Add MatrixZulipBridge: copy matrix-bridge-heisenbridge

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

roles/custom/matrix-bridge-matrixzulipbridge/defaults/main.yml

@@ -0,0 +1,125 @@
+# SPDX-FileCopyrightText: 2021 - 2022 Toni Spets
+# SPDX-FileCopyrightText: 2022 - 2023 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+# Heisenbridge is a bouncer-style Matrix IRC bridge
+# Project source code URL: https://github.com/hifi/heisenbridge
+
+matrix_heisenbridge_enabled: true
+
+matrix_heisenbridge_scheme: https
+matrix_heisenbridge_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_heisenbridge_path_prefix: "/heisenbridge"
+
+# renovate: datasource=docker depName=hif1/heisenbridge
+matrix_heisenbridge_version: 1.15.4
+matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
+matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
+matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
+matrix_heisenbridge_docker_image_registry_prefix_upstream_default: "docker.io/"
+matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
+
+# Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one
+matrix_heisenbridge_owner: ""
+
+# Enabling identd will bind to host port 113/TCP
+matrix_heisenbridge_identd_enabled: false
+
+matrix_heisenbridge_base_path: "{{ matrix_base_data_path }}/heisenbridge"
+
+matrix_heisenbridge_container_network: ""
+
+matrix_heisenbridge_container_additional_networks: "{{ matrix_heisenbridge_container_additional_networks_auto + matrix_heisenbridge_container_additional_networks_custom }}"
+matrix_heisenbridge_container_additional_networks_auto: []
+matrix_heisenbridge_container_additional_networks_custom: []
+
+# Controls how long to wait for the container to stop gracefully before killing it.
+# We use a small value here, because this container does not seem to handle the SIGTERM signal.
+matrix_heisenbridge_container_stop_grace_time_seconds: 1
+
+# matrix_heisenbridge_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
+# See `../templates/labels.j2` for details.
+#
+# To inject your own other container labels, see `matrix_heisenbridge_container_labels_additional_labels`.
+matrix_heisenbridge_container_labels_traefik_enabled: true
+matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_heisenbridge_container_network }}"
+matrix_heisenbridge_container_labels_traefik_hostname: "{{ matrix_heisenbridge_hostname }}"
+matrix_heisenbridge_container_labels_traefik_path_prefix: "{{ matrix_heisenbridge_path_prefix }}"
+matrix_heisenbridge_container_labels_traefik_entrypoints: web-secure
+matrix_heisenbridge_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls if the media router is enabled
+matrix_heisenbridge_container_labels_traefik_media_enabled: true
+matrix_heisenbridge_container_labels_traefik_media_hostname: "{{ matrix_heisenbridge_container_labels_traefik_hostname }}"
+# The path prefix must either be `/` or not end with a slash (e.g. `/heisenbridge`).
+matrix_heisenbridge_container_labels_traefik_media_path_prefix: "{{ '' if matrix_heisenbridge_container_labels_traefik_path_prefix == '/' else (matrix_heisenbridge_container_labels_traefik_path_prefix) }}/_heisenbridge/media"
+matrix_heisenbridge_container_labels_traefik_media_rule: "Host(`{{ matrix_heisenbridge_container_labels_traefik_media_hostname }}`){% if matrix_heisenbridge_container_labels_traefik_media_path_prefix != '/' %} && PathPrefix(`{{ matrix_heisenbridge_container_labels_traefik_media_path_prefix }}`){% endif %}"
+matrix_heisenbridge_container_labels_traefik_media_priority: 0
+matrix_heisenbridge_container_labels_traefik_media_entrypoints: "{{ matrix_heisenbridge_container_labels_traefik_entrypoints }}"
+matrix_heisenbridge_container_labels_traefik_media_tls: "{{ matrix_heisenbridge_container_labels_traefik_media_entrypoints != 'web' }}"
+matrix_heisenbridge_container_labels_traefik_media_tls_certResolver: "{{ matrix_heisenbridge_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
+# matrix_heisenbridge_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_heisenbridge_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_heisenbridge_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_heisenbridge_container_extra_arguments: []
+
+# List of systemd services that service depends on.
+matrix_heisenbridge_systemd_required_services_list: "{{ matrix_heisenbridge_systemd_required_services_list_default + matrix_heisenbridge_systemd_required_services_list_auto + matrix_heisenbridge_systemd_required_services_list_custom }}"
+matrix_heisenbridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_heisenbridge_systemd_required_services_list_auto: []
+matrix_heisenbridge_systemd_required_services_list_custom: []
+
+# List of systemd services that service wants
+matrix_heisenbridge_systemd_wanted_services_list: []
+
+matrix_heisenbridge_homeserver_url: ""
+
+matrix_heisenbridge_appservice_token: ''
+matrix_heisenbridge_homeserver_token: ''
+
+matrix_heisenbridge_config_media_url: "{{ matrix_heisenbridge_scheme }}://{{ matrix_heisenbridge_hostname }}"
+# This matches the hardcoded `DEFAULT_MEDIA_PATH` in Heisenbridge, but uses `matrix_heisenbridge_path_prefix` as the path prefix.
+# See: https://github.com/hifi/heisenbridge/blob/7e18a5818f4a8c86cc62e474eee1631d16cb2602/heisenbridge/__main__.py#L66
+matrix_heisenbridge_config_media_path: "{{ matrix_heisenbridge_container_labels_traefik_media_path_prefix }}/{server}/{media_id}/{checksum}{filename}"
+matrix_heisenbridge_config_media_key: "{{ matrix_heisenbridge_homeserver_token }}"
+matrix_heisenbridge_config_displayname: "Heisenbridge"
+
+matrix_heisenbridge_registration_yaml_heisenbridge:
+  media_url: "{{ matrix_heisenbridge_config_media_url }}"
+  media_path: "{{ matrix_heisenbridge_config_media_path }}"
+  media_key: "{{ matrix_heisenbridge_config_media_key }}"
+  displayname: "{{ matrix_heisenbridge_config_displayname }}"
+
+# Default registration file consumed by both the homeserver and Heisenbridge.
+# Besides registration information, it contains configuration (see the Heisenbridge key).
+matrix_heisenbridge_registration_yaml:
+  id: heisenbridge
+  url: http://matrix-heisenbridge:9898
+  as_token: "{{ matrix_heisenbridge_appservice_token }}"
+  hs_token: "{{ matrix_heisenbridge_homeserver_token }}"
+  rate_limited: false
+  sender_localpart: heisenbridge
+  namespaces:
+    users:
+      - regex: '@hbirc_.*'
+        exclusive: true
+    aliases: []
+    rooms: []
+  heisenbridge: "{{ matrix_heisenbridge_registration_yaml_heisenbridge }}"
+
+matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml | from_yaml }}"

