diff --git a/CHANGELOG.md b/CHANGELOG.md index 372a27be3..cf92179aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,24 @@ +# 2024-06-22 + +## The maubot user is now managed by the playbook + +To make things easier and to be consistent with other roles, the [maubot](./docs/configuring-playbook-bot-maubot.md) user (`bot.maubot` by default) is [now](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3376) automatically created be the playbook. + +If you have an existing maubot installation, you will need to specify `matrix_bot_maubot_initial_password` in your `vars.yml` file to make the playbook not complain about it being undefined. +Since the bot is already registered in your installation, there's nothing for the playbook to do anyway. In case you don't remember the password you've registered your maubot user account with, you can specify any value for this variable. + +If you've registered another username for the bot (other than the recommended default of `bot.maubot`), consider adjusting the `matrix_bot_maubot_login` variable (e.g. `matrix_bot_maubot_login: my.maubot.username`). + + +# 2024-06-03 + +## WeChat bridging support + +Thanks to [Tobias Diez](https://github.com/tobiasdiez)'s [efforts](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241), the playbook now supports bridging to [WeChat](https://www.wechat.com/) via the [matrix-wechat](https://github.com/duo/matrix-wechat) bridge. + +See our [Setting up WeChat bridging](docs/configuring-playbook-bridge-wechat.md) documentation page for getting started. + + # 2024-03-26 ## (Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index bf2b1d14b..d2b7dbc27 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -14,45 +14,42 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_maubot_enabled: true + +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_maubot_login: bot.maubot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_maubot_initial_password: PASSWORD_FOR_THE_BOT + matrix_bot_maubot_admins: - yourusername: securepassword ``` -You can add multiple admins. The admin accounts are not connected to any matrix ID and are only used to access the -maubot administration interface. +You can add multiple admins. The admin accounts are only used to access the maubot administration interface. ## Installing -After configuring the playbook, run the [installation](installing.md) command again: +After configuring the playbook, run the [installation](installing.md) command again (`just install-all`): -``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` +**Notes**: + +- if you change the bot password (`matrix_bot_maubot_initial_password` in your `vars.yml` file) subsequently, + the bot user's credentials on the homeserver won't be updated automatically. + If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it. ## Usage You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. You should start in the following order -1. **Create one or more clients:** A client is a matrix account which the bot will use to message. +1. **Create one or more clients:** A client is a matrix account which the bot will use to message. By default, the playbook creates a `bot.maubot` account (as per the configuration above). You only need to [obtain an access token](#obtaining-an-access-token) for it 2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source. 3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use and the plugin (how the bot will behave) -To add a client you first need to create an account and obtain a valid access token. - -## Registering the bot user - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. +## Obtaining an access token -## Obtaining an admin access token +This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands, you'll first need to `exec` into the maubot container with `docker exec -it matrix-bot-maubot sh`. -This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh` -Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). +Alternatively, you can follow our generic [obtain an access token](obtaining-access-tokens.md) documentation. diff --git a/docs/configuring-playbook-bridge-wechat.md b/docs/configuring-playbook-bridge-wechat.md new file mode 100644 index 000000000..fe4a3b6b2 --- /dev/null +++ b/docs/configuring-playbook-bridge-wechat.md @@ -0,0 +1,17 @@ +# Setting up the WeChat Bridge (optional) + +The playbook can install and configure the [matrix-wechat](https://github.com/duo/matrix-wechat) bridge for you (for bridging to the [WeChat](https://www.wechat.com/) network). + +See the project page to learn what it does and why it might be useful to you. + +To enable the bridge, use the following playbook configuration and re-run the playbook's [installation](./installing.md) procedure: + +```yaml +matrix_wechat_enabled: true +``` + +## Usage + +Once the bridge is installed, start a chat with `@wechatbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `help` to the bot to see the available commands. diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 8b01009b7..6f127ca36 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -79,6 +79,8 @@ Name | Description `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network) +`matrix_sliding_sync_metrics_enabled`|Set this to `true` to make [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) expose metrics (locally, on the container network) +`matrix_sliding_sync_metrics_proxying_enabled`|Set this to `true` to expose the [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) metrics on `https://matrix.DOMAIN/metrics/sliding-sync`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role. diff --git a/docs/configuring-playbook-synapse-auto-accept-invite.md b/docs/configuring-playbook-synapse-auto-accept-invite.md index ccc4b0c33..e380d4f93 100644 --- a/docs/configuring-playbook-synapse-auto-accept-invite.md +++ b/docs/configuring-playbook-synapse-auto-accept-invite.md @@ -5,7 +5,12 @@ The playbook can install and configure [synapse-auto-invite-accept](https://gith See that project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite) to learn what it does and why it might be useful to you. In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified. -If you decide that you'd like to let this playbook install it for you, you need a configuration like this: +**NOTE**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module. + + +## Configuration + +If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, you need a configuration like this: ```yaml matrix_synapse_ext_synapse_auto_accept_invite_enabled: true @@ -13,12 +18,30 @@ matrix_synapse_ext_synapse_auto_accept_invite_enabled: true matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: true ``` -## Synapse worker deployments +### Synapse worker deployments -In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is 'null'). For example add this to your configuration: +In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration: ```yaml matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: 'matrix-synapse-worker-generic-0' ``` -There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18). \ No newline at end of file +There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18). + + +## Native alternative + +Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse. + +Here's example configuration for using the **native** Synapse feature: + +```yml +matrix_synapse_auto_accept_invites_enabled: true + +# Default settings below. Uncomment and adjust if necessary. +# matrix_synapse_auto_accept_invites_only_for_direct_messages: false +# matrix_synapse_auto_accept_invites_only_from_local_users: false + +# If workers are enabled, you may delegate usage to a specific worker. +# matrix_synapse_auto_accept_invites_worker_to_run_on: 'matrix-synapse-worker-generic-0' +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 86139e1a4..708367083 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -178,6 +178,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md) (optional) +- [Setting up WeChat bridging](configuring-playbook-bridge-wechat.md) (optional) + ### Bots diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 1c162cb0e..4350a6a50 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -111,7 +111,7 @@ You can manually influence some of the tuning variables . These parameters (vari Most users should be fine with the automatically-done tuning. However, you may wish to: -- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable +- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable - **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 3030110e2..f84bf4e55 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -93,6 +93,8 @@ matrix_homeserver_container_extra_arguments_auto: | + (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else []) + + (['--mount type=bind,src=' + matrix_wechat_config_path + '/registration.yaml,dst=/matrix-wechat-registration.yaml,ro'] if matrix_wechat_enabled else []) + + (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else []) + (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else []) @@ -162,6 +164,8 @@ matrix_homeserver_app_service_config_files_auto: | + (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else []) + + (['/matrix-wechat-registration.yaml'] if matrix_wechat_enabled else []) + + (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else []) + (['/hookshot-registration.yml'] if matrix_hookshot_enabled else []) @@ -298,6 +302,10 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else []) + + ([{'name': 'matrix-wechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else []) + + + ([{'name': 'matrix-wechat-agent.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else []) + + ([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else []) + ([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot']}] if matrix_hookshot_enabled else []) @@ -1713,6 +1721,57 @@ matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_hom # ###################################################################### +###################################################################### +# +# matrix-bridge-wechat +# +###################################################################### + +# We don't enable bridges by default. +matrix_wechat_enabled: false + +matrix_wechat_systemd_required_services_list_auto: | + {{ + matrix_addons_homeserver_systemd_services_list + + + ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else []) + }} + +matrix_wechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +matrix_wechat_agent_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_wechat_container_network: "{{ matrix_addons_container_network }}" + +matrix_wechat_container_additional_networks_auto: |- + {{ + ( + ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + + + ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname and matrix_wechat_container_network != devture_postgres_container_network) else []) + ) | unique + }} + +matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.as.token', rounds=655555) | to_uuid }}" + +matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" +matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}" + +matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}" + +# Postgres is the default, except if not using internal Postgres server +matrix_wechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_wechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_wechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gowechat.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-wechat +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-whatsapp @@ -2814,7 +2873,7 @@ backup_borg_location_exclude_patterns: | backup_borg_systemd_required_services_list: | {{ - ['docker.service'] + [devture_systemd_docker_base_docker_service_name] + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} @@ -3031,7 +3090,7 @@ matrix_coturn_container_additional_volumes: | matrix_coturn_systemd_required_services_list: | {{ - ['docker.service'] + [devture_systemd_docker_base_docker_service_name] + ([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []) }} @@ -3149,7 +3208,7 @@ etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certReso etherpad_systemd_required_services_list: | {{ - ['docker.service'] + [devture_systemd_docker_base_docker_service_name] + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} @@ -3694,6 +3753,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_go_skype_bridge_database_password, }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_wechat_database_name, + 'username': matrix_wechat_database_username, + 'password': matrix_wechat_database_password, + }] if (matrix_wechat_enabled and matrix_wechat_database_engine == 'postgres' and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, @@ -4876,6 +4941,9 @@ matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" +matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" + matrix_sliding_sync_systemd_required_services_list_auto: | {{ matrix_homeserver_systemd_services_list @@ -4889,7 +4957,13 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" -###################################################################### +matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" + +matrix_sliding_sync_metrics_proxying_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_metrics_exposure_enabled }}" +matrix_sliding_sync_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" +matrix_sliding_sync_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/sliding-sync" + +##################################################################### # # /matrix-sliding-sync # @@ -5100,6 +5174,12 @@ matrix_user_creator_users_auto: | 