host: "" matrix_synapse_redis_port: 6379 matrix_synapse_redis_password: "" +matrix_synapse_redis_dbid: 0 # Controls whether Synapse starts a replication listener necessary for workers. # diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml index fab610464..736493280 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml @@ -117,6 +117,7 @@ - name: Ensure Synapse container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_synapse_container_network }}" driver: bridge diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index b22178fcd..29f11d8e9 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2921,6 +2921,9 @@ redis: host: {{ matrix_synapse_redis_host }} port: {{ matrix_synapse_redis_port }} + # Optional database ID to connect to. Defaults to 0. + dbid: {{ matrix_synapse_redis_dbid }} + # Optional password if configured on the Redis instance # password: {{ matrix_synapse_redis_password }} diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 700614cbd..d42401f4e 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -57,6 +57,7 @@ - name: Ensure matrix-user-verification-service container network is created community.general.docker_network: + enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" name: "{{ matrix_user_verification_service_container_network }}" driver: bridge diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index bbee3000f..33e685b1e 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -6,7 +6,7 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- when: ansible_os_family == 'Debian' and matrix_playbook_migration_debian_signedby_migration_enabled | bool +- when: ansible_os_family == 'Debian' and matrix_playbook_docker_installation_enabled | bool and matrix_playbook_migration_debian_signedby_migration_enabled | bool tags: - setup-all - install-all diff --git a/setup.yml b/setup.yml index f5edec0f6..9d4a1f282 100644 --- a/setup.yml +++ b/setup.yml @@ -48,7 +48,9 @@ - role: galaxy/postgres - galaxy/redis + - galaxy/keydb - custom/matrix-corporal + - custom/matrix-appservice-draupnir-for-all - custom/matrix-bridge-appservice-discord - custom/matrix-bridge-appservice-slack - custom/matrix-bridge-appservice-webhooks @@ -123,6 +125,7 @@ - custom/matrix-coturn - custom/matrix-media-repo - custom/matrix-bridge-appservice-polychat + - custom/matrix-pantalaimon - role: galaxy/auxiliary