Move configuration templates outside of defaults/main.yml files

5 years ago · 5da31ba579
--- a/roles/matrix-bridge-appservice-discord/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml
@@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
 matrix_appservice_discord_bridge_disablePresence: false
 matrix_appservice_discord_bridge_enableSelfServiceBridging: false

 matrix_appservice_discord_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"
  bridge:
    # Domain part of the bridge, e.g. matrix.org
    domain: {{ matrix_appservice_discord_bridge_domain }}
    # This should be your publically facing URL because Discord may use it to
    # fetch media from the media store.
    homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
    # Interval at which to process users in the 'presence queue'. If you have
    # 5 users, one user will be processed every 500 milliseconds according to the
    # value below. This has a minimum value of 250.
    # WARNING: This has a high chance of spamming the homeserver with presence
    # updates since it will send one each time somebody changes state or is online.
    presenceInterval: 500
    # Disable setting presence for 'ghost users' which means Discord users on Matrix
    # will not be shown as away or online.
    disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
    # Disable sending typing notifications when somebody on Discord types.
    disableTypingNotifications: false
    # Disable deleting messages on Discord if a message is redacted on Matrix.
    disableDeletionForwarding: false
    # Enable users to bridge rooms using !discord commands. See
    # https://t2bot.io/discord for instructions.
    enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
    # Disable sending of read receipts for Matrix events which have been
    # successfully bridged to Discord.
    disableReadReceipts: false
    # Disable Join Leave echos from matrix
    disableJoinLeaveNotifications: false
  # Authentication configuration for the discord bot.
  auth:
    clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
    botToken: {{ matrix_appservice_discord_bot_token }}
  logging:
    # What level should the logger output to the console at.
    console: "warn" #silly, verbose, info, http, warn, error, silent
    lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
    # files:
    #   - file: "debug.log"
    #     disable:
    #       - "PresenceHandler" # Will not capture presence logging
    #   - file: "warn.log" # Will capture warnings
    #     level: "warn"
    #   - file: "botlogs.log" # Will capture logs from DiscordBot
    #     level: "info"
    #     enable:
    #       - "DiscordBot"
  database:
    userStorePath: "/data/user-store.db"
    roomStorePath: "/data/room-store.db"
    # You may either use SQLite or Postgresql for the bridge database, which contains
    # important mappings for events and user puppeting configurations.
    # Use the filename option for SQLite, or connString for Postgresql.
    # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
    # WARNING: You will almost certainly be fine with sqlite unless your bridge
    # is in heavy demand and you suffer from IO slowness.
    filename: "/data/discord.db"
    # connString: "postgresql://user:password@localhost/database_name"
  room:
    # Set the default visibility of alias rooms, defaults to "public".
    # One of: "public", "private"
    defaultVisibility: "public"
  channel:
      # Pattern of the name given to bridged rooms.
      # Can use :guild for the guild name and :name for the channel name.
      namePattern: "[Discord] :guild :name"
      # Changes made to rooms when a channel is deleted.
      deleteOptions:
        # Prefix the room name with a string.
        #namePrefix: "[Deleted]"
        # Prefix the room topic with a string.
        #topicPrefix: "This room has been deleted"
        # Disable people from talking in the room by raising the event PL to 50
        disableMessaging: false
        # Remove the discord alias from the room.
        unsetRoomAlias: true
        # Remove the room from the directory.
        unlistFromDirectory: true
        # Set the room to be unavaliable for joining without an invite.
        setInviteOnly: true
        # Make all the discord users leave the room.
        ghostsLeave: true
  limits:
      # Delay in milliseconds between discord users joining a room.
      roomGhostJoinDelay: 6000
      # Delay in milliseconds before sending messages to discord to avoid echos.
      # (Copies of a sent message may arrive from discord before we've
      # fininished handling it, causing us to echo it back to the room)
      discordSendDelay: 750
  ghosts:
      # Pattern for the ghosts nick, available is :nick, :username, :tag and :id
      nickPattern: ":nick"
      # Pattern for the ghosts username, available is :username, :tag and :id
      usernamePattern: ":username#:tag"
 matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_appservice_discord_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2
+++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2
@@ -0,0 +1,93 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Domain part of the bridge, e.g. matrix.org
  domain: {{ matrix_appservice_discord_bridge_domain }}
  # This should be your publically facing URL because Discord may use it to
  # fetch media from the media store.
  homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
  # Interval at which to process users in the 'presence queue'. If you have
  # 5 users, one user will be processed every 500 milliseconds according to the
  # value below. This has a minimum value of 250.
  # WARNING: This has a high chance of spamming the homeserver with presence
  # updates since it will send one each time somebody changes state or is online.
  presenceInterval: 500
  # Disable setting presence for 'ghost users' which means Discord users on Matrix
  # will not be shown as away or online.
  disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
  # Disable sending typing notifications when somebody on Discord types.
  disableTypingNotifications: false
  # Disable deleting messages on Discord if a message is redacted on Matrix.
  disableDeletionForwarding: false
  # Enable users to bridge rooms using !discord commands. See
  # https://t2bot.io/discord for instructions.
  enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
  # Disable sending of read receipts for Matrix events which have been
  # successfully bridged to Discord.
  disableReadReceipts: false
  # Disable Join Leave echos from matrix
  disableJoinLeaveNotifications: false
 # Authentication configuration for the discord bot.
 auth:
  clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
  botToken: {{ matrix_appservice_discord_bot_token }}
 logging:
  # What level should the logger output to the console at.
  console: "warn" #silly, verbose, info, http, warn, error, silent
  lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
  # files:
  #   - file: "debug.log"
  #     disable:
  #       - "PresenceHandler" # Will not capture presence logging
  #   - file: "warn.log" # Will capture warnings
  #     level: "warn"
  #   - file: "botlogs.log" # Will capture logs from DiscordBot
  #     level: "info"
  #     enable:
  #       - "DiscordBot"
 database:
  userStorePath: "/data/user-store.db"
  roomStorePath: "/data/room-store.db"
  # You may either use SQLite or Postgresql for the bridge database, which contains
  # important mappings for events and user puppeting configurations.
  # Use the filename option for SQLite, or connString for Postgresql.
  # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
  # WARNING: You will almost certainly be fine with sqlite unless your bridge
  # is in heavy demand and you suffer from IO slowness.
  filename: "/data/discord.db"
  # connString: "postgresql://user:password@localhost/database_name"
 room:
  # Set the default visibility of alias rooms, defaults to "public".
  # One of: "public", "private"
  defaultVisibility: "public"
 channel:
    # Pattern of the name given to bridged rooms.
    # Can use :guild for the guild name and :name for the channel name.
    namePattern: "[Discord] :guild :name"
    # Changes made to rooms when a channel is deleted.
    deleteOptions:
      # Prefix the room name with a string.
      #namePrefix: "[Deleted]"
      # Prefix the room topic with a string.
      #topicPrefix: "This room has been deleted"
      # Disable people from talking in the room by raising the event PL to 50
      disableMessaging: false
      # Remove the discord alias from the room.
      unsetRoomAlias: true
      # Remove the room from the directory.
      unlistFromDirectory: true
      # Set the room to be unavaliable for joining without an invite.
      setInviteOnly: true
      # Make all the discord users leave the room.
      ghostsLeave: true
 limits:
    # Delay in milliseconds between discord users joining a room.
    roomGhostJoinDelay: 6000
    # Delay in milliseconds before sending messages to discord to avoid echos.
    # (Copies of a sent message may arrive from discord before we've
    # fininished handling it, causing us to echo it back to the room)
    discordSendDelay: 750
 ghosts:
    # Pattern for the ghosts nick, available is :nick, :username, :tag and :id
    nickPattern: ":nick"
    # Pattern for the ghosts username, available is :username, :tag and :id
    usernamePattern: ":username#:tag"
--- a/roles/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml
@@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: []
 matrix_appservice_irc_appservice_token: ''
 matrix_appservice_irc_homeserver_token: ''

 matrix_appservice_irc_configuration_yaml: |
  #jinja2: lstrip_blocks: True
  homeserver:
    # The URL to the home server for client-server API calls, also used to form the
    # media URLs as displayed in bridged IRC channels:
    url: {{ matrix_appservice_irc_homeserver_url }}
    #
    # The URL of the homeserver hosting media files. This is only used to transform
    # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
    # default, this is the homeserver URL, specified above.
    #
    media_url: {{ matrix_appservice_irc_homeserver_media_url }}

    # Drop Matrix messages which are older than this number of seconds, according to
    # the event's origin_server_ts.
    # If the bridge is down for a while, the homeserver will attempt to send all missed
    # events on reconnection. These events may be hours old, which can be confusing to
    # IRC users if they are then bridged. This option allows these old messages to be
    # dropped.
    # CAUTION: This is a very coarse heuristic. Federated homeservers may have different
    # clock times and hence produce different origin_server_ts values, which may be old
    # enough to cause *all* events from the homeserver to be dropped.
    # Default: 0 (don't ever drop)
    # dropMatrixMessagesAfterSecs: 300 # 5 minutes

    # The 'domain' part for user IDs on this home server. Usually (but not always)
    # is the "domain name" part of the HS URL.
    domain: {{ matrix_appservice_irc_homeserver_domain }}

    # Should presence be enabled for matrix clients on this bridge. If disabled on the
    # homeserver then it should also be disabled here to avoid excess traffic.
    # Default: true
    enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}

  ircService:
    # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
    # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
    # the database.
    #
    # To generate a .pem file:
    # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
    #
    # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
    # for storage in the database. Passwords are stored by using the admin room command
    # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
    # the Matrix user, this password will be sent as the server password (PASS command).
    passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification

    # Config for Matrix -> IRC bridging
    matrixHandler:
      # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
      eventCacheSize: 4096

    servers: {{ matrix_appservice_irc_ircService_servers|to_json }}

    # Configuration for an ident server. If you are running a public bridge it is
    # advised you setup an ident server so IRC mods can ban specific matrix users
    # rather than the application service itself.
    ident:
      # True to listen for Ident requests and respond with the
      # matrix user's user_id (converted to ASCII, respecting RFC 1413).
      # Default: false.
      enabled: false
      # The port to listen on for incoming ident requests.
      # Ports below 1024 require root to listen on, and you may not want this to
      # run as root. Instead, you can get something like an Apache to yank up
      # incoming requests to 113 to a high numbered port. Set the port to listen
      # on instead of 113 here.
      # Default: 113.
      port: 1113
      # The address to listen on for incoming ident requests.
      # Default: 0.0.0.0
      address: "::"

    # Configuration for logging. Optional. Default: console debug level logging
    # only.
    logging:
      # Level to log on console/logfile. One of error|warn|info|debug
      level: "debug"
      # The file location to log to. This is relative to the project directory.
      #logfile: "debug.log"
      # The file location to log errors to. This is relative to the project
      # directory.
      #errfile: "errors.log"
      # Whether to log to the console or not.
      toConsole: true
      # The max number of files to keep. Files will be overwritten eventually due
      # to rotations.
      maxFiles: 5

    # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
    #   $ npm install prom-client@6.3.0
    # Metrics will then be available via GET /metrics on the bridge listening port (-p).
    metrics:
      # Whether to actually enable the metric endpoint. Default: false
      enabled: true
      # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
      # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
      remoteUserAgeBuckets:
        - "1h"
        - "1d"
        - "1w"

    # Configuration for the provisioning API.
    #
    # GET /_matrix/provision/link
    # GET /_matrix/provision/unlink
    # GET /_matrix/provision/listlinks
    #
    provisioning:
      # True to enable the provisioning HTTP endpoint. Default: false.
      enabled: false
      # The number of seconds to wait before giving up on getting a response from
      # an IRC channel operator. If the channel operator does not respond within the
      # allotted time period, the provisioning request will fail.
      # Default: 300 seconds (5 mins)
      requestTimeoutSeconds: 300

  # Options here are generally only applicable to large-scale bridges and may have
  # consequences greater than other options in this configuration file.
  advanced:
    # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
    # however for large bridges it is important to rate limit the bridge to avoid
    # accidentally overloading the homeserver. Defaults to 1000, which should be
    # enough for the vast majority of use cases.
    maxHttpSockets: 1000