roles/custom/matrix-bridge-matrixzulipbridge/tasks/main.yml

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2021 Toni Spets
+# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- tags:
+    - setup-all
+    - setup-heisenbridge
+    - install-all
+    - install-heisenbridge
+  block:
+    - when: matrix_heisenbridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_heisenbridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+    - setup-all
+    - setup-heisenbridge
+  block:
+    - when: not matrix_heisenbridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

roles/custom/matrix-bridge-matrixzulipbridge/tasks/setup_install.yml

@@ -0,0 +1,63 @@
+# SPDX-FileCopyrightText: 2021 Toni Spets
+# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Jim Myhrberg
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 David Mehren
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Ensure Heisenbridge image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_heisenbridge_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure Heisenbridge paths exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+  with_items:
+    - "{{ matrix_heisenbridge_base_path }}"
+
+- name: Ensure Heisenbridge registration.yaml installed if provided
+  ansible.builtin.copy:
+    content: "{{ matrix_heisenbridge_registration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+
+- name: Ensure Heisenbridge support files installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_heisenbridge_base_path }}/{{ item }}"
+    mode: 0640
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+  with_items:
+    - labels
+
+- name: Ensure Heisenbridge container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_heisenbridge_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure matrix-heisenbridge.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
+    mode: 0644

roles/custom/matrix-bridge-matrixzulipbridge/tasks/setup_uninstall.yml

@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2021 - 2022 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2021 Michael Sasser
+# SPDX-FileCopyrightText: 2021 Toni Spets
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of matrix-heisenbridge service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
+  register: matrix_heisenbridge_service_stat
+
+- when: matrix_heisenbridge_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-heisenbridge is stopped
+      ansible.builtin.service:
+        name: matrix-heisenbridge
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-heisenbridge.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
+        state: absent