'initial_password': matrix_bot_buscarron_password, 'initial_type': 'bot', }] if matrix_bot_buscarron_enabled else []) + + + ([{ + 'username': matrix_bot_maubot_login, + 'initial_password': matrix_bot_maubot_initial_password, + 'initial_type': 'bot', + }] if matrix_bot_maubot_enabled else []) }} ###################################################################### @@ -5119,7 +5199,7 @@ matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | {{ - ['docker.service'] + [devture_systemd_docker_base_docker_service_name] + (['matrix-' + matrix_homeserver_implementation + '.service']) }} @@ -5260,7 +5340,7 @@ devture_traefik_container_additional_networks_auto: | devture_traefik_systemd_required_services_list: | {{ - (['docker.service']) + ([devture_systemd_docker_base_docker_service_name]) + ([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else []) }} diff --git a/requirements.yml b/requirements.yml index 716f371d0..c9dc95760 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,10 +4,10 @@ version: v1.0.0-3 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.8-1.8.9-0 + version: v1.2.8-1.8.11-1 name: backup_borg - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git - version: v0.1.2-1 + version: v0.1.2-2 name: container_socket_proxy - src: git+https://github.com/geerlingguy/ansible-role-docker version: 7.2.0 @@ -16,22 +16,22 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v2.0.3-0 + version: v2.1.0-1 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.97.1-r0-0-2 name: exim_relay - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v11.0.0-0 + version: v11.0.0-1 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9457-3 + version: v9457-5 name: jitsi - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git - version: v6.3.4-1 + version: v6.3.4-2 name: keydb - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.10.0-0 + version: v2.10.0-1 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: 201c939eed363de269a83ba29784fc3244846048 @@ -43,25 +43,25 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.3-0 + version: v16.3-1 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: 046004a8cb9946979b72ce81c2526c8033ea8067 + version: 8c3585fb4857dbac026b2974bb6525289240effb name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.52.0-0 + version: v2.53.0-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.8.1-0 + version: v1.8.1-1 name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.14.0-4 + version: v0.14.0-5 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.2.4-0 + version: v7.2.4-1 name: redis - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: v1.1.0-0 + version: v1.2.0-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-4 @@ -70,8 +70,8 @@ version: v1.0.0-0 name: timesync - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.11.2-0 + version: v2.11.4-0 name: traefik - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git - version: v2.8.3-1 + version: v2.8.3-2 name: traefik_certs_dumper diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml index 21c98ee1b..0242edbda 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -30,7 +30,7 @@ matrix_appservice_draupnir_for_all_container_extra_arguments: [] # List of systemd services that matrix-bot-draupnir.service depends on matrix_appservice_draupnir_for_all_systemd_required_services_list: "{{ matrix_appservice_draupnir_for_all_systemd_required_services_list_default + matrix_appservice_draupnir_for_all_systemd_required_services_list_auto + matrix_appservice_draupnir_for_all_systemd_required_services_list_custom }}" -matrix_appservice_draupnir_for_all_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_draupnir_for_all_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: [] matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index a10974754..56defb34f 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -88,7 +88,7 @@ matrix_bot_buscarron_container_extra_arguments: [] # List of systemd services that matrix-bot-buscarron.service depends on matrix_bot_buscarron_systemd_required_services_list: "{{ matrix_bot_buscarron_systemd_required_services_list_default + matrix_bot_buscarron_systemd_required_services_list_auto + matrix_bot_buscarron_systemd_required_services_list_custom }}" -matrix_bot_buscarron_systemd_required_services_list_default: ['docker.service'] +matrix_bot_buscarron_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_buscarron_systemd_required_services_list_auto: [] matrix_bot_buscarron_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 957501b01..09d73a602 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -37,7 +37,7 @@ matrix_bot_chatgpt_container_extra_arguments: [] # List of systemd services that matrix-bot-chatgpt.service depends on matrix_bot_chatgpt_systemd_required_services_list: "{{ matrix_bot_chatgpt_systemd_required_services_list_default + matrix_bot_chatgpt_systemd_required_services_list_auto + matrix_bot_chatgpt_systemd_required_services_list_custom }}" -matrix_bot_chatgpt_systemd_required_services_list_default: ['docker.service'] +matrix_bot_chatgpt_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_chatgpt_systemd_required_services_list_auto: [] matrix_bot_chatgpt_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 03204f1b9..53dd53e43 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -30,7 +30,7 @@ matrix_bot_draupnir_container_extra_arguments: [] # List of systemd services that matrix-bot-draupnir.service depends on matrix_bot_draupnir_systemd_required_services_list: "{{ matrix_bot_draupnir_systemd_required_services_list_default + matrix_bot_draupnir_systemd_required_services_list_auto + matrix_bot_draupnir_systemd_required_services_list_custom }}" -matrix_bot_draupnir_systemd_required_services_list_default: ['docker.service'] +matrix_bot_draupnir_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_draupnir_systemd_required_services_list_auto: [] matrix_bot_draupnir_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-go-neb/defaults/main.yml b/roles/custom/matrix-bot-go-neb/defaults/main.yml index 67d368965..39622b398 100644 --- a/roles/custom/matrix-bot-go-neb/defaults/main.yml +++ b/roles/custom/matrix-bot-go-neb/defaults/main.yml @@ -87,7 +87,7 @@ matrix_bot_go_neb_container_extra_arguments: [] # List of systemd services that matrix-bot-go-neb.service depends on matrix_bot_go_neb_systemd_required_services_list: "{{ matrix_bot_go_neb_systemd_required_services_list_default + matrix_bot_go_neb_systemd_required_services_list_auto + matrix_bot_go_neb_systemd_required_services_list_custom }}" -matrix_bot_go_neb_systemd_required_services_list_default: ['docker.service'] +matrix_bot_go_neb_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_go_neb_systemd_required_services_list_auto: [] matrix_bot_go_neb_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index d11f2a769..670e8499b 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -84,7 +84,7 @@ matrix_bot_honoroit_container_extra_arguments: [] # List of systemd services that matrix-bot-honoroit.service depends on matrix_bot_honoroit_systemd_required_services_list: "{{ matrix_bot_honoroit_systemd_required_services_list_default + matrix_bot_honoroit_systemd_required_services_list_auto + matrix_bot_honoroit_systemd_required_services_list_custom }}" -matrix_bot_honoroit_systemd_required_services_list_default: ['docker.service'] +matrix_bot_honoroit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_honoroit_systemd_required_services_list_auto: [] matrix_bot_honoroit_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index 9de29091b..ed199a34a 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -45,7 +45,7 @@ matrix_bot_matrix_registration_bot_container_extra_arguments: [] # List of systemd services that matrix-bot-matrix-registration-bot.service depends on matrix_bot_matrix_registration_bot_systemd_required_services_list: "{{ matrix_bot_matrix_registration_bot_systemd_required_services_list_default + matrix_bot_matrix_registration_bot_systemd_required_services_list_auto + matrix_bot_matrix_registration_bot_systemd_required_services_list_custom }}" -matrix_bot_matrix_registration_bot_systemd_required_services_list_default: ['docker.service'] +matrix_bot_matrix_registration_bot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_matrix_registration_bot_systemd_required_services_list_auto: [] matrix_bot_matrix_registration_bot_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml index 20395e8b6..66ec34fbd 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -33,7 +33,7 @@ matrix_bot_matrix_reminder_bot_container_additional_networks_custom: [] # List of systemd services that matrix-bot-matrix-reminder-bot.service depends on matrix_bot_matrix_reminder_bot_systemd_required_services_list: "{{ matrix_bot_matrix_reminder_bot_systemd_required_services_list_default + matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto + matrix_bot_matrix_reminder_bot_systemd_required_services_list_custom }}" -matrix_bot_matrix_reminder_bot_systemd_required_services_list_default: ['docker.service'] +matrix_bot_matrix_reminder_bot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: [] matrix_bot_matrix_reminder_bot_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index d12dd20a0..cef180f18 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -5,6 +5,12 @@ matrix_bot_maubot_enabled: true +matrix_bot_maubot_login: bot.maubot + +# This is just initial password and it will not manage subsequent password changes. +# Use a tool like synapse-admin if you need to change it. +matrix_bot_maubot_initial_password: '' + matrix_bot_maubot_scheme: https matrix_bot_maubot_hostname: '' matrix_bot_maubot_path_prefix: /_matrix/maubot @@ -114,7 +120,7 @@ matrix_bot_maubot_container_extra_arguments: [] # List of systemd services that matrix-bot-maubot.service depends on matrix_bot_maubot_systemd_required_services_list: "{{ matrix_bot_maubot_systemd_required_services_list_default + matrix_bot_maubot_systemd_required_services_list_auto + matrix_bot_maubot_systemd_required_services_list_custom }}" -matrix_bot_maubot_systemd_required_services_list_default: ['docker.service'] +matrix_bot_maubot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_maubot_systemd_required_services_list_auto: [] matrix_bot_maubot_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml index 4247c8b58..297cec952 100644 --- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml @@ -25,3 +25,4 @@ - {'name': 'matrix_bot_maubot_container_network', when: true} - {'name': 'matrix_bot_maubot_homeserver_name', when: true} - {'name': 'matrix_bot_maubot_homeserver_url', when: true} + - {'name': 'matrix_bot_maubot_initial_password', when: true} diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 950f791fa..d674f62c2 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -30,7 +30,7 @@ matrix_bot_mjolnir_container_extra_arguments: [] # List of systemd services that matrix-bot-mjolnir.service depends on matrix_bot_mjolnir_systemd_required_services_list: "{{ matrix_bot_mjolnir_systemd_required_services_list_default + matrix_bot_mjolnir_systemd_required_services_list_auto + matrix_bot_mjolnir_systemd_required_services_list_custom }}" -matrix_bot_mjolnir_systemd_required_services_list_default: ['docker.service'] +matrix_bot_mjolnir_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_mjolnir_systemd_required_services_list_auto: [] matrix_bot_mjolnir_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 08799a7e8..7673d85e6 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -30,7 +30,7 @@ matrix_bot_postmoogle_container_extra_arguments: [] # List of systemd services that matrix-bot-postmoogle.service depends on matrix_bot_postmoogle_systemd_required_services_list: "{{ matrix_bot_postmoogle_systemd_required_services_list_default + matrix_bot_postmoogle_systemd_required_services_list_auto + matrix_bot_postmoogle_systemd_required_services_list_custom }}" -matrix_bot_postmoogle_systemd_required_services_list_default: ['docker.service'] +matrix_bot_postmoogle_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_bot_postmoogle_systemd_required_services_list_auto: [] matrix_bot_postmoogle_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index c32897007..1ca26ee01 100644 --- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -40,7 +40,7 @@ matrix_appservice_discord_container_extra_arguments: [] # List of systemd services that matrix-appservice-discord.service depends on. matrix_appservice_discord_systemd_required_services_list: "{{ matrix_appservice_discord_systemd_required_services_list_default + matrix_appservice_discord_systemd_required_services_list_auto + matrix_appservice_discord_systemd_required_services_list_custom }}" -matrix_appservice_discord_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_discord_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_appservice_discord_systemd_required_services_list_auto: [] matrix_appservice_discord_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 6a2d35006..2beff97bf 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -382,7 +382,7 @@ matrix_appservice_irc_container_extra_arguments: [] # List of systemd services that matrix-appservice-irc.service depends on. matrix_appservice_irc_systemd_required_services_list: "{{ matrix_appservice_irc_systemd_required_services_list_default + matrix_appservice_irc_systemd_required_services_list_auto + matrix_appservice_irc_systemd_required_services_list_custom }}" -matrix_appservice_irc_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_irc_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_appservice_irc_systemd_required_services_list_auto: [] matrix_appservice_irc_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index 1dc7e6b96..09d6daa2b 