  # Use an external database to store bridge state.
  database:
    # database engine (must be 'postgres' or 'nedb'). Default: nedb
    engine: "nedb"
    # Either a PostgreSQL connection string, or a path to the NeDB storage directory.
    # For postgres, it must start with postgres://
    # For NeDB, it must start with nedb://. The path is relative to the project directory.
    connectionString: "nedb:///data"
 matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_appservice_irc_configuration_extension_yaml: |
  # Your custom YAML configuration for Appservice IRC servers goes here.
--- a/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
+++ b/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
@@ -0,0 +1,134 @@
 #jinja2: lstrip_blocks: True
 homeserver:
  # The URL to the home server for client-server API calls, also used to form the
  # media URLs as displayed in bridged IRC channels:
  url: {{ matrix_appservice_irc_homeserver_url }}
  #
  # The URL of the homeserver hosting media files. This is only used to transform
  # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
  # default, this is the homeserver URL, specified above.
  #
  media_url: {{ matrix_appservice_irc_homeserver_media_url }}

  # Drop Matrix messages which are older than this number of seconds, according to
  # the event's origin_server_ts.
  # If the bridge is down for a while, the homeserver will attempt to send all missed
  # events on reconnection. These events may be hours old, which can be confusing to
  # IRC users if they are then bridged. This option allows these old messages to be
  # dropped.
  # CAUTION: This is a very coarse heuristic. Federated homeservers may have different
  # clock times and hence produce different origin_server_ts values, which may be old
  # enough to cause *all* events from the homeserver to be dropped.
  # Default: 0 (don't ever drop)
  # dropMatrixMessagesAfterSecs: 300 # 5 minutes

  # The 'domain' part for user IDs on this home server. Usually (but not always)
  # is the "domain name" part of the HS URL.
  domain: {{ matrix_appservice_irc_homeserver_domain }}

  # Should presence be enabled for matrix clients on this bridge. If disabled on the
  # homeserver then it should also be disabled here to avoid excess traffic.
  # Default: true
  enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}

 ircService:
  # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
  # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
  # the database.
  #
  # To generate a .pem file:
  # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
  #
  # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
  # for storage in the database. Passwords are stored by using the admin room command
  # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
  # the Matrix user, this password will be sent as the server password (PASS command).
  passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification

  # Config for Matrix -> IRC bridging
  matrixHandler:
    # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
    eventCacheSize: 4096

  servers: {{ matrix_appservice_irc_ircService_servers|to_json }}

  # Configuration for an ident server. If you are running a public bridge it is
  # advised you setup an ident server so IRC mods can ban specific matrix users
  # rather than the application service itself.
  ident:
    # True to listen for Ident requests and respond with the
    # matrix user's user_id (converted to ASCII, respecting RFC 1413).
    # Default: false.
    enabled: false
    # The port to listen on for incoming ident requests.
    # Ports below 1024 require root to listen on, and you may not want this to
    # run as root. Instead, you can get something like an Apache to yank up
    # incoming requests to 113 to a high numbered port. Set the port to listen
    # on instead of 113 here.
    # Default: 113.
    port: 1113
    # The address to listen on for incoming ident requests.
    # Default: 0.0.0.0
    address: "::"

  # Configuration for logging. Optional. Default: console debug level logging
  # only.
  logging:
    # Level to log on console/logfile. One of error|warn|info|debug
    level: "debug"
    # The file location to log to. This is relative to the project directory.
    #logfile: "debug.log"
    # The file location to log errors to. This is relative to the project
    # directory.
    #errfile: "errors.log"
    # Whether to log to the console or not.
    toConsole: true
    # The max number of files to keep. Files will be overwritten eventually due
    # to rotations.
    maxFiles: 5

  # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
  #   $ npm install prom-client@6.3.0
  # Metrics will then be available via GET /metrics on the bridge listening port (-p).
  metrics:
    # Whether to actually enable the metric endpoint. Default: false
    enabled: true
    # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
    # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
    remoteUserAgeBuckets:
      - "1h"
      - "1d"
      - "1w"

  # Configuration for the provisioning API.
  #
  # GET /_matrix/provision/link
  # GET /_matrix/provision/unlink
  # GET /_matrix/provision/listlinks
  #
  provisioning:
    # True to enable the provisioning HTTP endpoint. Default: false.
    enabled: false
    # The number of seconds to wait before giving up on getting a response from
    # an IRC channel operator. If the channel operator does not respond within the
    # allotted time period, the provisioning request will fail.
    # Default: 300 seconds (5 mins)
    requestTimeoutSeconds: 300

 # Options here are generally only applicable to large-scale bridges and may have
 # consequences greater than other options in this configuration file.
 advanced:
  # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
  # however for large bridges it is important to rate limit the bridge to avoid
  # accidentally overloading the homeserver. Defaults to 1000, which should be
  # enough for the vast majority of use cases.
  maxHttpSockets: 1000

 # Use an external database to store bridge state.
 database:
  # database engine (must be 'postgres' or 'nedb'). Default: nedb
  engine: "nedb"
  # Either a PostgreSQL connection string, or a path to the NeDB storage directory.
  # For postgres, it must start with postgres://
  # For NeDB, it must start with nedb://. The path is relative to the project directory.
  connectionString: "nedb:///data"
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: ''
 matrix_appservice_slack_homeserver_token: ''
 matrix_appservice_slack_id_token: ''

 matrix_appservice_slack_configuration_yaml: |
    slack_hook_port: {{ matrix_appservice_slack_slack_port }}
    inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
    bot_username: "{{ matrix_appservice_slack_bot_name }}"
    username_prefix: {{ matrix_appservice_slack_user_prefix }}

    homeserver:
        media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
        url: "{{ matrix_appservice_slack_homeserver_url }}"
        server_name: "{{ matrix_domain }}"

    dbdir: "/data"

    matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"

 matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_appservice_slack_configuration_extension_yaml: |
    #slack_hook_port: 9898
--- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2
+++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2
@@ -0,0 +1,14 @@
 #jinja2: lstrip_blocks: True
 slack_hook_port: {{ matrix_appservice_slack_slack_port }}
 inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
 bot_username: "{{ matrix_appservice_slack_bot_name }}"
 username_prefix: {{ matrix_appservice_slack_user_prefix }}

 homeserver:
    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
    url: "{{ matrix_appservice_slack_homeserver_url }}"
    server_name: "{{ matrix_domain }}"

 dbdir: "/data"

 matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
--- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
@@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: ''
 # Logging information (info and verbose is available) default is: info
 matrix_appservice_webhooks_log_level: 'info'

 matrix_appservice_webhooks_configuration_yaml: |

  # Configuration specific to the application service. All fields (unless otherwise marked) are required.
  homeserver:
    # The domain for the client-server API calls.
    url: "{{ matrix_appservice_webhooks_homeserver_url }}"

    # The domain part for user IDs on this home server. Usually, but not always, this is the same as the
    # home server's URL.
    domain: "{{ matrix_domain }}"

  # Configuration specific to the bridge. All fields (unless otherwise marked) are required.
  webhookBot:
    # The localpart to use for the bot. May require re-registering the application service.
    localpart: "_webhook"

  # Provisioning API options
  provisioning:
    # Your secret for the API. Required for all provisioning API requests.
    secret: '{{ matrix_appservice_webhooks_api_secret }}'

  # Configuration related to the web portion of the bridge. Handles the inbound webhooks
  web:
    hookUrlBase:  "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"

  logging:
    console: true
    consoleLevel: {{ matrix_appservice_webhooks_log_level }}
    writeFiles: false
 matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_appservice_webhooks_configuration_extension_yaml: |
  #
--- a/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2
+++ b/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2
@@ -0,0 +1,28 @@
 #jinja2: lstrip_blocks: True
 # Configuration specific to the application service. All fields (unless otherwise marked) are required.
 homeserver:
  # The domain for the client-server API calls.
  url: "{{ matrix_appservice_webhooks_homeserver_url }}"

  # The domain part for user IDs on this home server. Usually, but not always, this is the same as the
  # home server's URL.
  domain: "{{ matrix_domain }}"

 # Configuration specific to the bridge. All fields (unless otherwise marked) are required.
 webhookBot:
  # The localpart to use for the bot. May require re-registering the application service.
  localpart: "_webhook"

 # Provisioning API options
 provisioning:
  # Your secret for the API. Required for all provisioning API requests.
  secret: '{{ matrix_appservice_webhooks_api_secret }}'

 # Configuration related to the web portion of the bridge. Handles the inbound webhooks
 web:
  hookUrlBase:  "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"

 logging:
  console: true
  consoleLevel: {{ matrix_appservice_webhooks_log_level }}
  writeFiles: false
--- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
@@ -38,164 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: ''
 #
 # For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mautrix_facebook_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"
  # Homeserver details
  homeserver:
      # The address that this appservice can use to connect to the homeserver.
      address: {{ matrix_mautrix_facebook_homeserver_address }}
      # The domain of the homeserver (for MXIDs, etc).
      domain: {{ matrix_mautrix_facebook_homeserver_domain }}
      # Whether or not to verify the SSL certificate of the homeserver.
      # Only applies if address starts with https://
      verify_ssl: true

  # Application service host/registration related details
  # Changing these values requires regeneration of the registration.
  appservice:
      # The address that the homeserver can use to connect to this appservice.
      address: {{ matrix_mautrix_facebook_appservice_address }}

      # The hostname and port where this appservice should listen.
      hostname: 0.0.0.0
      port: 29319
      # The maximum body size of appservice API requests (from the homeserver) in mebibytes
      # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
      max_body_size: 1

      # The full URI to the database. SQLite and Postgres are fully supported.
      # Other DBMSes supported by SQLAlchemy may or may not work.
      # Format examples:
      #   SQLite:   sqlite:///filename.db
      #   Postgres: postgres://username:password@hostname/dbname
      database: sqlite:////data/mautrix-facebook.db

      # Public part of web server for out-of-Matrix interaction with the bridge.
      public:
          # Whether or not the public-facing endpoints should be enabled.
          enabled: false
          # The prefix to use in the public-facing endpoints.
          prefix: /public
          # The base URL where the public-facing endpoints are available. The prefix is not added
          # implicitly.
          external: https://example.com/public

      # The unique ID of this appservice.
      id: facebook
      # Username of the appservice bot.
      bot_username: facebookbot
      # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
      # to leave display name/avatar as-is.
      bot_displayname: Facebook bridge bot
      bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv

      # Authentication tokens for AS <-> HS communication.
      as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
      hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"

  # Bridge config
  bridge:
      # Localpart template of MXIDs for Facebook users.
      # {userid} is replaced with the user ID of the Facebook user.
      username_template: "facebook_{userid}"
      # Localpart template for per-user room grouping community IDs.
      # The bridge will create these communities and add all of the specific user's portals to the community.
      # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
      #
      # `facebook_{localpart}={server}` is a good value.
      community_template: null
      # Displayname template for Facebook users.
      # {displayname} is replaced with the display name of the Facebook user
      #               as defined below in displayname_preference.
      # Keys available for displayname_preference are also available here.
      displayname_template: '{displayname} (FB)'
      # Available keys:
      # "name" (full name)
      # "first_name"
      # "last_name"
      # "nickname"
      # "own_nickname" (user-specific!)
      displayname_preference:
      - name

      # The prefix for commands. Only required in non-management rooms.
      command_prefix: "!fb"

      # Number of chats to sync (and create portals for) on startup/login.
      # Maximum 20, set 0 to disable automatic syncing.
      initial_chat_sync: 10
      # Whether or not the Facebook users of logged in Matrix users should be
      # invited to private chats when the user sends a message from another client.
      invite_own_puppet_to_pm: false
      # Whether or not to use /sync to get presence, read receipts and typing notifications when using
      # your own Matrix account as the Matrix puppet for your Facebook account.
      sync_with_custom_puppets: true
      # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
      #
      # If set, custom puppets will be enabled automatically for local users
      # instead of users having to find an access token and run `login-matrix`
      # manually.
      login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
      # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
      # presence, but then it won't send other users' presence to the client.
      presence: true
      # Whether or not to update avatars when syncing all contacts at startup.
      update_avatar_initial_sync: true
      # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
      # and login_shared_secret to be configured in order to get a device for the bridge bot.
      #
      # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
      # application service.
      encryption:
          # Allow encryption, work in group chat rooms with e2ee enabled
          allow: false
          # Default to encryption, force-enable encryption in all portals the bridge creates
          # This will cause the bridge bot to be in private chats for the encryption to work properly.
          default: false

      # Whether or not the bridge should send a read receipt from the bridge bot when a message has
      # been sent to Facebook.
      delivery_receipts: false

