Move mautrix-facebook into a separate role

group_vars/matrix-servers

@@ -48,6 +48,24 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_
 ######################################################################
 
 
+######################################################################
+#
+# matrix-bridge-mautrix-facebook
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_facebook_enabled: false
+
+matrix_mautrix_facebook_systemd_required_services_list: ['docker.service', 'matrix-synapse.service']
+
+######################################################################
+#
+# /matrix-bridge-mautrix-facebook
+#
+######################################################################
+
+
 ######################################################################
 #
 # matrix-bridge-mautrix-telegram

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -0,0 +1,25 @@
+# mautrix-facebook is a Matrix <-> Facebook bridge
+# See: https://github.com/tulir/mautrix-facebook
+
+matrix_mautrix_facebook_enabled: true
+
+matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
+
+matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
+
+# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/
+matrix_mautrix_facebook_api_id: ''
+matrix_mautrix_facebook_api_hash: ''
+
+matrix_mautrix_facebook_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}'
+matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'
+matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080'
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_facebook_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-facebook.service depends on.
+matrix_mautrix_facebook_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-facebook.service wants
+matrix_mautrix_facebook_systemd_wanted_services_list: []

roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml → roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}"
-  when: matrix_mautrix_facebook_enabled
+  when: "matrix_mautrix_facebook_enabled"

roles/matrix-bridge-mautrix-facebook/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup and matrix_mautrix_facebook_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook
+
+- import_tasks: "{{ role_path }}/tasks/setup-install.yml"
+  when: "run_setup and matrix_mautrix_facebook_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook
+
+- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml"
+  when: "run_setup and not matrix_mautrix_facebook_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook

roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml → roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml

@@ -1,63 +1,55 @@
 ---
 
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Mautrix Facebook image is pulled
   docker_image:
     name: "{{ matrix_mautrix_facebook_docker_image }}"
-  when: "matrix_mautrix_facebook_enabled"
 
-- name: Ensure Mautrix Facebook configuration path exists
+- name: Ensure Mautrix Facebook base directory exists
   file:
     path: "{{ matrix_mautrix_facebook_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Check if a mautrix-facebook configuration file exists
   stat:
     path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
   register: mautrix_facebook_config_file_stat
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Ensure Matrix Mautrix facebook config installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-facebook/config.yaml.j2"
+    src: "{{ role_path }}/templates/config.yaml.j2"
     dest: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_config_file_stat.stat.exists"
-
-- name: (Migration) Fix up old configuration
-  lineinfile:
-    path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-    backrefs: yes
-  with_items:
-    - {'regexp': '^(\s+)filename: \./mautrix-facebook.log', 'line': '\1filename: /data/mautrix-facebook.log'}
-    - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-facebook.db'}
-  when: "matrix_mautrix_facebook_enabled and mautrix_facebook_config_file_stat.stat.exists"
+  when: "not mautrix_facebook_config_file_stat.stat.exists"
 
 - name: Ensure matrix-mautrix-facebook.service installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2"
     dest: "/etc/systemd/system/matrix-mautrix-facebook.service"
     mode: 0644
   register: matrix_mautrix_facebook_systemd_service_result
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_systemd_service_result.changed"
+  when: "matrix_mautrix_facebook_systemd_service_result.changed"
 
 - name: Check if a mautrix-facebook registration file exists
   stat:
     path: "{{ matrix_mautrix_facebook_base_path }}/registration.yaml"
   register: mautrix_facebook_registration_file_stat
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Generate matrix-mautrix-facebook registration.yaml if it doesn't exist
   shell:
@@ -70,32 +62,19 @@
       -v {{ matrix_mautrix_facebook_base_path }}:/data:z
       {{ matrix_mautrix_facebook_docker_image }}
       python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
-  when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_registration_file_stat.stat.exists"
+  when: "not mautrix_facebook_registration_file_stat.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
-  when: "matrix_mautrix_facebook_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
-  when: "matrix_mautrix_facebook_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json  }}
-  when: "matrix_mautrix_facebook_enabled"
-
-#
-# Tasks related to getting rid of matrix-mautrix-facebook (if it was previously enabled)
-#
-
-- name: Ensure matrix-mautrix-facebook.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
-    state: absent
-  when: "not matrix_mautrix_facebook_enabled"

roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Ensure matrix-mautrix-facebook.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
+    state: absent

roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mautrix_facebook_api_id"
+    - "matrix_mautrix_facebook_api_hash"

roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 → roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -2,9 +2,9 @@
 # Homeserver details
 homeserver:
     # The address that this appservice can use to connect to the homeserver.
-    address: https://{{ matrix_server_fqn_matrix }}
+    address: {{ matrix_mautrix_facebook_homeserver_address }}
     # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_domain }}
+    domain: {{ matrix_mautrix_facebook_homeserver_domain }}
     # Whether or not to verify the SSL certificate of the homeserver.
     # Only applies if address starts with https://
     verify_ssl: true
@@ -13,7 +13,7 @@ homeserver:
 # Changing these values requires regeneration of the registration.
 appservice:
     # The address that the homeserver can use to connect to this appservice.
-    address: http://matrix-mautrix-facebook:8080
+    address: {{ matrix_mautrix_facebook_appservice_address }}
 
     # The hostname and port where this appservice should listen.
     hostname: 0.0.0.0
@@ -73,7 +73,7 @@ bridge:
     #   domain - All users on that homeserver
     #     mxid - Specific user
     permissions:
-        '{{ matrix_domain }}': user
+        '{{ matrix_mautrix_facebook_homeserver_domain }}': user
 
 # Python logging configuration.
 #

roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 → roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2

@@ -1,10 +1,13 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mautrix Facebook server
-After=docker.service
-Requires=docker.service
-Requires=matrix-synapse.service
-After=matrix-synapse.service
+{% for service in matrix_mautrix_facebook_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mautrix_facebook_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
@@ -17,14 +20,19 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
 			-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
 			{{ matrix_mautrix_facebook_docker_image }} \
 			alembic -x config=/data/config.yaml upgrade head
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
+			{% for arg in matrix_mautrix_facebook_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_mautrix_facebook_docker_image }} \
 			python3 -m mautrix_facebook -c /data/config.yaml
+
 ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
 ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
 Restart=always

roles/matrix-synapse/defaults/main.yml

@@ -244,18 +244,6 @@ matrix_s3_media_store_region: "eu-central-1"
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_synapse_self_check_validate_certificates: true
 
-# Matrix mautrix is a Matrix <-> Facebook bridge
-# Enable facebook bridge
-matrix_mautrix_facebook_enabled: false
-
-matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
-
-matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
-
-# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/
-matrix_mautrix_facebook_api_id: YOUR_FACEBOOK_APP_ID
-matrix_mautrix_facebook_api_hash: YOUR_FACEBOOK_API_HASH
-
 # Matrix Appservice IRC is a Matrix <-> IRC bridge
 # Enable IRC bridge
 matrix_appservice_irc_enabled: false

roles/matrix-synapse/tasks/ext/init.yml

@@ -1,7 +1,5 @@
 ---
 
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml"
-
 - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml"
 
 - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml"

roles/matrix-synapse/tasks/ext/setup.yml

@@ -6,8 +6,6 @@
 
 - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
 
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml"
-
 - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml"
 
 - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml"

setup.yml

@@ -8,6 +8,7 @@
     - matrix-mailer
     - matrix-postgres
     - matrix-corporal
+    - matrix-bridge-mautrix-facebook
     - matrix-bridge-mautrix-telegram
     - matrix-bridge-mautrix-whatsapp
     - matrix-synapse