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -55,7 +55,12 @@ matrix_appservice_kakaotalk_container_extra_arguments: [] # List of systemd services that matrix-appservice-kakaotalk.service depends on. matrix_appservice_kakaotalk_systemd_required_services_list: "{{ matrix_appservice_kakaotalk_systemd_required_services_list_default + matrix_appservice_kakaotalk_systemd_required_services_list_auto + matrix_appservice_kakaotalk_systemd_required_services_list_custom }}" -matrix_appservice_kakaotalk_systemd_required_services_list_default: ['docker.service', 'matrix-appservice-kakaotalk-node.service'] +matrix_appservice_kakaotalk_systemd_required_services_list_default: |- + {{ + ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + + + ['matrix-appservice-kakaotalk-node.service'] + }} matrix_appservice_kakaotalk_systemd_required_services_list_auto: [] matrix_appservice_kakaotalk_systemd_required_services_list_custom: [] @@ -72,7 +77,7 @@ matrix_appservice_kakaotalk_container_additional_networks_custom: [] matrix_appservice_kakaotalk_node_container_extra_arguments: [] # List of systemd services that matrix-appservice-kakaotalk-node.service depends on. -matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service'] +matrix_appservice_kakaotalk_node_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-appservice-kakaotalk-node.service wants matrix_appservice_kakaotalk_node_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index 73449d729..131137996 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -81,7 +81,7 @@ matrix_appservice_slack_container_extra_arguments: [] # List of systemd services that matrix-appservice-slack.service depends on. matrix_appservice_slack_systemd_required_services_list: "{{ matrix_appservice_slack_systemd_required_services_list_default + matrix_appservice_slack_systemd_required_services_list_auto + matrix_appservice_slack_systemd_required_services_list_custom }}" -matrix_appservice_slack_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_slack_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_appservice_slack_systemd_required_services_list_auto: [] matrix_appservice_slack_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml index 22bbd45c3..840c0b214 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -77,7 +77,7 @@ matrix_appservice_webhooks_container_extra_arguments: [] # List of systemd services that matrix-appservice-webhooks.service depends on. matrix_appservice_webhooks_systemd_required_services_list: "{{ matrix_appservice_webhooks_systemd_required_services_list_default + matrix_appservice_webhooks_systemd_required_services_list_auto + matrix_appservice_webhooks_systemd_required_services_list_custom }}" -matrix_appservice_webhooks_systemd_required_services_list_default: ['docker.service'] +matrix_appservice_webhooks_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_appservice_webhooks_systemd_required_services_list_auto: [] matrix_appservice_webhooks_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 9c84d9ba6..4eb7ef91e 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -49,7 +49,7 @@ matrix_beeper_linkedin_container_extra_arguments: [] # List of systemd services that matrix-beeper-linkedin.service depends on. matrix_beeper_linkedin_systemd_required_services_list: "{{ matrix_beeper_linkedin_systemd_required_services_list_default + matrix_beeper_linkedin_systemd_required_services_list_auto + matrix_beeper_linkedin_systemd_required_services_list_custom }}" -matrix_beeper_linkedin_systemd_required_services_list_default: ['docker.service'] +matrix_beeper_linkedin_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_beeper_linkedin_systemd_required_services_list_auto: [] matrix_beeper_linkedin_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 1100a8790..d0cead0e3 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -34,7 +34,7 @@ matrix_go_skype_bridge_container_extra_arguments: [] # List of systemd services that matrix-go-skype-bridge.service depends on. matrix_go_skype_bridge_systemd_required_services_list: "{{ matrix_go_skype_bridge_systemd_required_services_list_default + matrix_go_skype_bridge_systemd_required_services_list_auto + matrix_go_skype_bridge_systemd_required_services_list_custom }}" -matrix_go_skype_bridge_systemd_required_services_list_default: ['docker.service'] +matrix_go_skype_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_go_skype_bridge_systemd_required_services_list_auto: [] matrix_go_skype_bridge_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 31c313abc..7913bf124 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -32,7 +32,7 @@ matrix_heisenbridge_container_extra_arguments: [] # List of systemd services that service depends on. matrix_heisenbridge_systemd_required_services_list: "{{ matrix_heisenbridge_systemd_required_services_list_default + matrix_heisenbridge_systemd_required_services_list_auto + matrix_heisenbridge_systemd_required_services_list_custom }}" -matrix_heisenbridge_systemd_required_services_list_default: ['docker.service'] +matrix_heisenbridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_heisenbridge_systemd_required_services_list_auto: [] matrix_heisenbridge_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 63a6dab91..8bd0a1b8b 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -17,7 +17,7 @@ matrix_hookshot_container_additional_networks_auto: [] matrix_hookshot_container_additional_networks_custom: [] # renovate: datasource=docker depName=halfshot/matrix-hookshot -matrix_hookshot_version: 5.3.0 +matrix_hookshot_version: 5.4.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -295,7 +295,7 @@ matrix_hookshot_container_labels_additional_labels: '' # List of systemd services that service depends on. matrix_hookshot_systemd_required_services_list: "{{ matrix_hookshot_systemd_required_services_list_default + matrix_hookshot_systemd_required_services_list_auto + matrix_hookshot_systemd_required_services_list_custom }}" -matrix_hookshot_systemd_required_services_list_default: ['docker.service'] +matrix_hookshot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_hookshot_systemd_required_services_list_auto: [] matrix_hookshot_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 3f981af04..28a1d84bd 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -45,7 +45,7 @@ matrix_mautrix_discord_container_extra_arguments: [] # List of systemd services that matrix-mautrix-discord.service depends on. matrix_mautrix_discord_systemd_required_services_list: "{{ matrix_mautrix_discord_systemd_required_services_list_default + matrix_mautrix_discord_systemd_required_services_list_auto + matrix_mautrix_discord_systemd_required_services_list_custom }}" -matrix_mautrix_discord_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_discord_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_discord_systemd_required_services_list_auto: [] matrix_mautrix_discord_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index b8130315e..dacd2e24a 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -80,7 +80,7 @@ matrix_mautrix_facebook_container_extra_arguments: [] # List of systemd services that matrix-mautrix-facebook.service depends on. matrix_mautrix_facebook_systemd_required_services_list: "{{ matrix_mautrix_facebook_systemd_required_services_list_default + matrix_mautrix_facebook_systemd_required_services_list_auto + matrix_mautrix_facebook_systemd_required_services_list_custom }}" -matrix_mautrix_facebook_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_facebook_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_facebook_systemd_required_services_list_auto: [] matrix_mautrix_facebook_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index b067222aa..8bed67c8f 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages -matrix_mautrix_gmessages_version: v0.4.1 +matrix_mautrix_gmessages_version: v0.4.2 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" @@ -67,7 +67,7 @@ matrix_mautrix_gmessages_container_extra_arguments: [] # List of systemd services that matrix-mautrix-gmessages.service depends on. matrix_mautrix_gmessages_systemd_required_services_list: "{{ matrix_mautrix_gmessages_systemd_required_services_list_default + matrix_mautrix_gmessages_systemd_required_services_list_auto + matrix_mautrix_gmessages_systemd_required_services_list_custom }}" -matrix_mautrix_gmessages_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_gmessages_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_gmessages_systemd_required_services_list_auto: [] matrix_mautrix_gmessages_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index 93f10de93..8d793405c 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -83,7 +83,7 @@ matrix_mautrix_googlechat_container_extra_arguments: [] # List of systemd services that matrix-mautrix-googlechat.service depends on. matrix_mautrix_googlechat_systemd_required_services_list: "{{ matrix_mautrix_googlechat_systemd_required_services_list_default + matrix_mautrix_googlechat_systemd_required_services_list_auto + matrix_mautrix_googlechat_systemd_required_services_list_custom }}" -matrix_mautrix_googlechat_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_googlechat_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_googlechat_systemd_required_services_list_auto: [] matrix_mautrix_googlechat_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml index 1aa5e5a71..764854017 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -89,7 +89,7 @@ matrix_mautrix_hangouts_container_extra_arguments: [] # List of systemd services that matrix-mautrix-hangouts.service depends on. matrix_mautrix_hangouts_systemd_required_services_list: "{{ matrix_mautrix_hangouts_systemd_required_services_list_default + matrix_mautrix_hangouts_systemd_required_services_list_auto + matrix_mautrix_hangouts_systemd_required_services_list_custom }}" -matrix_mautrix_hangouts_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_hangouts_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_hangouts_systemd_required_services_list_auto: [] matrix_mautrix_hangouts_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 3814220bf..566a01bb5 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -72,7 +72,7 @@ matrix_mautrix_instagram_container_extra_arguments: [] # List of systemd services that matrix-mautrix-instagram.service depends on. matrix_mautrix_instagram_systemd_required_services_list: "{{ matrix_mautrix_instagram_systemd_required_services_list_default + matrix_mautrix_instagram_systemd_required_services_list_auto + matrix_mautrix_instagram_systemd_required_services_list_custom }}" -matrix_mautrix_instagram_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_instagram_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_instagram_systemd_required_services_list_auto: [] matrix_mautrix_instagram_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 078b53062..fe2509909 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -69,7 +69,7 @@ matrix_mautrix_meta_instagram_container_extra_arguments: [] # List of systemd services that the systemd service depends on. matrix_mautrix_meta_instagram_systemd_required_services_list: "{{ matrix_mautrix_meta_instagram_systemd_required_services_list_default + matrix_mautrix_meta_instagram_systemd_required_services_list_auto + matrix_mautrix_meta_instagram_systemd_required_services_list_custom }}" -matrix_mautrix_meta_instagram_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_meta_instagram_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_meta_instagram_systemd_required_services_list_auto: [] matrix_mautrix_meta_instagram_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index 67ca3cb1c..ce31d21aa 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -69,7 +69,7 @@ matrix_mautrix_meta_messenger_container_extra_arguments: [] # List of systemd services that the systemd service depends on. matrix_mautrix_meta_messenger_systemd_required_services_list: "{{ matrix_mautrix_meta_messenger_systemd_required_services_list_default + matrix_mautrix_meta_messenger_systemd_required_services_list_auto + matrix_mautrix_meta_messenger_systemd_required_services_list_custom }}" -matrix_mautrix_meta_messenger_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_meta_messenger_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_meta_messenger_systemd_required_services_list_auto: [] matrix_mautrix_meta_messenger_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index d3bc23a78..8f944c909 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/ matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal -matrix_mautrix_signal_version: v0.6.1 +matrix_mautrix_signal_version: v0.6.2 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}" @@ -80,7 +80,7 @@ matrix_mautrix_signal_container_extra_arguments: [] # List of systemd services that matrix-mautrix-signal.service depends on. matrix_mautrix_signal_systemd_required_services_list: "{{ matrix_mautrix_signal_systemd_required_services_list_default + matrix_mautrix_signal_systemd_required_services_list_auto + matrix_mautrix_signal_systemd_required_services_list_custom }}" -matrix_mautrix_signal_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_signal_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_signal_systemd_required_services_list_auto: [] matrix_mautrix_signal_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index dfe41b9e2..de2323fb5 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -43,7 +43,7 @@ matrix_mautrix_slack_container_extra_arguments: [] # List of systemd services that matrix-mautrix-slack.service depends on. matrix_mautrix_slack_systemd_required_services_list: "{{ matrix_mautrix_slack_systemd_required_services_list_default + matrix_mautrix_slack_systemd_required_services_list_auto + matrix_mautrix_slack_systemd_required_services_list_custom }}" -matrix_mautrix_slack_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_slack_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_slack_systemd_required_services_list_auto: [] matrix_mautrix_slack_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index faa4d101f..742ccc847 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -131,7 +131,7 @@ matrix_mautrix_telegram_container_extra_arguments: [] # List of systemd services that matrix-mautrix-telegram.service depends on. matrix_mautrix_telegram_systemd_required_services_list: "{{ matrix_mautrix_telegram_systemd_required_services_list_default + matrix_mautrix_telegram_systemd_required_services_list_auto + matrix_mautrix_telegram_systemd_required_services_list_custom }}" -matrix_mautrix_telegram_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_telegram_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_telegram_systemd_required_services_list_auto: [] matrix_mautrix_telegram_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 30e8d153d..dba30e2ce 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -72,7 +72,7 @@ matrix_mautrix_twitter_container_extra_arguments: [] # List of systemd services that matrix-mautrix-twitter.service depends on. matrix_mautrix_twitter_systemd_required_services_list: "{{ matrix_mautrix_twitter_systemd_required_services_list_default + matrix_mautrix_twitter_systemd_required_services_list_auto + matrix_mautrix_twitter_systemd_required_services_list_custom }}" -matrix_mautrix_twitter_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_twitter_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_twitter_systemd_required_services_list_auto: [] matrix_mautrix_twitter_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 1be65f4a9..d3ebe5c76 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp -matrix_mautrix_whatsapp_version: v0.10.7 +matrix_mautrix_whatsapp_version: v0.10.8 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" @@ -69,7 +69,7 @@ matrix_mautrix_whatsapp_container_extra_arguments: [] # List of systemd services that matrix-mautrix-whatsapp.service depends on. matrix_mautrix_whatsapp_systemd_required_services_list: "{{ matrix_mautrix_whatsapp_systemd_required_services_list_default + matrix_mautrix_whatsapp_systemd_required_services_list_auto + matrix_mautrix_whatsapp_systemd_required_services_list_custom }}" -matrix_mautrix_whatsapp_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_whatsapp_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_whatsapp_systemd_required_services_list_auto: [] matrix_mautrix_whatsapp_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml index aab0070cf..51ad2a990 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml @@ -63,7 +63,7 @@ matrix_mautrix_wsproxy_container_extra_arguments: [] # List of systemd services that matrix-mautrix-wsproxy.service depends on. matrix_mautrix_wsproxy_systemd_required_services_list: "{{ matrix_mautrix_wsproxy_systemd_required_services_list_default + matrix_mautrix_wsproxy_systemd_required_services_list_auto + matrix_mautrix_wsproxy_systemd_required_services_list_custom }}" -matrix_mautrix_wsproxy_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_wsproxy_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mautrix_wsproxy_systemd_required_services_list_auto: [] matrix_mautrix_wsproxy_systemd_required_services_list_custom: [] @@ -141,7 +141,12 @@ matrix_mautrix_wsproxy_syncproxy_docker_image: "dock.mau.dev/mautrix/syncproxy:{ matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image.endswith(':latest') }}" matrix_mautrix_wsproxy_syncproxy_container_extra_arguments: [] -matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list: ['docker.service', 'matrix-mautrix-wsproxy.service'] +matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list: |- + {{ + ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + + + ['matrix-mautrix-wsproxy.service'] + }} matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list: [] matrix_mautrix_wsproxy_syncproxy_homeserver_url: '' diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index 27d32e8f6..8d328521d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -55,7 +55,7 @@ matrix_mx_puppet_discord_container_extra_arguments: [] # List of systemd services that matrix-puppet-discord.service depends on. matrix_mx_puppet_discord_systemd_required_services_list: "{{ matrix_mx_puppet_discord_systemd_required_services_list_default + matrix_mx_puppet_discord_systemd_required_services_list_auto + matrix_mx_puppet_discord_systemd_required_services_list_custom }}" -matrix_mx_puppet_discord_systemd_required_services_list_default: ['docker.service'] +matrix_mx_puppet_discord_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mx_puppet_discord_systemd_required_services_list_auto: [] matrix_mx_puppet_discord_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml index a9bdf3354..c8277aa6a 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -51,7 +51,7 @@ matrix_mx_puppet_groupme_container_extra_arguments: [] # List of systemd services that matrix-puppet-groupme.service depends on. matrix_mx_puppet_groupme_systemd_required_services_list: "{{ matrix_mx_puppet_groupme_systemd_required_services_list_default + matrix_mx_puppet_groupme_systemd_required_services_list_auto + matrix_mx_puppet_groupme_systemd_required_services_list_custom }}" -matrix_mx_puppet_groupme_systemd_required_services_list_default: ['docker.service'] +matrix_mx_puppet_groupme_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mx_puppet_groupme_systemd_required_services_list_auto: [] matrix_mx_puppet_groupme_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 8816b6707..9d86b5d08 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -46,7 +46,7 @@ matrix_mx_puppet_instagram_container_extra_arguments: [] # List of systemd services that matrix-puppet-instagram.service depends on. matrix_mx_puppet_instagram_systemd_required_services_list: "{{ matrix_mx_puppet_instagram_systemd_required_services_list_default + matrix_mx_puppet_instagram_systemd_required_services_list_auto + matrix_mx_puppet_instagram_systemd_required_services_list_custom }}" -matrix_mx_puppet_instagram_systemd_required_services_list_default: ['docker.service'] +matrix_mx_puppet_instagram_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mx_puppet_instagram_systemd_required_services_list_auto: [] matrix_mx_puppet_instagram_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml index e684876c4..322f16031 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -92,7 +92,7 @@ matrix_mx_puppet_slack_container_extra_arguments: [] # List of systemd services that matrix-puppet-slack.service depends on. matrix_mx_puppet_slack_systemd_required_services_list: "{{ matrix_mx_puppet_slack_systemd_required_services_list_default + matrix_mx_puppet_slack_systemd_required_services_list_auto + matrix_mx_puppet_slack_systemd_required_services_list_custom }}" -matrix_mx_puppet_slack_systemd_required_services_list_default: ['docker.service'] +matrix_mx_puppet_slack_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mx_puppet_slack_systemd_required_services_list_auto: [] matrix_mx_puppet_slack_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml index f54e484a4..73cb131f0 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -52,7 +52,7 @@ matrix_mx_puppet_steam_container_extra_arguments: [] # List of systemd services that matrix-puppet-steam.service depends on. matrix_mx_puppet_steam_systemd_required_services_list: "{{ matrix_mx_puppet_steam_systemd_required_services_list_default + matrix_mx_puppet_steam_systemd_required_services_list_auto + matrix_mx_puppet_steam_systemd_required_services_list_custom }}" -matrix_mx_puppet_steam_systemd_required_services_list_default: ['docker.service'] +matrix_mx_puppet_steam_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mx_puppet_steam_systemd_required_services_list_auto: [] matrix_mx_puppet_steam_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index dda042f33..1ba4a9920 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -92,7 +92,7 @@ matrix_mx_puppet_twitter_container_extra_arguments: [] # List of systemd services that mx-puppet-twitter.service depends on. matrix_mx_puppet_twitter_systemd_required_services_list: "{{ matrix_mx_puppet_twitter_systemd_required_services_list_default + matrix_mx_puppet_twitter_systemd_required_services_list_auto + matrix_mx_puppet_twitter_systemd_required_services_list_custom }}" -matrix_mx_puppet_twitter_systemd_required_services_list_default: ['docker.service'] +matrix_mx_puppet_twitter_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_mx_puppet_twitter_systemd_required_services_list_auto: [] matrix_mx_puppet_twitter_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml index 50337ed17..048bc85c2 100644 --- a/roles/custom/matrix-bridge-sms/defaults/main.yml +++ b/roles/custom/matrix-bridge-sms/defaults/main.yml @@ -28,7 +28,7 @@ matrix_sms_bridge_container_extra_arguments: [] # List of systemd services that service depends on. matrix_sms_bridge_systemd_required_services_list: "{{ matrix_sms_bridge_systemd_required_services_list_default + matrix_sms_bridge_systemd_required_services_list_auto + matrix_sms_bridge_systemd_required_services_list_custom }}" -matrix_sms_bridge_systemd_required_services_list_default: ['docker.service'] +matrix_sms_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_sms_bridge_systemd_required_services_list_auto: [] matrix_sms_bridge_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-bridge-wechat/defaults/main.yml b/roles/custom/matrix-bridge-wechat/defaults/main.yml new file mode 100644 index 000000000..1ca0c910f --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/defaults/main.yml @@ -0,0 +1,152 @@ +--- + +# WeChat Bridge is a Matrix <-> WeChat bridge +# Project source code URL: https://github.com/duo/matrix-wechat + +matrix_wechat_enabled: true + +# renovate: datasource=docker depName=lxduo/matrix-wechat +matrix_wechat_version: 0.2.4 +matrix_wechat_container_image: "{{ matrix_wechat_container_image_name_prefix }}lxduo/matrix-wechat:{{ matrix_wechat_version }}" +matrix_wechat_container_image_name_prefix: "{{ 'localhost/' if matrix_wechat_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_wechat_container_image_force_pull: "{{ matrix_wechat_container_image.endswith(':latest') }}" + +matrix_wechat_container_image_self_build: false +matrix_wechat_container_image_self_build_repo: "https://github.com/duo/matrix-wechat.git" +matrix_wechat_container_image_self_build_branch: "{{ 'master' if matrix_wechat_version == 'latest' else matrix_wechat_version }}" + +# renovate: datasource=docker depName=lxduo/matrix-wechat-agent +matrix_wechat_agent_version: 0.0.1 +matrix_wechat_agent_container_image: "{{ matrix_wechat_agent_container_image_name_prefix }}lxduo/matrix-wechat-agent:{{ matrix_wechat_agent_version }}" +matrix_wechat_agent_container_image_name_prefix: "{{ 'localhost/' if matrix_wechat_agent_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_wechat_agent_container_image_force_pull: "{{ matrix_wechat_agent_container_image.endswith(':latest') }}" + +# The agent needs to write to /home/user/.vnc. +# `/home/user` is owned by `user:group` (`1000:1000`), so it needs to run with that user/group. +matrix_wechat_agent_container_user_uid: 1000 +matrix_wechat_agent_container_user_gid: 1000 + +matrix_wechat_agent_container_image_self_build: false +matrix_wechat_agent_container_image_self_build_repo: "https://github.com/duo/matrix-wechat-agent.git" +matrix_wechat_agent_container_image_self_build_branch: "{{ 'master' if matrix_wechat_agent_version == 'latest' else matrix_wechat_agent_version }}" + +matrix_wechat_base_path: "{{ matrix_base_data_path }}/wechat" +matrix_wechat_config_path: "{{ matrix_wechat_base_path }}/config" +matrix_wechat_data_path: "{{ matrix_wechat_base_path }}/data" +matrix_wechat_container_src_files_path: "{{ matrix_wechat_base_path }}/container-src" +matrix_wechat_agent_container_src_files_path: "{{ matrix_wechat_base_path }}/agent-container-src" + +matrix_wechat_homeserver_address: "" +matrix_wechat_homeserver_domain: "{{ matrix_domain }}" +matrix_wechat_appservice_address: 'http://matrix-wechat:8080' + +matrix_wechat_container_network: "" + +matrix_wechat_container_additional_networks: "{{ matrix_wechat_container_additional_networks_auto + matrix_wechat_container_additional_networks_custom }}" +matrix_wechat_container_additional_networks_auto: [] +matrix_wechat_container_additional_networks_custom: [] + +# A list of extra arguments to pass to the container +matrix_wechat_container_extra_arguments: [] + +# List of systemd services that matrix-wechat.service depends on. +matrix_wechat_systemd_required_services_list: "{{ matrix_wechat_systemd_required_services_list_default + matrix_wechat_systemd_required_services_list_auto + matrix_wechat_systemd_required_services_list_custom }}" +matrix_wechat_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" +matrix_wechat_systemd_required_services_list_auto: [] +matrix_wechat_systemd_required_services_list_custom: [] + +# List of systemd services that matrix-wechat.service wants +matrix_wechat_systemd_wanted_services_list: [] + +matrix_wechat_appservice_token: '' +matrix_wechat_homeserver_token: '' + +matrix_wechat_appservice_bot_username: wechatbot + +matrix_wechat_command_prefix: "!wechat" + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_wechat_federate_rooms: true + +# Database-related configuration fields. +matrix_wechat_database_engine: 'postgres' +matrix_wechat_database_username: 'matrix_wechat' +matrix_wechat_database_password: 