      # Permissions for using the bridge.
      # Permitted values:
      #       user - Use the bridge with puppeting.
      #      admin - Use and administrate the bridge.
      # Permitted keys:
      #        * - All Matrix users
      #   domain - All users on that homeserver
      #     mxid - Specific user
      permissions:
        '{{ matrix_mautrix_facebook_homeserver_domain }}': user

  # Python logging configuration.
  #
  # See section 16.7.2 of the Python documentation for more info:
  # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
  logging:
      version: 1
      formatters:
          colored:
              (): mautrix_facebook.util.ColorFormatter
              format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
          normal:
              format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
      handlers:
          console:
              class: logging.StreamHandler
              formatter: colored
      loggers:
          mau:
              level: DEBUG
          fbchat:
              level: DEBUG
          hbmqtt:
              level: INFO
          aiohttp:
              level: INFO
      root:
          level: DEBUG
          handlers: [console]
 matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_mautrix_facebook_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
@@ -0,0 +1,157 @@
 #jinja2: lstrip_blocks: "True"
 # Homeserver details
 homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: {{ matrix_mautrix_facebook_homeserver_address }}
    # The domain of the homeserver (for MXIDs, etc).
    domain: {{ matrix_mautrix_facebook_homeserver_domain }}
    # Whether or not to verify the SSL certificate of the homeserver.
    # Only applies if address starts with https://
    verify_ssl: true

 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.
 appservice:
    # The address that the homeserver can use to connect to this appservice.
    address: {{ matrix_mautrix_facebook_appservice_address }}

    # The hostname and port where this appservice should listen.
    hostname: 0.0.0.0
    port: 29319
    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
    max_body_size: 1

    # The full URI to the database. SQLite and Postgres are fully supported.
    # Other DBMSes supported by SQLAlchemy may or may not work.
    # Format examples:
    #   SQLite:   sqlite:///filename.db
    #   Postgres: postgres://username:password@hostname/dbname
    database: sqlite:////data/mautrix-facebook.db

    # Public part of web server for out-of-Matrix interaction with the bridge.
    public:
        # Whether or not the public-facing endpoints should be enabled.
        enabled: false
        # The prefix to use in the public-facing endpoints.
        prefix: /public
        # The base URL where the public-facing endpoints are available. The prefix is not added
        # implicitly.
        external: https://example.com/public

    # The unique ID of this appservice.
    id: facebook
    # Username of the appservice bot.
    bot_username: facebookbot
    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
    # to leave display name/avatar as-is.
    bot_displayname: Facebook bridge bot
    bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv

    # Authentication tokens for AS <-> HS communication.
    as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
    hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"

 # Bridge config
 bridge:
    # Localpart template of MXIDs for Facebook users.
    # {userid} is replaced with the user ID of the Facebook user.
    username_template: "facebook_{userid}"
    # Localpart template for per-user room grouping community IDs.
    # The bridge will create these communities and add all of the specific user's portals to the community.
    # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
    #
    # `facebook_{localpart}={server}` is a good value.
    community_template: null
    # Displayname template for Facebook users.
    # {displayname} is replaced with the display name of the Facebook user
    #               as defined below in displayname_preference.
    # Keys available for displayname_preference are also available here.
    displayname_template: '{displayname} (FB)'
    # Available keys:
    # "name" (full name)
    # "first_name"
    # "last_name"
    # "nickname"
    # "own_nickname" (user-specific!)
    displayname_preference:
    - name

    # The prefix for commands. Only required in non-management rooms.
    command_prefix: "!fb"

    # Number of chats to sync (and create portals for) on startup/login.
    # Maximum 20, set 0 to disable automatic syncing.
    initial_chat_sync: 10
    # Whether or not the Facebook users of logged in Matrix users should be
    # invited to private chats when the user sends a message from another client.
    invite_own_puppet_to_pm: false
    # Whether or not to use /sync to get presence, read receipts and typing notifications when using
    # your own Matrix account as the Matrix puppet for your Facebook account.
    sync_with_custom_puppets: true
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
    # instead of users having to find an access token and run `login-matrix`
    # manually.
    login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
    # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
    # presence, but then it won't send other users' presence to the client.
    presence: true
    # Whether or not to update avatars when syncing all contacts at startup.
    update_avatar_initial_sync: true
    # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
    # and login_shared_secret to be configured in order to get a device for the bridge bot.
    #
    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
    # application service.
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false

    # Whether or not the bridge should send a read receipt from the bridge bot when a message has
    # been sent to Facebook.
    delivery_receipts: false

    # Permissions for using the bridge.
    # Permitted values:
    #       user - Use the bridge with puppeting.
    #      admin - Use and administrate the bridge.
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_facebook_homeserver_domain }}': user

 # Python logging configuration.
 #
 # See section 16.7.2 of the Python documentation for more info:
 # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
 logging:
    version: 1
    formatters:
        colored:
            (): mautrix_facebook.util.ColorFormatter
            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
        normal:
            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
    handlers:
        console:
            class: logging.StreamHandler
            formatter: colored
    loggers:
        mau:
            level: DEBUG
        fbchat:
            level: DEBUG
        hbmqtt:
            level: INFO
        aiohttp:
            level: INFO
    root:
        level: DEBUG
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
@@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: ''
 #
 # For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mautrix_hangouts_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"
  # Homeserver details
  homeserver:
      # The address that this appservice can use to connect to the homeserver.
      address: {{ matrix_mautrix_hangouts_homeserver_address }}
      # The domain of the homeserver (for MXIDs, etc).
      domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
      # Whether or not to verify the SSL certificate of the homeserver.
      # Only applies if address starts with https://
      verify_ssl: true

  # Application service host/registration related details
  # Changing these values requires regeneration of the registration.
  appservice:
      # The address that the homeserver can use to connect to this appservice.
      address: {{ matrix_mautrix_hangouts_appservice_address }}

      # The hostname and port where this appservice should listen.
      hostname: 0.0.0.0
      port: 8080
      # The maximum body size of appservice API requests (from the homeserver) in mebibytes
      # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
      max_body_size: 1

      # The full URI to the database. SQLite and Postgres are fully supported.
      # Other DBMSes supported by SQLAlchemy may or may not work.
      # Format examples:
      #   SQLite:   sqlite:///filename.db
      #   Postgres: postgres://username:password@hostname/dbname
      database: sqlite:////data/mautrix-hangouts.db

      # The unique ID of this appservice.
      id: hangouts
      # Username of the appservice bot.
      bot_username: hangoutsbot
      # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
      # to leave display name/avatar as-is.
      bot_displayname: Hangouts bridge bot
      bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy

      # Authentication tokens for AS <-> HS communication.
      as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
      hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"

  # Bridge config
  bridge:
      # Localpart template of MXIDs for Hangouts users.
      # {userid} is replaced with the user ID of the Hangouts user.
      username_template: "hangouts_{userid}"
      # Displayname template for Hangouts users.
      # {displayname} is replaced with the display name of the Hangouts user
      #               as defined below in displayname_preference.
      # Keys available for displayname_preference are also available here.
      displayname_template: '{full_name} (Hangouts)'
      # Available keys:
      # "name" (full name)
      # "first_name"
      # "last_name"
      # "nickname"
      # "own_nickname" (user-specific!)
      displayname_preference:
      - name

      # The prefix for commands. Only required in non-management rooms.
      command_prefix: "!HO"

      # Number of chats to sync (and create portals for) on startup/login.
      # Maximum 20, set 0 to disable automatic syncing.
      initial_chat_sync: 20
      # Whether or not the Hangouts users of logged in Matrix users should be
      # invited to private chats when the user sends a message from another client.
      invite_own_puppet_to_pm: false
      # Whether or not to use /sync to get presence, read receipts and typing notifications when using
      # your own Matrix account as the Matrix puppet for your Hangouts account.
      sync_with_custom_puppets: true
      # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
      #
      # If set, custom puppets will be enabled automatically for local users
      # instead of users having to find an access token and run `login-matrix`
      # manually.
      login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
      # Whether or not to update avatars when syncing all contacts at startup.
      update_avatar_initial_sync: true
      # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
      # and login_shared_secret to be configured in order to get a device for the bridge bot.
      #
      # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
      # application service.
      encryption:
          # Allow encryption, work in group chat rooms with e2ee enabled
          allow: false
          # Default to encryption, force-enable encryption in all portals the bridge creates
          # This will cause the bridge bot to be in private chats for the encryption to work properly.
          default: false

      # Public website and API configs
      web:
          # Auth server config
          auth:
              # Publicly accessible base URL for the login endpoints.
              # The prefix below is not implicitly added. This URL and all subpaths should be proxied
              # or otherwise pointed to the appservice's webserver to the path specified below (prefix).
              # This path should usually include a trailing slash.
              # Internal prefix in the appservice web server for the login endpoints.
              public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
              prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"


      # Permissions for using the bridge.
      # Permitted values:
      #       user - Use the bridge with puppeting.
      #      admin - Use and administrate the bridge.
      # Permitted keys:
      #        * - All Matrix users
      #   domain - All users on that homeserver
      #     mxid - Specific user
      permissions:
        '{{ matrix_mautrix_hangouts_homeserver_domain }}': user

  # Python logging configuration.
  #
  # See section 16.7.2 of the Python documentation for more info:
  # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
  logging:
      version: 1
      formatters:
          colored:
              (): mautrix_hangouts.util.ColorFormatter
              format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
          normal:
              format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
      handlers:
          console:
              class: logging.StreamHandler
              formatter: colored
      loggers:
          mau:
              level: DEBUG
          hangups:
              level: DEBUG
          aiohttp:
              level: INFO
      root:
          level: DEBUG
          handlers: [console]
 matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_mautrix_hangouts_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
@@ -0,0 +1,145 @@
 #jinja2: lstrip_blocks: "True"
 # Homeserver details
 homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: {{ matrix_mautrix_hangouts_homeserver_address }}
    # The domain of the homeserver (for MXIDs, etc).
    domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
    # Whether or not to verify the SSL certificate of the homeserver.
    # Only applies if address starts with https://
    verify_ssl: true

 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.
 appservice:
    # The address that the homeserver can use to connect to this appservice.
    address: {{ matrix_mautrix_hangouts_appservice_address }}

    # The hostname and port where this appservice should listen.
    hostname: 0.0.0.0
    port: 8080
    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
    max_body_size: 1

    # The full URI to the database. SQLite and Postgres are fully supported.
    # Other DBMSes supported by SQLAlchemy may or may not work.
    # Format examples:
    #   SQLite:   sqlite:///filename.db
    #   Postgres: postgres://username:password@hostname/dbname
    database: sqlite:////data/mautrix-hangouts.db

    # The unique ID of this appservice.
    id: hangouts
    # Username of the appservice bot.
    bot_username: hangoutsbot
    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
    # to leave display name/avatar as-is.
    bot_displayname: Hangouts bridge bot
    bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy

    # Authentication tokens for AS <-> HS communication.
    as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
    hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"

 # Bridge config
 bridge:
    # Localpart template of MXIDs for Hangouts users.
    # {userid} is replaced with the user ID of the Hangouts user.
    username_template: "hangouts_{userid}"
    # Displayname template for Hangouts users.
    # {displayname} is replaced with the display name of the Hangouts user
    #               as defined below in displayname_preference.
    # Keys available for displayname_preference are also available here.
    displayname_template: '{full_name} (Hangouts)'
    # Available keys:
    # "name" (full name)
    # "first_name"
    # "last_name"
    # "nickname"
    # "own_nickname" (user-specific!)
    displayname_preference:
    - name

    # The prefix for commands. Only required in non-management rooms.
    command_prefix: "!HO"

    # Number of chats to sync (and create portals for) on startup/login.
    # Maximum 20, set 0 to disable automatic syncing.
    initial_chat_sync: 20
    # Whether or not the Hangouts users of logged in Matrix users should be
    # invited to private chats when the user sends a message from another client.
    invite_own_puppet_to_pm: false
    # Whether or not to use /sync to get presence, read receipts and typing notifications when using
    # your own Matrix account as the Matrix puppet for your Hangouts account.
    sync_with_custom_puppets: true
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
    # instead of users having to find an access token and run `login-matrix`
    # manually.
    login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
    # Whether or not to update avatars when syncing all contacts at startup.
    update_avatar_initial_sync: true
    # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
    # and login_shared_secret to be configured in order to get a device for the bridge bot.
    #
    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
    # application service.
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false

    # Public website and API configs
    web:
        # Auth server config
        auth:
            # Publicly accessible base URL for the login endpoints.
            # The prefix below is not implicitly added. This URL and all subpaths should be proxied
            # or otherwise pointed to the appservice's webserver to the path specified below (prefix).
            # This path should usually include a trailing slash.
            # Internal prefix in the appservice web server for the login endpoints.
            public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
            prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"