roles/custom/matrix-bridge-matrixzulipbridge/tasks/validate_config.yml

@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Fail if required Heisenbridge settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
+  with_items:
+    - {'name': 'matrix_heisenbridge_container_network', when: true}
+    - {'name': 'matrix_heisenbridge_homeserver_url', when: true}

roles/custom/matrix-bridge-matrixzulipbridge/templates/labels.j2

@@ -0,0 +1,58 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if matrix_heisenbridge_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_heisenbridge_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_heisenbridge_container_labels_traefik_docker_network }}
+{% endif %}
+
+traefik.http.services.matrix-heisenbridge.loadbalancer.server.port=9898
+
+{% set middlewares = [] %}
+
+{% if matrix_heisenbridge_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-heisenbridge-strip-prefix.stripprefix.prefixes={{ matrix_heisenbridge_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-heisenbridge-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_heisenbridge_container_labels_traefik_media_enabled %}
+##########################################################################
+#                                                                        #
+# Media                                                                  #
+#                                                                        #
+##########################################################################
+
+traefik.http.routers.matrix-heisenbridge-media.rule={{ matrix_heisenbridge_container_labels_traefik_media_rule }}
+
+{% if matrix_heisenbridge_container_labels_traefik_media_priority | int > 0 %}
+traefik.http.routers.matrix-heisenbridge-media.priority={{ matrix_heisenbridge_container_labels_traefik_media_priority }}
+{% endif %}
+
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-heisenbridge-media.middlewares={{ middlewares | join(',') }}
+{% endif %}
+
+traefik.http.routers.matrix-heisenbridge-media.service=matrix-heisenbridge
+traefik.http.routers.matrix-heisenbridge-media.entrypoints={{ matrix_heisenbridge_container_labels_traefik_entrypoints }}
+
+traefik.http.routers.matrix-heisenbridge-media.tls={{ matrix_heisenbridge_container_labels_traefik_media_tls | to_json }}
+{% if matrix_heisenbridge_container_labels_traefik_media_entrypoints %}
+traefik.http.routers.matrix-heisenbridge-media.tls.certResolver={{ matrix_heisenbridge_container_labels_traefik_media_tls_certResolver }}
+{% endif %}
+
+##########################################################################
+#                                                                        #
+# /Media                                                                 #
+#                                                                        #
+##########################################################################
+{% endif %}
+
+
+{% endif %}
+
+{{ matrix_heisenbridge_container_labels_additional_labels }}

roles/custom/matrix-bridge-matrixzulipbridge/templates/systemd/matrix-heisenbridge.service.j2

@@ -0,0 +1,60 @@
+#jinja2: lstrip_blocks: True
+[Unit]
+Description=a bouncer-style Matrix IRC bridge
+{% for service in matrix_heisenbridge_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_heisenbridge_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ matrix_heisenbridge_container_stop_grace_time_seconds }} matrix-heisenbridge
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-heisenbridge \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_heisenbridge_container_network }} \
+			{% if matrix_heisenbridge_identd_enabled %}
+			-p 113:13113 \
+			{% endif %}
+			--mount type=bind,src={{ matrix_heisenbridge_base_path }},dst=/config \
+			--label-file={{ matrix_heisenbridge_base_path }}/labels \
+			{% for arg in matrix_heisenbridge_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_heisenbridge_docker_image }} \
+			{% if matrix_heisenbridge_identd_enabled %}
+			--identd \
+			--identd-port 13113 \
+			{% endif %}
+			{% if matrix_heisenbridge_owner %}
+			-o {{ matrix_heisenbridge_owner }} \
+			{% endif %}
+			--config /config/registration.yaml \
+			--listen-address 0.0.0.0 \
+			--listen-port 9898 \
+			{{ matrix_heisenbridge_homeserver_url }}
+
+{% for network in matrix_heisenbridge_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-heisenbridge
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-heisenbridge
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ matrix_heisenbridge_container_stop_grace_time_seconds }} matrix-heisenbridge
+ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-heisenbridge
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-bridge-matrixzulipbridge/templates/systemd/matrix-heisenbridge.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2021 Toni Spets
+SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later