'some-password' +matrix_wechat_database_hostname: '' +matrix_wechat_database_port: 5432 +matrix_wechat_database_name: 'matrix_wechat' +matrix_wechat_database_sslmode: disable +matrix_wechat_database_connection_string: 'postgresql://{{ matrix_wechat_database_username }}:{{ matrix_wechat_database_password }}@{{ matrix_wechat_database_hostname }}:{{ matrix_wechat_database_port }}/{{ matrix_wechat_database_name }}?sslmode={{ matrix_wechat_database_sslmode }}' + +matrix_wechat_bridge_listen_secret: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_wechat_login_shared_secret: '' +matrix_wechat_login_shared_secret_map: + "{{ {matrix_wechat_homeserver_domain: matrix_wechat_login_shared_secret} if matrix_wechat_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_wechat_double_puppet_server_map: + "{{ matrix_wechat_homeserver_domain: matrix_wechat_homeserver_address }}" + +# Enable End-to-bridge encryption +matrix_wechat_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" +matrix_wechat_encryption_default: "{{ matrix_wechat_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_wechat_log_level: 'warn' + +matrix_wechat_permissions: | + {{ + {matrix_wechat_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +# Default Wechat configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_wechat_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_wechat_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_wechat_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_wechat_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_wechat_configuration_yaml`. + +matrix_wechat_configuration_extension: "{{ matrix_wechat_configuration_extension_yaml | from_yaml if matrix_wechat_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_wechat_configuration_yaml`. +matrix_wechat_configuration: "{{ matrix_wechat_configuration_yaml | from_yaml | combine(matrix_wechat_configuration_extension, recursive=True) }}" + +matrix_wechat_registration_yaml: | + id: wechat + url: {{ matrix_wechat_appservice_address }} + as_token: "{{ matrix_wechat_appservice_token }}" + hs_token: "{{ matrix_wechat_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_wechat_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@_wechat_(.*):{{ matrix_wechat_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_wechat_appservice_bot_username | regex_escape }}:{{ matrix_wechat_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_wechat_registration: "{{ matrix_wechat_registration_yaml | from_yaml }}" + + +matrix_wechat_agent_service_secret: "{{ matrix_wechat_bridge_listen_secret }}" + +matrix_wechat_agent_configuration_yaml: "{{ lookup('template', 'templates/agent-config.yaml.j2') }}" + +matrix_wechat_agent_configuration: "{{ matrix_wechat_agent_configuration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-wechat/tasks/install.yml b/roles/custom/matrix-bridge-wechat/tasks/install.yml new file mode 100644 index 000000000..8a2d0694b --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/tasks/install.yml @@ -0,0 +1,129 @@ +--- + +- name: Ensure WeChat Bridge paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_wechat_base_path }}", when: true} + - {path: "{{ matrix_wechat_config_path }}", when: true} + - {path: "{{ matrix_wechat_data_path }}", when: true} + - {path: "{{ matrix_wechat_container_src_files_path }}", when: "{{ matrix_wechat_container_image_self_build }}"} + - {path: "{{ matrix_wechat_agent_container_src_files_path }}", when: "{{ matrix_wechat_agent_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure WeChat Bridge image is pulled + community.docker.docker_image: + name: "{{ matrix_wechat_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_wechat_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_wechat_container_image_force_pull }}" + when: not matrix_wechat_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- when: matrix_wechat_container_image_self_build | bool + block: + - name: Ensure WeChat Bridge repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_wechat_container_image_self_build_repo }}" + dest: "{{ matrix_wechat_container_src_files_path }}" + version: "{{ matrix_wechat_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_wechat_git_pull_results + + - name: Ensure WeChat Bridge container image is built + community.docker.docker_image: + name: "{{ matrix_wechat_container_image }}" + source: build + force_source: "{{ matrix_wechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_wechat_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_wechat_container_src_files_path }}" + pull: true + +- name: Ensure WeChat Agent image is pulled + community.docker.docker_image: + name: "{{ matrix_wechat_agent_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_wechat_agent_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_wechat_agent_container_image_force_pull }}" + when: not matrix_wechat_agent_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- when: matrix_wechat_agent_container_image_self_build | bool + block: + - name: Ensure WeChat Agent repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_wechat_agent_container_image_self_build_repo }}" + dest: "{{ matrix_wechat_agent_container_src_files_path }}" + version: "{{ matrix_wechat_agent_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_wechat_agent_git_pull_results + + - name: Ensure WeChat Agent container image is built + community.docker.docker_image: + name: "{{ matrix_wechat_agent_container_image }}" + source: build + force_source: "{{ matrix_wechat_agent_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_wechat_agent_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_wechat_agent_container_src_files_path }}" + pull: true + +- name: Ensure WeChat configuration installed + ansible.builtin.copy: + content: "{{ matrix_wechat_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_wechat_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure WeChat registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_wechat_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_wechat_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure Wechat Agent configuration installed + ansible.builtin.copy: + content: "{{ matrix_wechat_agent_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_wechat_config_path }}/agent-config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-wechat container network is created + community.general.docker_network: + name: "{{ matrix_wechat_container_network }}" + driver: bridge + +- name: Ensure matrix-wechat.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-wechat.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-wechat.service" + mode: 0644 + register: matrix_wechat_systemd_service_result + +- name: Ensure matrix-wechat-agent.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-wechat-agent.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-wechat-agent.service" + mode: 0644 + register: matrix_wechat_agent_systemd_service_result diff --git a/roles/custom/matrix-bridge-wechat/tasks/main.yml b/roles/custom/matrix-bridge-wechat/tasks/main.yml new file mode 100644 index 000000000..effcd7d5e --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- tags: + - setup-all + - setup-wechat + - install-all + - install-wechat + block: + - when: matrix_wechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_wechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-wechat + block: + - when: not matrix_wechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-bridge-wechat/tasks/uninstall.yml b/roles/custom/matrix-bridge-wechat/tasks/uninstall.yml new file mode 100644 index 000000000..cf19203fa --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/tasks/uninstall.yml @@ -0,0 +1,39 @@ +--- + +- name: Check existence of matrix-wechat service + ansible.builtin.stat: + path: "/etc/systemd/system/matrix-wechat.service" + register: matrix_wechat_service_stat + +- when: matrix_wechat_service_stat.stat.exists | bool + block: + - name: Ensure matrix-wechat is stopped + ansible.builtin.service: + name: matrix-wechat + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-wechat.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-wechat.service" + state: absent + +- name: Check existence of matrix-wechat-agent service + ansible.builtin.stat: + path: "/etc/systemd/system/matrix-wechat-agent.service" + register: matrix_wechat_agent_service_stat + +- when: matrix_wechat_agent_service_stat.stat.exists | bool + block: + - name: Ensure matrix-wechat-agent is stopped + ansible.builtin.service: + name: matrix-wechat-agent + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-wechat-agent.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-wechat-agent.service" + state: absent diff --git a/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml new file mode 100644 index 000000000..49159be21 --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml @@ -0,0 +1,19 @@ +--- + +- name: Fail if required WeChat settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_wechat_appservice_token', when: true} + - {'name': 'matrix_wechat_homeserver_address', when: true} + - {'name': 'matrix_wechat_homeserver_token', when: true} + - {'name': 'matrix_wechat_database_hostname', when: "{{ matrix_wechat_database_engine == 'postgres' }}"} + - {'name': 'matrix_wechat_container_network', when: true} + - {'name': 'matrix_wechat_bridge_listen_secret', when: true} + +- name: Fail if WeChat enabled on ARM64 (not supported by the wechat agent, even with self-building) + when: matrix_architecture not in ['amd64'] + ansible.builtin.fail: + msg: "The WeChat Agent does not support the '{{ matrix_architecture }}' architecture yet. Its Dockerfile downloads amd64 binaries and does not work on arm64." diff --git a/roles/custom/matrix-bridge-wechat/templates/agent-config.yaml.j2 b/roles/custom/matrix-bridge-wechat/templates/agent-config.yaml.j2 new file mode 100644 index 000000000..19c1d1ad9 --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/templates/agent-config.yaml.j2 @@ -0,0 +1,13 @@ +wechat: + version: 3.8.1.26 + listen_port: 22222 + init_timeout: 10s + request_timeout: 30s + +service: + addr: ws://matrix-wechat:20002 + secret: {{ matrix_wechat_bridge_listen_secret | to_json }} + ping_interval: 30s + +log: + level: info diff --git a/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 b/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 new file mode 100644 index 000000000..e81583a11 --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 @@ -0,0 +1,265 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_wechat_homeserver_address | to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_wechat_homeserver_domain | to_json }} + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_wechat_appservice_address | to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_wechat_database_connection_string | to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: wechat + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_wechat_appservice_bot_username | to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: WeChat bridge bot + avatar: mxc://matrix.org/rddVQBTjOOmNkNLXWfYJNfPW + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_wechat_appservice_token | to_json }} + hs_token: {{ matrix_wechat_homeserver_token | to_json }} + +# Bridge config +bridge: + # Localpart template of MXIDs for WeChat users. + # {% raw %}{{.}}{% endraw %} is replaced with the uin of the WeChat user. + username_template: {% raw %}_wechat_{{.}}{% endraw %} + # Displayname template for WeChat users. + displayname_template: "{% raw %}{{if .Name}}{{.Name}}{{else}}{{.Uin}}{{end}} (WeChat){% endraw %}" + # WeChat listen address (for agent connection) + listen_address: "0.0.0.0:20002" + listen_secret: {{ matrix_wechat_bridge_listen_secret | to_json }} + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. + personal_filtering_spaces: true + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + portal_message_buffer: 128 + # Enable redaction + allow_redaction: false + # Should puppet avatars be fetched from the server even if an avatar is already set? + user_avatar_sync: true + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # When double puppeting is enabled, users can use `!wa toggle` to change whether + # presence is bridged. These settings set the default values. + # Existing users won't be affected when these are changed. + default_bridge_presence: false + # Send the presence as "available" to WeChat when users start typing on a portal. + # This works as a workaround for homeservers that do not support presence, and allows + # users to see when the WeChat user on the other side is typing during a conversation. + send_presence_on_typing: false + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_wechat_homeserver_domain }}": {{ matrix_wechat_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_wechat_login_shared_secret_map | to_json }} + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # Should group members be synced in parallel? This makes member sync faster + parallel_member_sync: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # Allow invite permission for user. User can invite any bots to room with WeChat + # users (private chat and groups) + allow_user_invite: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # Should the bridge never send alerts to the bridge management room? + # These are mostly things like the user being logged out. + disable_bridge_alerts: false + # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration + # Null means there's no enforced timeout. + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: null + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 120s + + # The prefix for commands. Only required in