    # Permissions for using the bridge.
    # Permitted values:
    #       user - Use the bridge with puppeting.
    #      admin - Use and administrate the bridge.
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_hangouts_homeserver_domain }}': user

 # Python logging configuration.
 #
 # See section 16.7.2 of the Python documentation for more info:
 # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
 logging:
    version: 1
    formatters:
        colored:
            (): mautrix_hangouts.util.ColorFormatter
            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
        normal:
            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
    handlers:
        console:
            class: logging.StreamHandler
            formatter: colored
    loggers:
        mau:
            level: DEBUG
        hangups:
            level: DEBUG
        aiohttp:
            level: INFO
    root:
        level: DEBUG
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: ''
 #
 # For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mautrix_telegram_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"
  # Homeserver details
  homeserver:
      # The address that this appservice can use to connect to the homeserver.
      address: {{ matrix_mautrix_telegram_homeserver_address }}
      # The domain of the homeserver (for MXIDs, etc).
      domain: {{ matrix_mautrix_telegram_homeserver_domain }}
      # Whether or not to verify the SSL certificate of the homeserver.
      # Only applies if address starts with https://
      verify_ssl: true

  # Application service host/registration related details
  # Changing these values requires regeneration of the registration.
  appservice:
      # The address that the homeserver can use to connect to this appservice.
      address: {{ matrix_mautrix_telegram_appservice_address }}

      # The hostname and port where this appservice should listen.
      hostname: 0.0.0.0
      port: 8080
      # The maximum body size of appservice API requests (from the homeserver) in mebibytes
      # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
      max_body_size: 1

      # The full URI to the database. SQLite and Postgres are fully supported.
      # Other DBMSes supported by SQLAlchemy may or may not work.
      # Format examples:
      #   SQLite:   sqlite:///filename.db
      #   Postgres: postgres://username:password@hostname/dbname
      database: sqlite:////data/mautrix-telegram.db

      # Public part of web server for out-of-Matrix interaction with the bridge.
      # Used for things like login if the user wants to make sure the 2FA password isn't stored in
      # the HS database.
      public:
          # Whether or not the public-facing endpoints should be enabled.
          enabled: true
          # The prefix to use in the public-facing endpoints.
          prefix: {{ matrix_mautrix_telegram_public_endpoint }}
          # The base URL where the public-facing endpoints are available. The prefix is not added
          # implicitly.
          external: {{ matrix_mautrix_telegram_appservice_public_external }}

      # Provisioning API part of the web server for automated portal creation and fetching information.
      # Used by things like Dimension (https://dimension.t2bot.io/).
      provisioning:
          # Whether or not the provisioning API should be enabled.
          enabled: false
          # The prefix to use in the provisioning API endpoints.
          prefix: /_matrix/provision/v1
          # The shared secret to authorize users of the API.
          # Set to "generate" to generate and save a new token.
          shared_secret: generate

      # The unique ID of this appservice.
      id: telegram
      # Username of the appservice bot.
      bot_username: telegrambot
      # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
      # to leave display name/avatar as-is.
      bot_displayname: Telegram bridge bot
      bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX

      # Authentication tokens for AS <-> HS communication.
      as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
      hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"

  # Bridge config
  bridge:
      # Localpart template of MXIDs for Telegram users.
      # {userid} is replaced with the user ID of the Telegram user.
      username_template: "telegram_{userid}"
      # Localpart template of room aliases for Telegram portal rooms.
      # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
      alias_template: "telegram_{groupname}"
      # Displayname template for Telegram users.
      # {displayname} is replaced with the display name of the Telegram user.
      displayname_template: "{displayname} (Telegram)"

      # Set the preferred order of user identifiers which to use in the Matrix puppet display name.
      # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
      # ID is used.
      #
      # If the bridge is working properly, a phone number or an username should always be known, but
      # the other one can very well be empty.
      #
      # Valid keys:
      #   "full name"          (First and/or last name)
      #   "full name reversed" (Last and/or first name)
      #   "first name"
      #   "last name"
      #   "username"
      #   "phone number"
      displayname_preference:
      - full name
      - username
      - phone number
      # Maximum length of displayname
      displayname_max_length: 100

      # Maximum number of members to sync per portal when starting up. Other members will be
      # synced when they send messages. The maximum is 10000, after which the Telegram server
      # will not send any more members.
      # Defaults to no local limit (-> limited to 10000 by server)
      max_initial_member_sync: -1
      # Whether or not to sync the member list in channels.
      # If no channel admins have logged into the bridge, the bridge won't be able to sync the member
      # list regardless of this setting.
      sync_channel_members: true
      # Whether or not to skip deleted members when syncing members.
      skip_deleted_members: true
      # Whether or not to automatically synchronize contacts and chats of Matrix users logged into
      # their Telegram account at startup.
      startup_sync: true
      # Number of most recently active dialogs to check when syncing chats.
      # Dialogs include groups and private chats, but only groups are synced.
      # Set to 0 to remove limit.
      sync_dialog_limit: 30
      # Whether or not to sync and create portals for direct chats at startup.
      sync_direct_chats: false
      # The maximum number of simultaneous Telegram deletions to handle.
      # A large number of simultaneous redactions could put strain on your homeserver.
      max_telegram_delete: 10
      # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
      # at startup and when creating a bridge.
      sync_matrix_state: true
      # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
      # login website (see appservice.public config section)
      allow_matrix_login: true
      # Whether or not to bridge plaintext highlights.
      # Only enable this if your displayname_template has some static part that the bridge can use to
      # reliably identify what is a plaintext highlight.
      plaintext_highlights: false
      # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
      public_portals: true
      # Whether or not to use /sync to get presence, read receipts and typing notifications when using
      # your own Matrix account as the Matrix puppet for your Telegram account.
      sync_with_custom_puppets: true
      # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
      #
      # If set, custom puppets will be enabled automatically for local users
      # instead of users having to find an access token and run `login-matrix`
      # manually.
      login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
      # Set to false to disable link previews in messages sent to Telegram.
      telegram_link_preview: true
      # Use inline images instead of a separate message for the caption.
      # N.B. Inline images are not supported on all clients (e.g. Riot iOS).
      inline_images: false
      # Maximum size of image in megabytes before sending to Telegram as a document.
      image_as_file_size: 10
      # Maximum size of Telegram documents in megabytes to bridge.
      max_document_size: 100
      # Enable experimental parallel file transfer, which makes uploads/downloads much faster by
      # streaming from/to Matrix and using many connections for Telegram.
      # Note that generating HQ thumbnails for videos is not possible with streamed transfers.
      parallel_file_transfer: false
      # Whether or not created rooms should have federation enabled.
      # If false, created portal rooms will never be federated.
      federate_rooms: true
      # Settings for converting animated stickers.
      animated_sticker:
          # Format to which animated stickers should be converted.
          # disable - No conversion, send as-is (gzipped lottie)
          # png - converts to non-animated png (fastest),
          # gif - converts to animated gif, but loses transparency
          # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
          target: gif
          # Arguments for converter. All converters take width and height.
          # GIF converter takes background as a hex color.
          args:
              width: 256
              height: 256
              background: "020202"  # only for gif
              fps: 30               # only for webm
      # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
      # and login_shared_secret to be configured in order to get a device for the bridge bot.
      #
      # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
      # application service.
      encryption:
          # Allow encryption, work in group chat rooms with e2ee enabled
          allow: false
          # Default to encryption, force-enable encryption in all portals the bridge creates
          # This will cause the bridge bot to be in private chats for the encryption to work properly.
          default: false

      # Overrides for base power levels.
      initial_power_level_overrides:
          user: {}
          group: {}

      # Whether to bridge Telegram bot messages as m.notices or m.texts.
      bot_messages_as_notices: true
      bridge_notices:
          # Whether or not Matrix bot messages (type m.notice) should be bridged.
          default: false
          # List of user IDs for whom the previous flag is flipped.
          # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
          #      notices from users listed here will be bridged.
          exceptions: []

      # Some config options related to Telegram message deduplication.
      # The default values are usually fine, but some debug messages/warnings might recommend you
      # change these.
      deduplication:
          # Whether or not to check the database if the message about to be sent is a duplicate.
          pre_db_check: false
          # The number of latest events to keep when checking for duplicates.
          # You might need to increase this on high-traffic bridge instances.
          cache_queue_length: 20


      # The formats to use when sending messages to Telegram via the relay bot.
      #
      # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
      #
      # Available variables:
      #   $sender_displayname    - The display name of the sender (e.g. Example User)
      #   $sender_username       - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
      #   $sender_mxid           - The Matrix ID of the sender (e.g. @exampleuser:example.com)
      #   $message               - The message content as HTML
      message_formats:
          m.text: "<b>$sender_displayname</b>: $message"
          m.notice: "<b>$sender_displayname</b>: $message"
          m.emote: "* <b>$sender_displayname</b> $message"
          m.file: "<b>$sender_displayname</b> sent a file: $message"
          m.image: "<b>$sender_displayname</b> sent an image: $message"
          m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
          m.video: "<b>$sender_displayname</b> sent a video: $message"
          m.location: "<b>$sender_displayname</b> sent a location: $message"
      # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
      # users are sent to telegram. All fields in message_formats are supported. Additionally, the
      # Telegram user info is available in the following variables:
      #    $displayname - Telegram displayname
      #    $username    - Telegram username (may not exist)
      #    $mention     - Telegram @username or displayname mention (depending on which exists)
      emote_format: "* $mention $formatted_body"

      # The formats to use when sending state events to Telegram via the relay bot.
      #
      # Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
      # In name_change events, `$prev_displayname` is the previous displayname.
      #
      # Set format to an empty string to disable the messages for that event.
      state_event_formats:
          join: "<b>$displayname</b> joined the room."
          leave: "<b>$displayname</b> left the room."
          name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"

      # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
      # `filter-mode` management commands.
      #
      # Filters do not affect direct chats.
      # An empty blacklist will essentially disable the filter.
      filter:
          # Filter mode to use. Either "blacklist" or "whitelist".
          # If the mode is "blacklist", the listed chats will never be bridged.
          # If the mode is "whitelist", only the listed chats can be bridged.
          mode: blacklist
          # The list of group/channel IDs to filter.
          list: []

      # The prefix for commands. Only required in non-management rooms.
      command_prefix: "!tg"

      # Permissions for using the bridge.
      # Permitted values:
      #   relaybot - Only use the bridge via the relaybot, no access to commands.
      #       user - Relaybot level + access to commands to create bridges.
      #  puppeting - User level + logging in with a Telegram account.
      #       full - Full access to use the bridge, i.e. previous levels + Matrix login.
      #      admin - Full access to use the bridge and some extra administration commands.
      # Permitted keys:
      #        * - All Matrix users
      #   domain - All users on that homeserver
      #     mxid - Specific user
      permissions:
        '{{ matrix_mautrix_telegram_homeserver_domain }}': full

      # Options related to the message relay Telegram bot.
      relaybot:
          private_chat:
              # List of users to invite to the portal when someone starts a private chat with the bot.
              # If empty, private chats with the bot won't create a portal.
              invite: []
              # Whether or not to bridge state change messages in relaybot private chats.
              state_changes: true
              # When private_chat_invite is empty, this message is sent to users /starting the
              # relaybot. Telegram's "markdown" is supported.
              message: This is a Matrix bridge relaybot and does not support direct chats
          # List of users to invite to all group chat portals created by the bridge.
          group_chat_invite: []
          # Whether or not the relaybot should not bridge events in unbridged group chats.
          # If false, portals will be created when the relaybot receives messages, just like normal
          # users. This behavior is usually not desirable, as it interferes with manually bridging
          # the chat to another room.
          ignore_unbridged_group_chat: true
          # Whether or not to allow creating portals from Telegram.
          authless_portals: true
          # Whether or not to allow Telegram group admins to use the bot commands.
          whitelist_group_admins: true
          # Whether or not to ignore incoming events sent by the relay bot.
          ignore_own_incoming_events: true
          # List of usernames/user IDs who are also allowed to use the bot commands.
          whitelist: []

  # Telegram config
  telegram:
      # Get your own API keys at https://my.telegram.org/apps
      api_id: {{ matrix_mautrix_telegram_api_id }}
      api_hash: {{ matrix_mautrix_telegram_api_hash }}
      # (Optional) Create your own bot at https://t.me/BotFather
      bot_token: {{ matrix_mautrix_telegram_bot_token }}