non-management rooms. + command_prefix: {{ matrix_wechat_command_prefix | to_json }} + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a WeChat bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_wechat_encryption_allow | to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_wechat_encryption_default | to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: false + # Should users mentions be in the event wire content to enable the server to send push notifications? + plaintext_mentions: false + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WeChat to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to chat with a WeChat account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_wechat_permissions | to_json }} + +# Logging config. See https://github.com/tulir/zeroconfig for details. +logging: + min_level: {{ matrix_wechat_log_level }} + writers: + - type: stdout + format: pretty-colored diff --git a/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 new file mode 100644 index 000000000..8e5ea5239 --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 @@ -0,0 +1,49 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix WeChat Agent +{% for service in matrix_wechat_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_wechat_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-wechat-agent 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-wechat-agent 2>/dev/null || true' + +{# + The agent needs to write to /home/user/.vnc. + `/home/user` is owned by `user:group` (`1000:1000`), so it needs to run with that user/group. +#} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-wechat-agent \ + --log-driver=none \ + --user={{ matrix_wechat_agent_container_user_uid }}:{{ matrix_wechat_agent_container_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_wechat_container_network }} \ + --mount type=bind,src={{ matrix_wechat_config_path }}/agent-config.yaml,dst=/home/user/matrix-wechat-agent/configure.yaml,ro \ + {% for arg in matrix_wechat_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_wechat_agent_container_image }} + +{% for network in matrix_wechat_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-wechat-agent +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-wechat-agent + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-wechat-agent 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-wechat-agent 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-wechat-agent + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 new file mode 100644 index 000000000..96f87e9bb --- /dev/null +++ b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 @@ -0,0 +1,47 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix WeChat Bridge +{% for service in matrix_wechat_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_wechat_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-wechat 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-wechat 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-wechat \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_wechat_container_network }} \ + --mount type=bind,src={{ matrix_wechat_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_wechat_data_path }},dst=/data \ + --workdir=/data \ + {% for arg in matrix_wechat_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_wechat_container_image }} \ + /usr/bin/matrix-wechat -c /config/config.yaml -r /config/registration.yaml --no-update +{% for network in matrix_wechat_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-wechat +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-wechat + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-wechat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-wechat 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-wechat + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml index 8c49abaa2..b366f4386 100644 --- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml @@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas matrix_cactus_comments_client_public_path_file_permissions: "0644" # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_cactus_comments_client_version: 2.31.1 +matrix_cactus_comments_client_version: 2.32.0 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}" @@ -94,7 +94,7 @@ matrix_cactus_comments_client_webclient_css_url: "https://gateway.pinata.cloud/i matrix_cactus_comments_client_local_dir: '' # List of systemd services that matrix-cactus-comments-client.service depends on -matrix_cactus_comments_client_systemd_required_services_list: ['docker.service'] +matrix_cactus_comments_client_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-cactus-comments-client.service wants matrix_cactus_comments_client_systemd_wanted_services_list: "{{ matrix_cactus_comments_client_systemd_wanted_services_list_auto + matrix_cactus_comments_client_systemd_wanted_services_list_custom }}" diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml index 5f6a0a478..a31ae1a1d 100644 --- a/roles/custom/matrix-cactus-comments/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -40,7 +40,7 @@ matrix_cactus_comments_container_additional_networks_custom: [] matrix_cactus_comments_container_extra_arguments: [] # List of systemd services that matrix-cactus-comments.service depends on -matrix_cactus_comments_systemd_required_services_list: ['docker.service'] +matrix_cactus_comments_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-cactus-comments.service wants matrix_cactus_comments_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 735e663a4..bd3da6166 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -72,7 +72,7 @@ matrix_client_cinny_container_labels_additional_labels: '' matrix_client_cinny_container_extra_arguments: [] # List of systemd services that matrix-client-cinny.service depends on -matrix_client_cinny_systemd_required_services_list: ['docker.service'] +matrix_client_cinny_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Specifies the value of the `X-XSS-Protection` header # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 46f20f85c..1444dd114 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.67 +matrix_client_element_version: v1.11.69 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -76,7 +76,7 @@ matrix_client_element_container_labels_additional_labels: '' matrix_client_element_container_extra_arguments: [] # List of systemd services that matrix-client-element.service depends on -matrix_client_element_systemd_required_services_list: ['docker.service'] +matrix_client_element_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Specifies the value of the `X-XSS-Protection` header # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index c3a1050b6..a70adc5ac 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -71,7 +71,7 @@ matrix_client_hydrogen_container_labels_additional_labels: '' matrix_client_hydrogen_container_extra_arguments: [] # List of systemd services that matrix-client-hydrogen.service depends on -matrix_client_hydrogen_systemd_required_services_list: ['docker.service'] +matrix_client_hydrogen_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Specifies the value of the `X-XSS-Protection` header # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index 2e253df7d..65cfffbf6 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -70,7 +70,7 @@ matrix_client_schildichat_container_labels_additional_labels: '' matrix_client_schildichat_container_extra_arguments: [] # List of systemd services that matrix-client-schildichat.service depends on -matrix_client_schildichat_systemd_required_services_list: ['docker.service'] +matrix_client_schildichat_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Specifies the value of the `X-XSS-Protection` header # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 215ee4a2a..9e75820d8 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -10,7 +10,7 @@ matrix_conduit_hostname: '' matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" matrix_conduit_docker_image_name_prefix: "docker.io/" # renovate: datasource=docker depName=matrixconduit/matrix-conduit -matrix_conduit_docker_image_tag: "v0.7.0" +matrix_conduit_docker_image_tag: "v0.8.0" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" @@ -23,7 +23,7 @@ matrix_conduit_tmp_directory_size_mb: 500 # List of systemd services that matrix-conduit.service depends on matrix_conduit_systemd_required_services_list: "{{ matrix_conduit_systemd_required_services_list_default + matrix_conduit_systemd_required_services_list_auto + matrix_conduit_systemd_required_services_list_custom }}" -matrix_conduit_systemd_required_services_list_default: ["docker.service"] +matrix_conduit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_conduit_systemd_required_services_list_auto: [] matrix_conduit_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml index e3f0189e0..93120843b 100644 --- a/roles/custom/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -77,7 +77,7 @@ matrix_corporal_container_labels_additional_labels: '' # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: "{{ matrix_corporal_systemd_required_services_list_default + matrix_corporal_systemd_required_services_list_auto + matrix_corporal_systemd_required_services_list_custom }}" -matrix_corporal_systemd_required_services_list_default: ['docker.service'] +matrix_corporal_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_corporal_systemd_required_services_list_auto: [] matrix_corporal_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index d99849080..1a702791d 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -9,7 +9,7 @@ matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_ matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" # renovate: datasource=docker depName=coturn/coturn -matrix_coturn_version: 4.6.2-r9 +matrix_coturn_version: 4.6.2-r10 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" @@ -39,7 +39,7 @@ matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src" matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf" # List of systemd services that matrix-coturn.service depends on -matrix_coturn_systemd_required_services_list: ['docker.service'] +matrix_coturn_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # A list of additional "volumes" to mount in the container. # This list gets populated dynamically at runtime. You can provide a different default value, diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 356860a04..0d78ebbea 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -178,13 +178,13 @@ matrix_dendrite_process_extra_arguments: [] # List of systemd services that matrix-dendrite.service depends on matrix_dendrite_systemd_required_services_list: "{{ matrix_dendrite_systemd_required_services_list_default + matrix_dendrite_systemd_required_services_list_auto + matrix_dendrite_systemd_required_services_list_custom }}" -matrix_dendrite_systemd_required_services_list_default: ["docker.service"] +matrix_dendrite_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_dendrite_systemd_required_services_list_auto: [] matrix_dendrite_systemd_required_services_list_custom: [] # List of systemd services that matrix-dendrite.service wants matrix_dendrite_systemd_wanted_services_list: "{{ matrix_dendrite_systemd_wanted_services_list_default + matrix_dendrite_systemd_wanted_services_list_auto + matrix_dendrite_systemd_wanted_services_list_custom }}" -matrix_dendrite_systemd_wanted_services_list_default: ["docker.service"] +matrix_dendrite_systemd_wanted_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_dendrite_systemd_wanted_services_list_auto: [] matrix_dendrite_systemd_wanted_services_list_custom: [] diff --git a/roles/custom/matrix-dimension/defaults/main.yml b/roles/custom/matrix-dimension/defaults/main.yml index 7acdacf03..7629115c5 100644 --- a/roles/custom/matrix-dimension/defaults/main.yml +++ b/roles/custom/matrix-dimension/defaults/main.yml @@ -37,7 +37,7 @@ matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.ends # List of systemd services that matrix-dimension.service depends on. matrix_dimension_systemd_required_services_list: "{{ matrix_dimension_systemd_required_services_list_default + matrix_dimension_systemd_required_services_list_auto + matrix_dimension_systemd_required_services_list_custom }}" -matrix_dimension_systemd_required_services_list_default: ['docker.service'] +matrix_dimension_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_dimension_systemd_required_services_list_auto: [] matrix_dimension_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 72b0cfa29..c2810e3d9 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -31,7 +31,7 @@ matrix_dynamic_dns_container_extra_arguments: [] matrix_dynamic_dns_systemd_wanted_services_list: [] # List of required services when running in mode -matrix_dynamic_dns_systemd_required_services_list: ['docker.service'] +matrix_dynamic_dns_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # Build the container from source when running in mode matrix_dynamic_dns_container_image_self_build: false diff --git a/roles/custom/matrix-email2matrix/defaults/main.yml b/roles/custom/matrix-email2matrix/defaults/main.yml index 8ea7637c7..d05eb6d43 100644 --- a/roles/custom/matrix-email2matrix/defaults/main.yml +++ b/roles/custom/matrix-email2matrix/defaults/main.yml @@ -28,7 +28,7 @@ matrix_email2matrix_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_email2matrix_systemd_required_services_list: "{{ matrix_email2matrix_systemd_required_services_list_default + matrix_email2matrix_systemd_required_services_list_auto + matrix_email2matrix_systemd_required_services_list_custom }}" -matrix_email2matrix_systemd_required_services_list_default: ['docker.service'] +matrix_email2matrix_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_email2matrix_systemd_required_services_list_auto: [] matrix_email2matrix_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml b/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml index 89b121836..ce9ba1259 100644 --- a/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml +++ b/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml @@ -73,13 +73,13 @@ matrix_ldap_registration_proxy_container_extra_arguments: [] # List of systemd services that matrix-ldap-registration-proxy.service depends on. matrix_ldap_registration_proxy_systemd_required_services_list: "{{ matrix_ldap_registration_proxy_systemd_required_services_list_default + matrix_ldap_registration_proxy_systemd_required_services_list_auto + matrix_ldap_registration_proxy_systemd_required_services_list_custom }}" -matrix_ldap_registration_proxy_systemd_required_services_list_default: ['docker.service'] +matrix_ldap_registration_proxy_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_ldap_registration_proxy_systemd_required_services_list_auto: [] matrix_ldap_registration_proxy_systemd_required_services_list_custom: [] # List of systemd services that matrix-ldap-registration-proxy.service wants matrix_ldap_registration_proxy_systemd_wanted_services_list: "{{ matrix_ldap_registration_proxy_systemd_wanted_services_list_default + matrix_ldap_registration_proxy_systemd_wanted_services_list_auto + matrix_ldap_registration_proxy_systemd_wanted_services_list_custom }}" -matrix_ldap_registration_proxy_systemd_wanted_services_list_default: ['docker.service'] +matrix_ldap_registration_proxy_systemd_wanted_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_ldap_registration_proxy_systemd_wanted_services_list_auto: [] matrix_ldap_registration_proxy_systemd_wanted_services_list_custom: [] diff --git a/roles/custom/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml index cbe68c625..6b593b67a 100644 --- a/roles/custom/matrix-ma1sd/defaults/main.yml +++ b/roles/custom/matrix-ma1sd/defaults/main.yml @@ -35,7 +35,7 @@ matrix_ma1sd_container_extra_arguments: [] # List of systemd services that matrix-ma1sd.service depends on matrix_ma1sd_systemd_required_services_list: "{{ matrix_ma1sd_systemd_required_services_list_default + matrix_ma1sd_systemd_required_services_list_auto + matrix_ma1sd_systemd_required_services_list_custom }}" -matrix_ma1sd_systemd_required_services_list_default: ['docker.service'] +matrix_ma1sd_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_ma1sd_systemd_required_services_list_auto: [] matrix_ma1sd_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 63a225674..a09744401 100755 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -15,10 +15,10 @@ matrix_media_repo_identifier: matrix-media-repo matrix_media_repo_container_image_self_build: false matrix_media_repo_container_image_self_build_repo: "https://github.com/turt2live/matrix-media-repo.git" -matrix_media_repo_docker_image_path: "turt2live/matrix-media-repo" +matrix_media_repo_docker_image_path: "t2bot/matrix-media-repo" matrix_media_repo_docker_image: "{{ matrix_media_repo_docker_image_name_prefix }}{{ matrix_media_repo_docker_image_path }}:{{ matrix_media_repo_docker_image_tag }}" -matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_repo_container_image_self_build else matrix_container_global_registry_prefix }}" -# renovate: datasource=docker depName=turt2live/matrix-media-repo +matrix_media_repo_docker_image_name_prefix: "{{ 'localhost/' if matrix_media_repo_container_image_self_build else 'ghcr.io/' }}" +# renovate: datasource=docker depName=ghcr.io/t2bot/matrix-media-repo matrix_media_repo_docker_image_tag: "v1.3.4" matrix_media_repo_docker_image_force_pull: "{{ matrix_media_repo_docker_image.endswith(':latest') }}" @@ -29,7 +29,7 @@ matrix_media_repo_docker_src_files_path: "{{ matrix_media_repo_base_path }}/dock # List of systemd services that matrix-media-repo.service depends on matrix_media_repo_systemd_required_services_list: "{{ matrix_media_repo_systemd_required_services_list_default + matrix_media_repo_systemd_required_services_list_auto + matrix_media_repo_systemd_required_services_list_custom }}" -matrix_media_repo_systemd_required_services_list_default: ["docker.service"] +matrix_media_repo_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_media_repo_systemd_required_services_list_auto: [] matrix_media_repo_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-pantalaimon/defaults/main.yml b/roles/custom/matrix-pantalaimon/defaults/main.yml index b8f5c0d4c..22d9a6a32 100644 --- a/roles/custom/matrix-pantalaimon/defaults/main.yml +++ b/roles/custom/matrix-pantalaimon/defaults/main.yml @@ -32,7 +32,7 @@ matrix_pantalaimon_container_extra_arguments: [] # List of systemd services that matrix-pantalaimon.service depends on matrix_pantalaimon_systemd_required_services_list: "{{ matrix_pantalaimon_systemd_required_services_list_default + matrix_pantalaimon_systemd_required_services_list_auto + matrix_pantalaimon_systemd_required_services_list_custom }}" -matrix_pantalaimon_systemd_required_services_list_default: ['docker.service'] +matrix_pantalaimon_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_pantalaimon_systemd_required_services_list_auto: [] matrix_pantalaimon_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml index 409f70b80..a22787961 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml @@ -72,7 +72,7 @@ matrix_prometheus_nginxlog_exporter_container_extra_arguments: [] # List of systemd services that matrix-prometheus_nginxlog_exporter.service depends on matrix_prometheus_nginxlog_exporter_systemd_required_services_list: "{{ matrix_prometheus_nginxlog_exporter_systemd_required_services_list_default + matrix_prometheus_nginxlog_exporter_systemd_required_services_list_auto + matrix_prometheus_nginxlog_exporter_systemd_required_services_list_custom }}" -matrix_prometheus_nginxlog_exporter_systemd_required_services_list_default: ['docker.service'] +matrix_prometheus_nginxlog_exporter_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_prometheus_nginxlog_exporter_systemd_required_services_list_auto: [] matrix_prometheus_nginxlog_exporter_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml index 9289f0dd9..bbd271ec0 100644 --- a/roles/custom/matrix-rageshake/defaults/main.yml +++ b/roles/custom/matrix-rageshake/defaults/main.yml @@ -81,7 +81,7 @@ matrix_rageshake_container_labels_additional_labels: '' matrix_rageshake_container_extra_arguments: [] # List of systemd services that matrix-rageshake.service depends on -matrix_rageshake_systemd_required_services_list: ["docker.service"] +matrix_rageshake_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-rageshake.service wants matrix_rageshake_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-registration/defaults/main.yml b/roles/custom/matrix-registration/defaults/main.yml index 6446b5aac..f2b87d942 100644 --- a/roles/custom/matrix-registration/defaults/main.yml +++ b/roles/custom/matrix-registration/defaults/main.yml @@ -66,7 +66,7 @@ matrix_registration_container_extra_arguments: [] # List of systemd services that matrix-registration.service depends on matrix_registration_systemd_required_services_list: "{{ matrix_registration_systemd_required_services_list_default + matrix_registration_systemd_required_services_list_auto + matrix_registration_systemd_required_services_list_custom }}" -matrix_registration_systemd_required_services_list_default: ['docker.service'] +matrix_registration_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_registration_systemd_required_services_list_auto: [] matrix_registration_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 2311c1835..3594e90ff 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -38,6 +38,16 @@ matrix_sliding_sync_container_network: '' # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_sliding_sync_container_additional_networks: [] +# Enable the exposure of metrics to Prometheus +# See https://github.com/matrix-org/sliding-sync/tree/main/grafana +matrix_sliding_sync_metrics_enabled: false +matrix_sliding_sync_metrics_port: 2112 + +# Controls whether Sliding Sync metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/sliding-sync` +matrix_sliding_sync_metrics_proxying_enabled: false +matrix_sliding_sync_metrics_proxying_hostname: '' +matrix_sliding_sync_metrics_proxying_path: /metrics/sliding-sync + # matrix_sliding_sync_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. # @@ -53,6 +63,18 @@ matrix_sliding_sync_container_labels_traefik_entrypoints: web-secure matrix_sliding_sync_container_labels_traefik_tls: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints != 'web' }}" matrix_sliding_sync_container_labels_traefik_tls_certResolver: default # noqa var-naming +# Controls whether labels will be added that expose metrics (see `matrix_sliding_sync_metrics_proxying_enabled`) for Sliding Sync +matrix_sliding_sync_container_labels_public_metrics_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_sliding_sync_metrics_proxying_enabled }}" +matrix_sliding_sync_container_labels_public_metrics_traefik_path: "{{ matrix_sliding_sync_metrics_proxying_path }}" +matrix_sliding_sync_container_labels_public_metrics_traefik_rule: "Host(`{{ matrix_sliding_sync_metrics_proxying_hostname }}`) && Path(`{{ matrix_sliding_sync_container_labels_public_metrics_traefik_path }}`)" +matrix_sliding_sync_container_labels_public_metrics_traefik_priority: 0 +matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints }}" +matrix_sliding_sync_container_labels_public_metrics_traefik_tls: "{{ matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints != 'web' }}" +matrix_sliding_sync_container_labels_public_metrics_traefik_tls_certResolver: "{{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }}" # noqa var-naming +matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: false +# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users +matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: '' + # Controls which additional headers to attach to all HTTP responses. # To add your own headers, use `matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom` matrix_sliding_sync_container_labels_traefik_additional_response_headers: "{{ matrix_sliding_sync_container_labels_traefik_additional_response_headers_auto | combine(matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom) }}" @@ -73,7 +95,7 @@ matrix_sliding_sync_container_extra_arguments: [] # List of systemd services that matrix-sliding-sync-proxy.service depends on matrix_sliding_sync_systemd_required_services_list: "{{ matrix_sliding_sync_systemd_required_services_list_default + matrix_sliding_sync_systemd_required_services_list_auto + matrix_sliding_sync_systemd_required_services_list_custom }}" -matrix_sliding_sync_systemd_required_services_list_default: ["docker.service"] +matrix_sliding_sync_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_sliding_sync_systemd_required_services_list_auto: [] matrix_sliding_sync_systemd_required_services_list_custom: [] @@ -89,6 +111,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: '' # Controls the SYNCV3_DB environment variable matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}' +# Controls the SYNCV3_PROM environment variable +matrix_sliding_sync_environment_variable_syncv3_prom: ':{{ matrix_sliding_sync_metrics_port }}' + # Additional environment variables. matrix_sliding_sync_environment_variables_additional_variables: '' diff --git a/roles/custom/matrix-sliding-sync/tasks/validate_config.yml b/roles/custom/matrix-sliding-sync/tasks/validate_config.yml index 08a6e409a..8b1fee201 100644 --- a/roles/custom/matrix-sliding-sync/tasks/validate_config.yml +++ b/roles/custom/matrix-sliding-sync/tasks/validate_config.yml @@ -3,11 +3,13 @@ ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item.name }}`). - when: "vars[item] == ''" + when: "item.when | bool and vars[item.name] == ''" with_items: - - matrix_sliding_sync_hostname - - matrix_sliding_sync_path_prefix - - matrix_sliding_sync_database_hostname - - matrix_sliding_sync_environment_variable_syncv3_server - - matrix_sliding_sync_environment_variable_syncv3_secret - - matrix_sliding_sync_container_network + - {'name': 'matrix_sliding_sync_hostname', when: true} + - {'name': 'matrix_sliding_sync_path_prefix', when: true} + - {'name': 'matrix_sliding_sync_database_hostname', when: true} + - {'name': 'matrix_sliding_sync_environment_variable_syncv3_server', when: true} + - {'name': 'matrix_sliding_sync_environment_variable_syncv3_secret', when: true} + - {'name': 'matrix_sliding_sync_container_network', when: true} + - {'name': 'matrix_sliding_sync_metrics_proxying_hostname', when: "{{ matrix_sliding_sync_metrics_proxying_enabled }}"} + - {'name': 'matrix_sliding_sync_metrics_proxying_path_prefix', when: "{{ matrix_sliding_sync_metrics_proxying_enabled }}"} diff --git a/roles/custom/matrix-sliding-sync/templates/env.j2 b/roles/custom/matrix-sliding-sync/templates/env.j2 index 5d800a1b3..352e7d958 100644 --- a/roles/custom/matrix-sliding-sync/templates/env.j2 +++ b/roles/custom/matrix-sliding-sync/templates/env.j2 @@ -3,4 +3,8 @@ SYNCV3_SECRET={{ matrix_sliding_sync_environment_variable_syncv3_secret }} SYNCV3_BINDADDR=:8008 SYNCV3_DB={{ matrix_sliding_sync_environment_variable_syncv3_db }} +{% if matrix_sliding_sync_metrics_enabled %} +SYNCV3_PROM={{ matrix_sliding_sync_environment_variable_syncv3_prom }} +{% endif %} + {{ matrix_sliding_sync_environment_variables_additional_variables }} diff --git a/roles/custom/matrix-sliding-sync/templates/labels.j2 b/roles/custom/matrix-sliding-sync/templates/labels.j2 index aecc5a8a9..736a94354 100644 --- a/roles/custom/matrix-sliding-sync/templates/labels.j2 +++ b/roles/custom/matrix-sliding-sync/templates/labels.j2 @@ -6,6 +6,7 @@ traefik.docker.network={{ matrix_sliding_sync_container_labels_traefik_docker_ne {% endif %} traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008 +traefik.http.services.matrix-sliding-sync-metrics.loadbalancer.server.port={{ matrix_sliding_sync_metrics_port }} {% set middlewares = [] %} @@ -41,6 +42,36 @@ traefik.http.routers.matrix-sliding-sync.tls={{ matrix_sliding_sync_container_la traefik.http.routers.matrix-sliding-sync.tls.certResolver={{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }} {% endif %} +{% if matrix_sliding_sync_container_labels_public_metrics_enabled %} +{% set metrics_middlewares = [] %} + +{% if matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled %} +{% set metrics_middlewares = metrics_middlewares + ['matrix-sliding-sync-metrics-basic-auth'] %} +traefik.http.middlewares.matrix-sliding-sync-metrics-basic-auth.basicauth.users={{ matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users }} +{% endif %} + +{% set metrics_middlewares = metrics_middlewares + ['matrix-sliding-sync-metrics-replacepath'] %} +traefik.http.middlewares.matrix-sliding-sync-metrics-replacepath.replacepath.path=/metrics + +traefik.http.routers.matrix-sliding-sync-metrics.rule={{ matrix_sliding_sync_container_labels_public_metrics_traefik_rule }} + +{% if metrics_middlewares | length > 0 %} +traefik.http.routers.matrix-sliding-sync-metrics.middlewares={{ metrics_middlewares | join(',') }} +{% endif %} + +{% if matrix_sliding_sync_container_labels_public_metrics_traefik_priority | int > 0 %} +traefik.http.routers.matrix-sliding-sync-metrics.priority={{ matrix_sliding_sync_container_labels_public_metrics_traefik_priority }} +{% endif %} + +traefik.http.routers.matrix-sliding-sync-metrics.service=matrix-sliding-sync-metrics +traefik.http.routers.matrix-sliding-sync-metrics.entrypoints={{ matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints }} + +traefik.http.routers.matrix-sliding-sync-metrics.tls={{ matrix_sliding_sync_container_labels_public_metrics_traefik_tls | to_json }} +{% if matrix_sliding_sync_container_labels_public_metrics_traefik_tls %} +traefik.http.routers.matrix-sliding-sync-metrics.tls.certResolver={{ matrix_sliding_sync_container_labels_public_metrics_traefik_tls_certResolver }} +{% endif %} +{% endif %} + {% endif %} {{ matrix_sliding_sync_container_labels_additional_labels }} diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 3552dfd7e..9e867df16 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -8,7 +8,7 @@ matrix_static_files_enabled: true matrix_static_files_identifier: matrix-static-files # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_static_files_version: 2.31.1 +matrix_static_files_version: 2.32.0 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}" matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" @@ -17,7 +17,7 @@ matrix_static_files_public_well_known_path: "{{ matrix_static_files_public_path matrix_static_files_public_well_known_matrix_path: "{{ matrix_static_files_public_well_known_path }}/matrix" # List of systemd services that matrix-static-files.service depends on -matrix_static_files_systemd_required_services_list: ['docker.service'] +matrix_static_files_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-static-files.service wants matrix_static_files_systemd_wanted_services_list: "{{ matrix_static_files_systemd_wanted_services_list_auto + matrix_static_files_systemd_wanted_services_list_custom }}" diff --git a/roles/custom/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml index 4efd14721..079dee066 100644 --- a/roles/custom/matrix-sygnal/defaults/main.yml +++ b/roles/custom/matrix-sygnal/defaults/main.yml @@ -20,7 +20,7 @@ matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" # List of systemd services that matrix-sygnal.service depends on. -matrix_sygnal_systemd_required_services_list: ['docker.service'] +matrix_sygnal_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-sygnal.service wants matrix_sygnal_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index cb20be673..c439c9133 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -73,7 +73,7 @@ matrix_synapse_admin_container_labels_traefik_additional_response_headers_custom matrix_synapse_admin_container_labels_additional_labels: '' # List of systemd services that matrix-synapse-admin.service depends on -matrix_synapse_admin_systemd_required_services_list: ['docker.service'] +matrix_synapse_admin_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" # List of systemd services that matrix-synapse-admin.service wants matrix_synapse_admin_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml index 347d9eecb..a321d888f 100644 --- a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml +++ b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml @@ -32,7 +32,7 @@ matrix_synapse_auto_compressor_container_extra_arguments: [] # List of systemd services that matrix-synapse-auto-compressor.service depends on matrix_synapse_auto_compressor_systemd_required_services_list: "{{ matrix_synapse_auto_compressor_systemd_required_services_list_default + matrix_synapse_auto_compressor_systemd_required_services_list_auto + matrix_synapse_auto_compressor_systemd_required_services_list_custom }}" -matrix_synapse_auto_compressor_systemd_required_services_list_default: ['docker.service'] +matrix_synapse_auto_compressor_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_synapse_auto_compressor_systemd_required_services_list_auto: [] matrix_synapse_auto_compressor_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index b3d7d1694..d3db776c8 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -20,7 +20,7 @@ matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_pr # List of systemd services that matrix-synapse-reverse-proxy-companion.service depends on matrix_synapse_reverse_proxy_companion_systemd_required_services_list: "{{ matrix_synapse_reverse_proxy_companion_systemd_required_services_list_default + matrix_synapse_reverse_proxy_companion_systemd_required_services_list_auto + matrix_synapse_reverse_proxy_companion_systemd_required_services_list_custom }}" -matrix_synapse_reverse_proxy_companion_systemd_required_services_list_default: ['docker.service'] +matrix_synapse_reverse_proxy_companion_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_synapse_reverse_proxy_companion_systemd_required_services_list_auto: [] matrix_synapse_reverse_proxy_companion_systemd_required_services_list_custom: [] diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index dba53fdfa..4c8465077 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.108.0 +matrix_synapse_version: v1.109.0 matrix_synapse_username: '' matrix_synapse_uid: '' @@ -310,7 +310,7 @@ matrix_synapse_container_master_extra_arguments: [] # List of systemd services that matrix-synapse.service depends on matrix_synapse_systemd_required_services_list: "{{ matrix_synapse_systemd_required_services_list_default + matrix_synapse_systemd_required_services_list_auto + matrix_synapse_systemd_required_services_list_custom }}" -matrix_synapse_systemd_required_services_list_default: ['docker.service'] +matrix_synapse_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_synapse_systemd_required_services_list_auto: [] matrix_synapse_systemd_required_services_list_custom: [] @@ -320,6 +320,12 @@ matrix_synapse_systemd_wanted_services_list_default: [] matrix_synapse_systemd_wanted_services_list_auto: [] matrix_synapse_systemd_wanted_services_list_custom: [] +# List of systemd services that matrix-goofys.service depends on +matrix_synapse_goofys_systemd_required_services_list: "{{ matrix_synapse_goofys_systemd_required_services_list_default + matrix_synapse_goofys_systemd_required_services_list_auto + matrix_synapse_goofys_systemd_required_services_list_custom }}" +matrix_synapse_goofys_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" +matrix_synapse_goofys_systemd_required_services_list_auto: [] +matrix_synapse_goofys_systemd_required_services_list_custom: [] + # Controls how long to sleep for after starting the matrix-synapse container. # # Delaying, so that the homeserver can manage to fully start and various services @@ -537,6 +543,27 @@ matrix_synapse_auto_join_rooms: [] # automatically if they don't already exist. matrix_synapse_autocreate_auto_join_rooms: true +# Controls whether room invites will be accepted on behalf of users. +# See: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#auto-accept-invites +# This should not be used together with the `synapse_auto_accept_invite` module (see `matrix_synapse_ext_synapse_auto_accept_invite_enabled`). +# Also see: +# - `matrix_synapse_auto_accept_invites_only_for_direct_messages` +# - `matrix_synapse_auto_accept_invites_only_from_local_users` +# - `matrix_synapse_auto_accept_invites_worker_to_run_on` +matrix_synapse_auto_accept_invites_enabled: false + +# Controls whether auto-invite acceptance should only be done for direct messages. +# Related to: `matrix_synapse_auto_accept_invites_enabled` +matrix_synapse_auto_accept_invites_only_for_direct_messages: false + +# Controls whether auto-invite acceptance should only be done when the invitatio nis coming from a local user. +# Related to: `matrix_synapse_auto_accept_invites_enabled` +matrix_synapse_auto_accept_invites_only_from_local_users: false + +# When Synapse workers enabled it is possible (but not required) to assign a worker to run the auto-accept-invites feature on (null = main process). +# Related to: `matrix_synapse_auto_accept_invites_enabled` +matrix_synapse_auto_accept_invites_worker_to_run_on: null + # Controls whether password authentication is allowed # It may be useful when you've configured OAuth, SAML or CAS and want authentication # to happen only through them @@ -1222,6 +1249,10 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 matrix_synapse_ext_synapse_s3_storage_provider_periodic_migration_schedule: '*-*-* 05:00:00' # Synapse module to automatically accept room invites. +# +# Since Synapse v1.109.0 (https://github.com/element-hq/synapse/pull/17147), +# this functionality has been merged into Synapse. See `matrix_synapse_auto_accept_invites_enabled`. +# # See: https://github.com/matrix-org/synapse-auto-accept-invite # Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). # Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-auto-accept-invite. diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml index d29a70b1d..4a3727733 100644 --- a/roles/custom/matrix-synapse/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/validate_config.yml @@ -121,3 +121,15 @@ when: "matrix_synapse_container_image_customizations_templates_git_repository_keyscan_enabled | bool and vars[item] == ''" with_items: - matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname + + +- name: Fail when auto-accept-invite enabled as a native feature and a module at the same time + ansible.builtin.fail: + msg: >- + Your configuration enables the auto-accept invites feature both as a native Synapse feature (`matrix_synapse_auto_accept_invites_enabled`) and a 3rd party module (`matrix_synapse_ext_synapse_auto_accept_invite_enabled`). + This is unnecessary, since they both do the same and the native feature is built on top of the 3rd party module anyway. + Enabling both at the same time will lead to issues. + We recommend leaving `matrix_synapse_auto_accept_invites_enabled` in your configuration and removing `matrix_synapse_ext_synapse_auto_accept_invite_enabled`. + when: + - matrix_synapse_auto_accept_invites_enabled + - matrix_synapse_ext_synapse_auto_accept_invite_enabled diff --git a/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index d6094815e..0f7a83620 100644 --- a/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -1,8 +1,10 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Goofys media store -After=docker.service -Requires=docker.service +{% for service in matrix_synapse_goofys_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} DefaultDependencies=no [Service] diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 7193f9529..dc9970ec9 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1550,6 +1550,12 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json # #auto_join_rooms_for_guests: false +auto_accept_invites: + enabled: {{ matrix_synapse_auto_accept_invites_enabled | to_json }} + only_for_direct_messages: {{ matrix_synapse_auto_accept_invites_only_for_direct_messages | to_json }} + only_from_local_users: {{ matrix_synapse_auto_accept_invites_only_from_local_users | to_json }} + worker_to_run_on: {{ matrix_synapse_auto_accept_invites_worker_to_run_on | to_json }} + # Whether to inhibit errors raised when registering a new account if the user ID # already exists. If turned on, that requests to /register/available will always # show a user ID as available, and Synapse won't raise an error when starting @@ -1565,7 +1571,7 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json # Enable collection and rendering of performance metrics # -enable_metrics: {{ matrix_synapse_metrics_enabled|to_json }} +enable_metrics: {{ matrix_synapse_metrics_enabled|to_json }} # Enable sentry integration # NOTE: While attempts are made to ensure that the logs don't contain diff --git a/setup.yml b/setup.yml index db596c9c0..43a8b4b01 100644 --- a/setup.yml +++ b/setup.yml @@ -58,6 +58,7 @@ - custom/matrix-bridge-appservice-kakaotalk - custom/matrix-bridge-beeper-linkedin - custom/matrix-bridge-go-skype-bridge + - custom/matrix-bridge-wechat - custom/matrix-bridge-mautrix-facebook - custom/matrix-bridge-mautrix-twitter - custom/matrix-bridge-mautrix-hangouts