      # Telethon connection options.
      connection:
          # The timeout in seconds to be used when connecting.
          timeout: 120
          # How many times the reconnection should retry, either on the initial connection or when
          # Telegram disconnects us. May be set to a negative or null value for infinite retries, but
          # this is not recommended, since the program can get stuck in an infinite loop.
          retries: 5
          # The delay in seconds to sleep between automatic reconnections.
          retry_delay: 1
          # The threshold below which the library should automatically sleep on flood wait errors
          # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
          # is 20s, the library will sleep automatically. If the error was for 21s, it would raise
          # the error instead. Values larger than a day (86400) will be changed to a day.
          flood_sleep_threshold: 60
          # How many times a request should be retried. Request are retried when Telegram is having
          # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
          # there's a migrate error. May take a negative or null value for infinite retries, but this
          # is not recommended, since some requests can always trigger a call fail (such as searching
          # for messages).
          request_retries: 5

      # Device info sent to Telegram.
      device_info:
          # "auto" = OS name+version.
          device_model: auto
          # "auto" = Telethon version.
          system_version: auto
          # "auto" = mautrix-telegram version.
          app_version: auto
          lang_code: en
          system_lang_code: en

      # Custom server to connect to.
      server:
          # Set to true to use these server settings. If false, will automatically
          # use production server assigned by Telegram. Set to false in production.
          enabled: false
          # The DC ID to connect to.
          dc: 2
          # The IP to connect to.
          ip: 149.154.167.40
          # The port to connect to. 443 may not work, 80 is better and both are equally secure.
          port: 80

      # Telethon proxy configuration.
      # You must install PySocks from pip for proxies to work.
      proxy:
          # Allowed types: disabled, socks4, socks5, http
          type: disabled
          # Proxy IP address and port.
          address: 127.0.0.1
          port: 1080
          # Whether or not to perform DNS resolving remotely.
          rdns: true
          # Proxy authentication (optional).
          username: ""
          password: ""

  # Python logging configuration.
  #
  # See section 16.7.2 of the Python documentation for more info:
  # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
  logging:
      version: 1
      formatters:
          precise:
              format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
      handlers:
          console:
              class: logging.StreamHandler
              formatter: precise
      loggers:
          mau:
              level: DEBUG
          telethon:
              level: DEBUG
          aiohttp:
              level: INFO
      root:
          level: DEBUG
          handlers: [console]

 matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_mautrix_telegram_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
@@ -0,0 +1,397 @@
 #jinja2: lstrip_blocks: "True"
 # Homeserver details
 homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: {{ matrix_mautrix_telegram_homeserver_address }}
    # The domain of the homeserver (for MXIDs, etc).
    domain: {{ matrix_mautrix_telegram_homeserver_domain }}
    # Whether or not to verify the SSL certificate of the homeserver.
    # Only applies if address starts with https://
    verify_ssl: true

 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.
 appservice:
    # The address that the homeserver can use to connect to this appservice.
    address: {{ matrix_mautrix_telegram_appservice_address }}

    # The hostname and port where this appservice should listen.
    hostname: 0.0.0.0
    port: 8080
    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
    max_body_size: 1

    # The full URI to the database. SQLite and Postgres are fully supported.
    # Other DBMSes supported by SQLAlchemy may or may not work.
    # Format examples:
    #   SQLite:   sqlite:///filename.db
    #   Postgres: postgres://username:password@hostname/dbname
    database: sqlite:////data/mautrix-telegram.db

    # Public part of web server for out-of-Matrix interaction with the bridge.
    # Used for things like login if the user wants to make sure the 2FA password isn't stored in
    # the HS database.
    public:
        # Whether or not the public-facing endpoints should be enabled.
        enabled: true
        # The prefix to use in the public-facing endpoints.
        prefix: {{ matrix_mautrix_telegram_public_endpoint }}
        # The base URL where the public-facing endpoints are available. The prefix is not added
        # implicitly.
        external: {{ matrix_mautrix_telegram_appservice_public_external }}

    # Provisioning API part of the web server for automated portal creation and fetching information.
    # Used by things like Dimension (https://dimension.t2bot.io/).
    provisioning:
        # Whether or not the provisioning API should be enabled.
        enabled: false
        # The prefix to use in the provisioning API endpoints.
        prefix: /_matrix/provision/v1
        # The shared secret to authorize users of the API.
        # Set to "generate" to generate and save a new token.
        shared_secret: generate

    # The unique ID of this appservice.
    id: telegram
    # Username of the appservice bot.
    bot_username: telegrambot
    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
    # to leave display name/avatar as-is.
    bot_displayname: Telegram bridge bot
    bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX

    # Authentication tokens for AS <-> HS communication.
    as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
    hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"

 # Bridge config
 bridge:
    # Localpart template of MXIDs for Telegram users.
    # {userid} is replaced with the user ID of the Telegram user.
    username_template: "telegram_{userid}"
    # Localpart template of room aliases for Telegram portal rooms.
    # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
    alias_template: "telegram_{groupname}"
    # Displayname template for Telegram users.
    # {displayname} is replaced with the display name of the Telegram user.
    displayname_template: "{displayname} (Telegram)"

    # Set the preferred order of user identifiers which to use in the Matrix puppet display name.
    # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
    # ID is used.
    #
    # If the bridge is working properly, a phone number or an username should always be known, but
    # the other one can very well be empty.
    #
    # Valid keys:
    #   "full name"          (First and/or last name)
    #   "full name reversed" (Last and/or first name)
    #   "first name"
    #   "last name"
    #   "username"
    #   "phone number"
    displayname_preference:
    - full name
    - username
    - phone number
    # Maximum length of displayname
    displayname_max_length: 100

    # Maximum number of members to sync per portal when starting up. Other members will be
    # synced when they send messages. The maximum is 10000, after which the Telegram server
    # will not send any more members.
    # Defaults to no local limit (-> limited to 10000 by server)
    max_initial_member_sync: -1
    # Whether or not to sync the member list in channels.
    # If no channel admins have logged into the bridge, the bridge won't be able to sync the member
    # list regardless of this setting.
    sync_channel_members: true
    # Whether or not to skip deleted members when syncing members.
    skip_deleted_members: true
    # Whether or not to automatically synchronize contacts and chats of Matrix users logged into
    # their Telegram account at startup.
    startup_sync: true
    # Number of most recently active dialogs to check when syncing chats.
    # Dialogs include groups and private chats, but only groups are synced.
    # Set to 0 to remove limit.
    sync_dialog_limit: 30
    # Whether or not to sync and create portals for direct chats at startup.
    sync_direct_chats: false
    # The maximum number of simultaneous Telegram deletions to handle.
    # A large number of simultaneous redactions could put strain on your homeserver.
    max_telegram_delete: 10
    # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
    # at startup and when creating a bridge.
    sync_matrix_state: true
    # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
    # login website (see appservice.public config section)
    allow_matrix_login: true
    # Whether or not to bridge plaintext highlights.
    # Only enable this if your displayname_template has some static part that the bridge can use to
    # reliably identify what is a plaintext highlight.
    plaintext_highlights: false
    # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
    public_portals: true
    # Whether or not to use /sync to get presence, read receipts and typing notifications when using
    # your own Matrix account as the Matrix puppet for your Telegram account.
    sync_with_custom_puppets: true
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
    # instead of users having to find an access token and run `login-matrix`
    # manually.
    login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
    # Set to false to disable link previews in messages sent to Telegram.
    telegram_link_preview: true
    # Use inline images instead of a separate message for the caption.
    # N.B. Inline images are not supported on all clients (e.g. Riot iOS).
    inline_images: false
    # Maximum size of image in megabytes before sending to Telegram as a document.
    image_as_file_size: 10
    # Maximum size of Telegram documents in megabytes to bridge.
    max_document_size: 100
    # Enable experimental parallel file transfer, which makes uploads/downloads much faster by
    # streaming from/to Matrix and using many connections for Telegram.
    # Note that generating HQ thumbnails for videos is not possible with streamed transfers.
    parallel_file_transfer: false
    # Whether or not created rooms should have federation enabled.
    # If false, created portal rooms will never be federated.
    federate_rooms: true
    # Settings for converting animated stickers.
    animated_sticker:
        # Format to which animated stickers should be converted.
        # disable - No conversion, send as-is (gzipped lottie)
        # png - converts to non-animated png (fastest),
        # gif - converts to animated gif, but loses transparency
        # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
        target: gif
        # Arguments for converter. All converters take width and height.
        # GIF converter takes background as a hex color.
        args:
            width: 256
            height: 256
            background: "020202"  # only for gif
            fps: 30               # only for webm
    # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
    # and login_shared_secret to be configured in order to get a device for the bridge bot.
    #
    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
    # application service.
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false

    # Overrides for base power levels.
    initial_power_level_overrides:
        user: {}
        group: {}

    # Whether to bridge Telegram bot messages as m.notices or m.texts.
    bot_messages_as_notices: true
    bridge_notices:
        # Whether or not Matrix bot messages (type m.notice) should be bridged.
        default: false
        # List of user IDs for whom the previous flag is flipped.
        # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
        #      notices from users listed here will be bridged.
        exceptions: []

    # Some config options related to Telegram message deduplication.
    # The default values are usually fine, but some debug messages/warnings might recommend you
    # change these.
    deduplication:
        # Whether or not to check the database if the message about to be sent is a duplicate.
        pre_db_check: false
        # The number of latest events to keep when checking for duplicates.
        # You might need to increase this on high-traffic bridge instances.
        cache_queue_length: 20


    # The formats to use when sending messages to Telegram via the relay bot.
    #
    # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
    #
    # Available variables:
    #   $sender_displayname    - The display name of the sender (e.g. Example User)
    #   $sender_username       - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
    #   $sender_mxid           - The Matrix ID of the sender (e.g. @exampleuser:example.com)
    #   $message               - The message content as HTML
    message_formats:
        m.text: "<b>$sender_displayname</b>: $message"
        m.notice: "<b>$sender_displayname</b>: $message"
        m.emote: "* <b>$sender_displayname</b> $message"
        m.file: "<b>$sender_displayname</b> sent a file: $message"
        m.image: "<b>$sender_displayname</b> sent an image: $message"
        m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
        m.video: "<b>$sender_displayname</b> sent a video: $message"
        m.location: "<b>$sender_displayname</b> sent a location: $message"
    # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
    # users are sent to telegram. All fields in message_formats are supported. Additionally, the
    # Telegram user info is available in the following variables:
    #    $displayname - Telegram displayname
    #    $username    - Telegram username (may not exist)
    #    $mention     - Telegram @username or displayname mention (depending on which exists)
    emote_format: "* $mention $formatted_body"

    # The formats to use when sending state events to Telegram via the relay bot.
    #
    # Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
    # In name_change events, `$prev_displayname` is the previous displayname.
    #
    # Set format to an empty string to disable the messages for that event.
    state_event_formats:
        join: "<b>$displayname</b> joined the room."
        leave: "<b>$displayname</b> left the room."
        name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"

    # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
    # `filter-mode` management commands.
    #
    # Filters do not affect direct chats.
    # An empty blacklist will essentially disable the filter.
    filter:
        # Filter mode to use. Either "blacklist" or "whitelist".
        # If the mode is "blacklist", the listed chats will never be bridged.
        # If the mode is "whitelist", only the listed chats can be bridged.
        mode: blacklist
        # The list of group/channel IDs to filter.
        list: []

    # The prefix for commands. Only required in non-management rooms.
    command_prefix: "!tg"

    # Permissions for using the bridge.
    # Permitted values:
    #   relaybot - Only use the bridge via the relaybot, no access to commands.
    #       user - Relaybot level + access to commands to create bridges.
    #  puppeting - User level + logging in with a Telegram account.
    #       full - Full access to use the bridge, i.e. previous levels + Matrix login.
    #      admin - Full access to use the bridge and some extra administration commands.
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
      '{{ matrix_mautrix_telegram_homeserver_domain }}': full

    # Options related to the message relay Telegram bot.
    relaybot:
        private_chat:
            # List of users to invite to the portal when someone starts a private chat with the bot.
            # If empty, private chats with the bot won't create a portal.
            invite: []
            # Whether or not to bridge state change messages in relaybot private chats.
            state_changes: true
            # When private_chat_invite is empty, this message is sent to users /starting the
            # relaybot. Telegram's "markdown" is supported.
            message: This is a Matrix bridge relaybot and does not support direct chats
        # List of users to invite to all group chat portals created by the bridge.
        group_chat_invite: []
        # Whether or not the relaybot should not bridge events in unbridged group chats.
        # If false, portals will be created when the relaybot receives messages, just like normal
        # users. This behavior is usually not desirable, as it interferes with manually bridging
        # the chat to another room.
        ignore_unbridged_group_chat: true
        # Whether or not to allow creating portals from Telegram.
        authless_portals: true
        # Whether or not to allow Telegram group admins to use the bot commands.
        whitelist_group_admins: true
        # Whether or not to ignore incoming events sent by the relay bot.
        ignore_own_incoming_events: true
        # List of usernames/user IDs who are also allowed to use the bot commands.
        whitelist: []

 # Telegram config
 telegram:
    # Get your own API keys at https://my.telegram.org/apps
    api_id: {{ matrix_mautrix_telegram_api_id }}
    api_hash: {{ matrix_mautrix_telegram_api_hash }}
    # (Optional) Create your own bot at https://t.me/BotFather
    bot_token: {{ matrix_mautrix_telegram_bot_token }}

    # Telethon connection options.
    connection:
        # The timeout in seconds to be used when connecting.
        timeout: 120
        # How many times the reconnection should retry, either on the initial connection or when
        # Telegram disconnects us. May be set to a negative or null value for infinite retries, but
        # this is not recommended, since the program can get stuck in an infinite loop.
        retries: 5
        # The delay in seconds to sleep between automatic reconnections.
        retry_delay: 1
        # The threshold below which the library should automatically sleep on flood wait errors
        # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
        # is 20s, the library will sleep automatically. If the error was for 21s, it would raise
        # the error instead. Values larger than a day (86400) will be changed to a day.
        flood_sleep_threshold: 60
        # How many times a request should be retried. Request are retried when Telegram is having
        # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
        # there's a migrate error. May take a negative or null value for infinite retries, but this
        # is not recommended, since some requests can always trigger a call fail (such as searching
        # for messages).
        request_retries: 5

    # Device info sent to Telegram.
    device_info:
        # "auto" = OS name+version.
        device_model: auto
        # "auto" = Telethon version.
        system_version: auto
        # "auto" = mautrix-telegram version.
        app_version: auto
        lang_code: en
        system_lang_code: en

    # Custom server to connect to.
    server:
        # Set to true to use these server settings. If false, will automatically
        # use production server assigned by Telegram. Set to false in production.
        enabled: false
        # The DC ID to connect to.
        dc: 2
        # The IP to connect to.
        ip: 149.154.167.40
        # The port to connect to. 443 may not work, 80 is better and both are equally secure.
        port: 80

    # Telethon proxy configuration.
    # You must install PySocks from pip for proxies to work.
    proxy:
        # Allowed types: disabled, socks4, socks5, http
        type: disabled
        # Proxy IP address and port.
        address: 127.0.0.1
        port: 1080
        # Whether or not to perform DNS resolving remotely.
        rdns: true
        # Proxy authentication (optional).
        username: ""
        password: ""

 # Python logging configuration.
 #
 # See section 16.7.2 of the Python documentation for more info:
 # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
 logging:
    version: 1
    formatters:
        precise:
            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
    handlers:
        console:
            class: logging.StreamHandler
            formatter: precise
    loggers:
        mau:
            level: DEBUG
        telethon:
            level: DEBUG
        aiohttp:
            level: INFO
    root:
        level: DEBUG
        handlers: [console]
--- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: ''
 #
 # For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mautrix_whatsapp_configuration_yaml: |
  # Homeserver details.
  homeserver:
      # The address that this appservice can use to connect to the homeserver.
      address: {{ matrix_mautrix_whatsapp_homeserver_address }}
      # The domain of the homeserver (for MXIDs, etc).
      domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
  # Application service host/registration related details.
  # Changing these values requires regeneration of the registration.

  appservice:
      # The address that the homeserver can use to connect to this appservice.
      address: {{ matrix_mautrix_whatsapp_appservice_address }}

      # The hostname and port where this appservice should listen.
      hostname: 0.0.0.0
      port: 8080

      # Database config.
      database:
          # The database type. "sqlite3" and "postgres" are supported.
          type: sqlite3
          # The database URI.
          #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
          #   Postgres: Connection string. For example, postgres://user:password@host/database
          uri: mautrix-whatsapp.db
          # Maximum number of connections. Mostly relevant for Postgres.
          max_open_conns: 20
          max_idle_conns: 2

      # Path to the Matrix room state store.
      state_store_path: ./mx-state.json

      # The unique ID of this appservice.
      id: whatsapp
      # Appservice bot details.
      bot:
          # Username of the appservice bot.
          username: whatsappbot
          # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
          # to leave display name/avatar as-is.
          displayname: WhatsApp bridge bot
          avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr

      # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
      as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
      hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"

  # Bridge config
  bridge:
      # Localpart template of MXIDs for WhatsApp users.
      # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
      username_template: "{{ 'whatsapp_{{.}}' }}"
      # Displayname template for WhatsApp users.
      # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
      # {{ '{{.Jid}}' }}    - phone number (international format)
      # The following variables are also available, but will cause problems on multi-user instances:
      # {{ '{{.Name}}' }}   - display name from contact list
      # {{ '{{.Short}}' }}  - short display name from contact list
      displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
      # WhatsApp connection timeout in seconds.
      connection_timeout: 20
      # Maximum number of times to retry connecting on connection error.
      max_connection_attempts: 3
      # Number of seconds to wait between connection attempts.
      # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
      connection_retry_delay: -1
      # Whether or not the bridge should send a notice to the user's management room when it retries connecting.
      # If false, it will only report when it stops retrying.
      report_connection_retry: true
      # Maximum number of seconds to wait for chats to be sent at startup.
      # If this is too low and you have lots of chats, it could cause backfilling to fail.
      chat_list_wait: 30
      # Maximum number of seconds to wait to sync portals before force unlocking message processing.
      # If this is too low and you have lots of chats, it could cause backfilling to fail.
      portal_sync_wait: 600

      # Whether or not to send call start/end notices to Matrix.
      call_notices:
          start: true
          end: true

      # Number of chats to sync for new users.
      initial_chat_sync_count: 10
      # Number of old messages to fill when creating new portal rooms.
      initial_history_fill_count: 20
      # Maximum number of chats to sync when recovering from downtime.
      # Set to -1 to sync all new chats during downtime.
      recovery_chat_sync_limit: -1
      # Whether or not to sync history when recovering from downtime.
      recovery_history_backfill: true
      # Maximum number of seconds since last message in chat to skip
      # syncing the chat in any case. This setting will take priority
      # over both recovery_chat_sync_limit and initial_chat_sync_count.
      # Default is 3 days = 259200 seconds
      sync_max_chat_age: 259200

      # Whether or not to sync with custom puppets to receive EDUs that
      # are not normally sent to appservices.
      sync_with_custom_puppets: true
      # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
      #
      # If set, custom puppets will be enabled automatically for local users
      # instead of users having to find an access token and run `login-matrix`
      # manually.
      login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}

      # Whether or not to invite own WhatsApp user's Matrix puppet into private
      # chat portals when backfilling if needed.
      # This always uses the default puppet instead of custom puppets due to
      # rate limits and timestamp massaging.
      invite_own_puppet_for_backfilling: true
      # Whether or not to explicitly set the avatar and room name for private
      # chat portal rooms. This can be useful if the previous field works fine,
      # but causes room avatar/name bugs.
      private_chat_portal_meta: false

      # Allow invite permission for user. User can invite any bots to room with whatsapp
      # users (private chat and groups)
      allow_user_invite: false

      # The prefix for commands. Only required in non-management rooms.
      command_prefix: "!wa"

      # Permissions for using the bridge.
      # Permitted values:
      #     user - Access to use the bridge to chat with a WhatsApp account.
      #    admin - User level and some additional administration tools
      # Permitted keys:
      #        * - All Matrix users
      #   domain - All users on that homeserver
      #     mxid - Specific user
      permissions:
          "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user

      relaybot:
          # Whether or not relaybot support is enabled.
          enabled: false
          # The management room for the bot. This is where all status notifications are posted and
          # in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
          # the command prefix completely like in user management rooms is not possible.
          management: '!foo:example.com'
          # List of users to invite to all created rooms that include the relaybot.
          invites: []
          # The formats to use when sending messages to WhatsApp via the relaybot.
          message_formats:
              m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
              m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
              m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
              m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
              m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
              m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
              m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
              m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
  # Logging config.
  logging:
      # The directory for log files. Will be created if not found.
      directory: ./logs
      # Available variables: .Date for the file date and .Index for different log files on the same day.
      file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
      # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
      file_date_format: "2006-01-02"
      # Log file permissions.
      file_mode: 0600
      # Timestamp format for log entries in the Go time format.
      timestamp_format: "Jan _2, 2006 15:04:05"
      # Minimum severity for log messages.
      # Options: debug, info, warn, error, fatal
      print_level: debug
 matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_mautrix_whatsapp_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -0,0 +1,169 @@
 #jinja2: lstrip_blocks: "True"
 # Homeserver details.
 homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: {{ matrix_mautrix_whatsapp_homeserver_address }}
    # The domain of the homeserver (for MXIDs, etc).
    domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
 # Application service host/registration related details.
 # Changing these values requires regeneration of the registration.

 appservice:
    # The address that the homeserver can use to connect to this appservice.
    address: {{ matrix_mautrix_whatsapp_appservice_address }}

    # The hostname and port where this appservice should listen.
    hostname: 0.0.0.0
    port: 8080

    # Database config.
    database:
        # The database type. "sqlite3" and "postgres" are supported.
        type: sqlite3
        # The database URI.
        #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
        #   Postgres: Connection string. For example, postgres://user:password@host/database
        uri: mautrix-whatsapp.db
        # Maximum number of connections. Mostly relevant for Postgres.
        max_open_conns: 20
        max_idle_conns: 2

    # Path to the Matrix room state store.
    state_store_path: ./mx-state.json

    # The unique ID of this appservice.
    id: whatsapp
    # Appservice bot details.
    bot:
        # Username of the appservice bot.
        username: whatsappbot
        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
        # to leave display name/avatar as-is.
        displayname: WhatsApp bridge bot
        avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr

    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
    as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
    hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"

 # Bridge config
 bridge:
    # Localpart template of MXIDs for WhatsApp users.
    # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
    username_template: "{{ 'whatsapp_{{.}}' }}"
    # Displayname template for WhatsApp users.
    # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
    # {{ '{{.Jid}}' }}    - phone number (international format)
    # The following variables are also available, but will cause problems on multi-user instances:
    # {{ '{{.Name}}' }}   - display name from contact list
    # {{ '{{.Short}}' }}  - short display name from contact list
    displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
    # WhatsApp connection timeout in seconds.
    connection_timeout: 20
    # Maximum number of times to retry connecting on connection error.
    max_connection_attempts: 3
    # Number of seconds to wait between connection attempts.
    # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
    connection_retry_delay: -1
    # Whether or not the bridge should send a notice to the user's management room when it retries connecting.
    # If false, it will only report when it stops retrying.
    report_connection_retry: true
    # Maximum number of seconds to wait for chats to be sent at startup.
    # If this is too low and you have lots of chats, it could cause backfilling to fail.
    chat_list_wait: 30
    # Maximum number of seconds to wait to sync portals before force unlocking message processing.
    # If this is too low and you have lots of chats, it could cause backfilling to fail.
    portal_sync_wait: 600

    # Whether or not to send call start/end notices to Matrix.
    call_notices:
        start: true
        end: true

    # Number of chats to sync for new users.
    initial_chat_sync_count: 10
    # Number of old messages to fill when creating new portal rooms.
    initial_history_fill_count: 20
    # Maximum number of chats to sync when recovering from downtime.
    # Set to -1 to sync all new chats during downtime.
    recovery_chat_sync_limit: -1
    # Whether or not to sync history when recovering from downtime.
    recovery_history_backfill: true
    # Maximum number of seconds since last message in chat to skip
    # syncing the chat in any case. This setting will take priority
    # over both recovery_chat_sync_limit and initial_chat_sync_count.
    # Default is 3 days = 259200 seconds
    sync_max_chat_age: 259200

    # Whether or not to sync with custom puppets to receive EDUs that
    # are not normally sent to appservices.
    sync_with_custom_puppets: true
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
    # instead of users having to find an access token and run `login-matrix`
    # manually.
    login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}

    # Whether or not to invite own WhatsApp user's Matrix puppet into private
    # chat portals when backfilling if needed.
    # This always uses the default puppet instead of custom puppets due to
    # rate limits and timestamp massaging.
    invite_own_puppet_for_backfilling: true
    # Whether or not to explicitly set the avatar and room name for private
    # chat portal rooms. This can be useful if the previous field works fine,
    # but causes room avatar/name bugs.
    private_chat_portal_meta: false

    # Allow invite permission for user. User can invite any bots to room with whatsapp
    # users (private chat and groups)
    allow_user_invite: false

    # The prefix for commands. Only required in non-management rooms.
    command_prefix: "!wa"

    # Permissions for using the bridge.
    # Permitted values:
    #     user - Access to use the bridge to chat with a WhatsApp account.
    #    admin - User level and some additional administration tools
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
        "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user

    relaybot:
        # Whether or not relaybot support is enabled.
        enabled: false
        # The management room for the bot. This is where all status notifications are posted and
        # in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
        # the command prefix completely like in user management rooms is not possible.
        management: '!foo:example.com'
        # List of users to invite to all created rooms that include the relaybot.
        invites: []
        # The formats to use when sending messages to WhatsApp via the relaybot.
        message_formats:
            m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
            m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
            m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
            m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
            m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
            m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
            m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
            m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
 # Logging config.
 logging:
    # The directory for log files. Will be created if not found.
    directory: ./logs
    # Available variables: .Date for the file date and .Index for different log files on the same day.
    file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
    # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
    file_date_format: "2006-01-02"
    # Log file permissions.
    file_mode: 0600
    # Timestamp format for log entries in the Go time format.
    timestamp_format: "Jan _2, 2006 15:04:05"
    # Minimum severity for log messages.
    # Options: debug, info, warn, error, fatal
    print_level: debug
--- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
@@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: ''
 #
 # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mx_puppet_skype_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"
  bridge:
    # Address for the bridge to bind to; if running as a Docker container, you
    # probably want 0.0.0.0 here
    bindAddress: 0.0.0.0
    # Port to host the bridge on which your homeserver will connect to
    port: {{ matrix_mx_puppet_skype_appservice_port }}
    # Name of your homeserver
    domain: {{ matrix_domain }}
    # URL where the bridge can connect to your homeserver
    homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
    # Optionally specify a different media URL used for the media store
    mediaURL: https://{{ matrix_server_fqn_matrix }}
    # This enabled automatic double-puppeting:
    # A map for shared secrets of the homeserver URL to the shared secret
    # See https://github.com/devture/matrix-synapse-shared-secret-auth
    #loginSharedSecretMap:
    #  yourserver.com: supersecretsharedsecret
    {% if matrix_mx_puppet_skype_login_shared_secret != '' %}
    loginSharedSecretMap:
      {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
    {% endif %}
    # optionally override the display name of the bridge bot
    #displayname: Protocol Bot
    # optionally set the avatar of the bridge bot
    #avatarUrl: mxc://yourserver.com/somefile

  logging:
    # Log level of console output
    # Allowed values starting with most verbose:
    # silly, debug, verbose, info, warn, error
    console: info
    # Optionally, you can apply filters to the console logging
    #console:
    #  level: info
    #  enabled:
    #    - Store
    #  disabled:
    #    - PresenceHandler

    # Date and time formatting
    lineDateFormat: MMM-D HH:mm:ss.SSS
    # Logging files
    # Log files are rotated daily by default
    files:
      # Log file path
      - file: "/data/bridge.log"
        # Log level for this file
        # Allowed values starting with most verbose:
        # silly, debug, verbose, info, warn, error
        level: info
        # Date and time formatting
        datePattern: YYYY-MM-DD
        # Maximum number of logs to keep.
        # This can be a number of files or number of days.
        # If using days, add 'd' as a suffix
        maxFiles: 14d
        # Maximum size of the file after which it will rotate. This can be a
        # number of bytes, or units of kb, mb, and gb. If using the units, add
        # 'k', 'm', or 'g' as the suffix
        maxSize: 50m
        # Optionally enable/disable logging for certain modules
        #disabled:
        #  - PresenceHandler
        #  - module: bot-sdk-MatrixLiteClient
        #    regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
        #enabled:
        #  - Store

  database:
    # Use Postgres as a database backend
    # If set, will be used instead of SQLite3
    # Connection string to connect to the Postgres instance
    # with username "user", password "pass", host "localhost" and database name "dbname".
    # Modify each value as necessary
    #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
    # Use SQLite3 as a database backend
    # The name of the database file
    filename: /data/database.db

  provisioning:
    # Regex of Matrix IDs allowed to use the puppet bridge
    whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
      # Allow a specific user
      #- "@user:server\\.com"
      # Allow users on a specific homeserver
      #- "@.*:yourserver\\.com"
      # Allow anyone
      #- ".*"

    # Regex of Matrix IDs forbidden from using the puppet bridge
    #blacklist:
      # Disallow a specific user
      #- "@user:server\\.com"
      # Disallow users on a specific homeserver
      #- "@.*:yourserver\\.com"
    blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}

  presence:
    # Bridge online/offline status
    enabled: true
    # How often to send status to the homeserver in milliseconds
    interval: 500
    # if the im.vector.user_status state setting should be diabled
    #disableStatusState: false
    # A blacklist of remote user IDs for the im.vector.user_status state setting
    #statusStateBlacklist:
    # - baduser

  relay:
    # Regex of Matrix IDs to allow to use the relay mode
    # Same format as in provisioning
    #whitelist:
      #- "@.*:yourserver\\.com"
    whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}

    #blacklist:
      #- "@user:yourserver\\.com"
    blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}

  # Map certain homeserver URLs to the C-S API endpoint
  # Useful for double-puppeting if .well-known is unavailable for some reason
  #homeserverUrlMap:
  #  yourserver.com: http://localhost:1234

  namePatterns:
    # Override the protocols set default name patterns
    # Which variables are available depends on protocol implementation
    user: :name
    room: :name

  limits:
    # Up to how many users should be auto-joined on room creation? -1 to disable
    # Defaults to 200
    maxAutojoinUsers: 200
    # How long the delay between two autojoin users should be, in millisectonds.
    # Defaults to 5000
    roomUserAutojoinDelay: 5000
 matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_mx_puppet_skype_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
@@ -0,0 +1,138 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Address for the bridge to bind to; if running as a Docker container, you
  # probably want 0.0.0.0 here
  bindAddress: 0.0.0.0
  # Port to host the bridge on which your homeserver will connect to
  port: {{ matrix_mx_puppet_skype_appservice_port }}
  # Name of your homeserver
  domain: {{ matrix_domain }}
  # URL where the bridge can connect to your homeserver
  homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
  # Optionally specify a different media URL used for the media store
  mediaURL: https://{{ matrix_server_fqn_matrix }}
  # This enabled automatic double-puppeting:
  # A map for shared secrets of the homeserver URL to the shared secret
  # See https://github.com/devture/matrix-synapse-shared-secret-auth
  #loginSharedSecretMap:
  #  yourserver.com: supersecretsharedsecret
  {% if matrix_mx_puppet_skype_login_shared_secret != '' %}
  loginSharedSecretMap:
    {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
  {% endif %}
  # optionally override the display name of the bridge bot
  #displayname: Protocol Bot
  # optionally set the avatar of the bridge bot
  #avatarUrl: mxc://yourserver.com/somefile

 logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  # Optionally, you can apply filters to the console logging
  #console:
  #  level: info
  #  enabled:
  #    - Store
  #  disabled:
  #    - PresenceHandler

  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
  # Log files are rotated daily by default
  files:
    # Log file path
    - file: "/data/bridge.log"
      # Log level for this file
      # Allowed values starting with most verbose:
      # silly, debug, verbose, info, warn, error
      level: info
      # Date and time formatting
      datePattern: YYYY-MM-DD
      # Maximum number of logs to keep.
      # This can be a number of files or number of days.
      # If using days, add 'd' as a suffix
      maxFiles: 14d
      # Maximum size of the file after which it will rotate. This can be a
      # number of bytes, or units of kb, mb, and gb. If using the units, add
      # 'k', 'm', or 'g' as the suffix
      maxSize: 50m
      # Optionally enable/disable logging for certain modules
      #disabled:
      #  - PresenceHandler
      #  - module: bot-sdk-MatrixLiteClient
      #    regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
      #enabled:
      #  - Store

 database:
  # Use Postgres as a database backend
  # If set, will be used instead of SQLite3
  # Connection string to connect to the Postgres instance
  # with username "user", password "pass", host "localhost" and database name "dbname".
  # Modify each value as necessary
  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
  # Use SQLite3 as a database backend
  # The name of the database file
  filename: /data/database.db

 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
  whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
    # Allow a specific user
    #- "@user:server\\.com"
    # Allow users on a specific homeserver
    #- "@.*:yourserver\\.com"
    # Allow anyone
    #- ".*"

  # Regex of Matrix IDs forbidden from using the puppet bridge
  #blacklist:
    # Disallow a specific user
    #- "@user:server\\.com"
    # Disallow users on a specific homeserver
    #- "@.*:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}

 presence:
  # Bridge online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500
  # if the im.vector.user_status state setting should be diabled
  #disableStatusState: false
  # A blacklist of remote user IDs for the im.vector.user_status state setting
  #statusStateBlacklist:
  # - baduser

 relay:
  # Regex of Matrix IDs to allow to use the relay mode
  # Same format as in provisioning
  #whitelist:
    #- "@.*:yourserver\\.com"
  whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}

  #blacklist:
    #- "@user:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}

 # Map certain homeserver URLs to the C-S API endpoint
 # Useful for double-puppeting if .well-known is unavailable for some reason
 #homeserverUrlMap:
 #  yourserver.com: http://localhost:1234

 namePatterns:
  # Override the protocols set default name patterns
  # Which variables are available depends on protocol implementation
  user: :name
  room: :name

 limits:
  # Up to how many users should be auto-joined on room creation? -1 to disable
  # Defaults to 200
  maxAutojoinUsers: 200
  # How long the delay between two autojoin users should be, in millisectonds.
  # Defaults to 5000
  roomUserAutojoinDelay: 5000
--- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
@@ -57,99 +57,7 @@ matrix_mx_puppet_slack_homeserver_token: ''
 #
 # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mx_puppet_slack_configuration_yaml: |
  #jinja2: lstrip_blocks: "True"
  bridge:
    # Port to host the bridge on
    # Used for communication between the homeserver and the bridge
    port: {{ matrix_mx_puppet_slack_appservice_port }}
    # The host connections to the bridge's webserver are allowed from
    bindAddress: 0.0.0.0
    # Public domain of the homeserver
    domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
    # Reachable URL of the Matrix homeserver
    homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}


  # Slack OAuth settings. Create a slack app at https://api.slack.com/apps
  oauth:
    enabled: true
    # Slack app credentials.
    # N.B. This must be quoted so YAML wouldn't parse it as a float.
    clientId: "{{ matrix_mx_puppet_slack_client_id }}"
    clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
    # Path where to listen for OAuth redirect callbacks.
    redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
    # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
    # then set this field and the Slack app redirect URI field to the former.
    redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}

  presence:
    # Bridge Discord online/offline status
    enabled: true
    # How often to send status to the homeserver in milliseconds
    interval: 500

  provisioning:
    # Regex of Matrix IDs allowed to use the puppet bridge
    whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
      # Allow a specific user
      #- "@user:server\\.com"
      # Allow users on a specific homeserver
      #- "@.*:yourserver\\.com"
      # Allow anyone
      #- ".*"
    # Regex of Matrix IDs forbidden from using the puppet bridge
    #blacklist:
      # Disallow a specific user
      #- "@user:server\\.com"
      # Disallow users on a specific homeserver
      #- "@.*:yourserver\\.com"
    blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}

    # Shared secret for the provisioning API for use by integration managers.
    # If this is not set, the provisioning API will not be enabled.
    #sharedSecret: random string
    # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
    apiPrefix: /_matrix/provision

  database:
    # Use Postgres as a database backend
    # If set, will be used instead of SQLite3
    # Connection string to connect to the Postgres instance
    # with username "user", password "pass", host "localhost" and database name "dbname".
    # Modify each value as necessary
    #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
    # Use SQLite3 as a database backend
    # The name of the database file
    filename: /data/database.db

  logging:
    # Log level of console output
    # Allowed values starting with most verbose:
    # silly, debug, verbose, info, warn, error
    console: info
    # Date and time formatting
    lineDateFormat: MMM-D HH:mm:ss.SSS
    # Logging files
    # Log files are rotated daily by default
    files:
      # Log file path
      - file: "/data/bridge.log"
        # Log level for this file
        # Allowed values starting with most verbose:
        # silly, debug, verbose, info, warn, error
        level: info
        # Date and time formatting
        datePattern: YYYY-MM-DD
        # Maximum number of logs to keep.
        # This can be a number of files or number of days.
        # If using days, add 'd' as a suffix
        maxFiles: 14d
        # Maximum size of the file after which it will rotate. This can be a
        # number of bytes, or units of kb, mb, and gb. If using the units, add
        # 'k', 'm', or 'g' as the suffix
        maxSize: 50m
 matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_mx_puppet_slack_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
--- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
@@ -0,0 +1,92 @@
 #jinja2: lstrip_blocks: "True"
 bridge:
  # Port to host the bridge on
  # Used for communication between the homeserver and the bridge
  port: {{ matrix_mx_puppet_slack_appservice_port }}
  # The host connections to the bridge's webserver are allowed from
  bindAddress: 0.0.0.0
  # Public domain of the homeserver
  domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
  # Reachable URL of the Matrix homeserver
  homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}


 # Slack OAuth settings. Create a slack app at https://api.slack.com/apps
 oauth:
  enabled: true
  # Slack app credentials.
  # N.B. This must be quoted so YAML wouldn't parse it as a float.
  clientId: "{{ matrix_mx_puppet_slack_client_id }}"
  clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
  # Path where to listen for OAuth redirect callbacks.
  redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
  # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
  # then set this field and the Slack app redirect URI field to the former.
  redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}

 presence:
  # Bridge Discord online/offline status
  enabled: true
  # How often to send status to the homeserver in milliseconds
  interval: 500

 provisioning:
  # Regex of Matrix IDs allowed to use the puppet bridge
  whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
    # Allow a specific user
    #- "@user:server\\.com"
    # Allow users on a specific homeserver
    #- "@.*:yourserver\\.com"
    # Allow anyone
    #- ".*"
  # Regex of Matrix IDs forbidden from using the puppet bridge
  #blacklist:
    # Disallow a specific user
    #- "@user:server\\.com"
    # Disallow users on a specific homeserver
    #- "@.*:yourserver\\.com"
  blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}

  # Shared secret for the provisioning API for use by integration managers.
  # If this is not set, the provisioning API will not be enabled.
  #sharedSecret: random string
  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
  apiPrefix: /_matrix/provision

 database:
  # Use Postgres as a database backend
  # If set, will be used instead of SQLite3
  # Connection string to connect to the Postgres instance
  # with username "user", password "pass", host "localhost" and database name "dbname".
  # Modify each value as necessary
  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
  # Use SQLite3 as a database backend
  # The name of the database file
  filename: /data/database.db

 logging:
  # Log level of console output
  # Allowed values starting with most verbose:
  # silly, debug, verbose, info, warn, error
  console: info
  # Date and time formatting
  lineDateFormat: MMM-D HH:mm:ss.SSS
  # Logging files
  # Log files are rotated daily by default
  files:
    # Log file path
    - file: "/data/bridge.log"
      # Log level for this file
      # Allowed values starting with most verbose:
      # silly, debug, verbose, info, warn, error
      level: info
      # Date and time formatting
      datePattern: YYYY-MM-DD
      # Maximum number of logs to keep.
      # This can be a number of files or number of days.
      # If using days, add 'd' as a suffix
      maxFiles: 14d
      # Maximum size of the file after which it will rotate. This can be a
      # number of bytes, or units of kb, mb, and gb. If using the units, add
      # 'k', 'm', or 'g' as the suffix
      maxSize: 50m
--- a/roles/matrix-dimension/defaults/main.yml
+++ b/roles/matrix-dimension/defaults/main.yml
@@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
 #
 # For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_dimension_configuration_yaml: |
  #jinja2: lstrip_blocks: True
  # The web settings for the service (API and UI).
  # It is best to have this run on localhost and use a reverse proxy to access Dimension.
  web:
    port: 8184
    address: '0.0.0.0'

  # Homeserver configuration
  homeserver:
    # The domain name of the homeserver. This is used in many places, such as with go-neb
    # setups, to identify the homeserver.
    name: "{{ matrix_domain }}"

    # The URL that Dimension, go-neb, and other services provisioned by Dimension should
    # use to access the homeserver with.
    clientServerUrl: "http://matrix-synapse:8008"

    # The URL that Dimension should use when trying to communicate with federated APIs on
    # the homeserver. If not supplied or left empty Dimension will try to resolve the address
    # through the normal federation process.
    federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"

    # The URL that Dimension will redirect media requests to for downloading media such as
    # stickers. If not supplied or left empty Dimension will use the clientServerUrl.
    mediaUrl: "https://{{ matrix_server_fqn_matrix }}"

    # The access token Dimension should use for miscellaneous access to the homeserver. This
    # should be for a user on the configured homeserver: any user will do, however it is
    # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
    # how to acquire an access token, visit https://t2bot.io/docs/access_tokens
    accessToken: "{{ matrix_dimension_access_token }}"

  # These users can modify the integrations this Dimension supports.
  # To access the admin interface, open Dimension in Riot and click the settings icon.
  admins: {{ matrix_dimension_admins|to_json }}

  # IPs and CIDR ranges listed here will be blocked from being widgets.
  # Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
  widgetBlacklist:
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16
    - 127.0.0.0/8

  # Where the database for Dimension is
  database:
    file: "dimension.db"

  # Display settings that apply to self-hosted go-neb instances
  goneb:
    # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
    # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
    # make the bot's avatar an empty string.
    avatars:
      giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
      imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
      github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
      wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
      travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
      rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
      google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
      guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
      echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
      circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
      jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"

  # Settings for how Dimension is represented to the public
  dimension:
    # This is where Dimension is accessible from clients. Be sure to set this
    # to your own Dimension instance.
    publicUrl: "https://{{ matrix_server_fqn_dimension }}"

  # Settings for controlling how logging works
  logging:
    file: /dev/null
    console: true
    consoleLevel: verbose
    fileLevel: info
    rotate:
      size: 52428800 # bytes, default is 50mb
      count: 5

 matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_dimension_configuration_extension_yaml: |
  # Your custom YAML configuration for Dimension goes here.
--- a/roles/matrix-dimension/templates/config.yaml.j2
+++ b/roles/matrix-dimension/templates/config.yaml.j2
@@ -0,0 +1,81 @@
 #jinja2: lstrip_blocks: True
 # The web settings for the service (API and UI).
 # It is best to have this run on localhost and use a reverse proxy to access Dimension.
 web:
  port: 8184
  address: '0.0.0.0'

 # Homeserver configuration
 homeserver:
  # The domain name of the homeserver. This is used in many places, such as with go-neb
  # setups, to identify the homeserver.
  name: "{{ matrix_domain }}"

  # The URL that Dimension, go-neb, and other services provisioned by Dimension should
  # use to access the homeserver with.
  clientServerUrl: "http://matrix-synapse:8008"

  # The URL that Dimension should use when trying to communicate with federated APIs on
  # the homeserver. If not supplied or left empty Dimension will try to resolve the address
  # through the normal federation process.
  federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"

  # The URL that Dimension will redirect media requests to for downloading media such as
  # stickers. If not supplied or left empty Dimension will use the clientServerUrl.
  mediaUrl: "https://{{ matrix_server_fqn_matrix }}"

  # The access token Dimension should use for miscellaneous access to the homeserver. This
  # should be for a user on the configured homeserver: any user will do, however it is
  # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
  # how to acquire an access token, visit https://t2bot.io/docs/access_tokens
  accessToken: "{{ matrix_dimension_access_token }}"

 # These users can modify the integrations this Dimension supports.
 # To access the admin interface, open Dimension in Riot and click the settings icon.
 admins: {{ matrix_dimension_admins|to_json }}

 # IPs and CIDR ranges listed here will be blocked from being widgets.
 # Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
 widgetBlacklist:
  - 10.0.0.0/8
  - 172.16.0.0/12
  - 192.168.0.0/16
  - 127.0.0.0/8

 # Where the database for Dimension is
 database:
  file: "dimension.db"

 # Display settings that apply to self-hosted go-neb instances
 goneb:
  # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
  # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
  # make the bot's avatar an empty string.
  avatars:
    giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
    imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
    github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
    wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
    travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
    rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
    google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
    guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
    echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
    circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
    jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"

 # Settings for how Dimension is represented to the public
 dimension:
  # This is where Dimension is accessible from clients. Be sure to set this
  # to your own Dimension instance.
  publicUrl: "https://{{ matrix_server_fqn_dimension }}"

 # Settings for controlling how logging works
 logging:
  file: /dev/null
  console: true
  consoleLevel: verbose
  fileLevel: info
  rotate:
    size: 52428800 # bytes, default is 50mb
    count: 5
--- a/roles/matrix-ma1sd/defaults/main.yml
+++ b/roles/matrix-ma1sd/defaults/main.yml
@@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true
 #
 # For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_ma1sd_configuration_yaml: |
  #jinja2: lstrip_blocks: True
  matrix:
    domain: {{ matrix_domain }}
    v1: {{ matrix_ma1sd_v1_enabled|to_json }}
    v2: {{ matrix_ma1sd_v2_enabled|to_json }}

  server:
    name: {{ matrix_server_fqn_matrix }}

  key:
    path: /var/ma1sd/sign.key

  storage:
    provider:
      sqlite:
        database: /var/ma1sd/ma1sd.db

  {% if matrix_ma1sd_dns_overwrite_enabled %}
  dns:
    overwrite:
      homeserver:
        client:
          - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
            value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
  {% endif %}

  {% if matrix_ma1sd_matrixorg_forwarding_enabled %}
  forward:
    servers: ['matrix-org']
  {% endif %}

  threepid:
    medium:
      email:
        identity:
          from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
        connectors:
          smtp:
            host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
            port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
            tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
            login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
            password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
  {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
        generators:
          template:
            {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
            invite: '/var/ma1sd/invite-template.eml'
            {% endif %}
            {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
            session:
              {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
              validation: '/var/ma1sd/validate-template.eml'
              {% endif %}
              {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
              unbind:
                frandulent: '/var/ma1sd/unbind-fraudulent.eml'
              {% endif %}
            {% endif %}
            {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
            generic:
              matrixId: '/var/ma1sd/mxid-template.eml'
            {% endif %}
  {% endif %}

  synapseSql:
    enabled: {{ matrix_ma1sd_synapsesql_enabled }}
    type: {{ matrix_ma1sd_synapsesql_type }}
    connection: {{ matrix_ma1sd_synapsesql_connection }}
 matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"

 matrix_ma1sd_configuration_extension_yaml: |
  # Your custom YAML configuration for ma1sd goes here.
--- a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2
+++ b/roles/matrix-ma1sd/templates/ma1sd.yaml.j2
@@ -0,0 +1,69 @@
 #jinja2: lstrip_blocks: True
 matrix:
  domain: {{ matrix_domain }}
  v1: {{ matrix_ma1sd_v1_enabled|to_json }}
  v2: {{ matrix_ma1sd_v2_enabled|to_json }}

 server:
  name: {{ matrix_server_fqn_matrix }}

 key:
  path: /var/ma1sd/sign.key

 storage:
  provider:
    sqlite:
      database: /var/ma1sd/ma1sd.db

 {% if matrix_ma1sd_dns_overwrite_enabled %}
 dns:
  overwrite:
    homeserver:
      client:
        - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
          value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
 {% endif %}

 {% if matrix_ma1sd_matrixorg_forwarding_enabled %}
 forward:
  servers: ['matrix-org']
 {% endif %}

 threepid:
  medium:
    email:
      identity:
        from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
      connectors:
        smtp:
          host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
          port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
          tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
          login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
          password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
 {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
      generators:
        template:
          {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
          invite: '/var/ma1sd/invite-template.eml'
          {% endif %}
          {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
          session:
            {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
            validation: '/var/ma1sd/validate-template.eml'
            {% endif %}
            {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
            unbind:
              frandulent: '/var/ma1sd/unbind-fraudulent.eml'
            {% endif %}
          {% endif %}
          {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
          generic:
            matrixId: '/var/ma1sd/mxid-template.eml'
          {% endif %}
 {% endif %}

 synapseSql:
  enabled: {{ matrix_ma1sd_synapsesql_enabled }}
  type: {{ matrix_ma1sd_synapsesql_type }}
  connection: {{ matrix_ma1sd_synapsesql_connection }}