From 12198a147ba6fd5014b97a635ec66e821b2c2449 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Thu, 21 Apr 2022 06:49:07 -0500 Subject: [PATCH 01/20] Update matrix-bot-matrix-registration-bot.service.j2 --- .../systemd/matrix-bot-matrix-registration-bot.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index ba2a95931..e1aa89548 100644 --- a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -25,7 +25,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reg --mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \ --mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_bot_matrix_registration_bot_config_path }}/env \ {{ matrix_bot_matrix_registration_bot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' From 92384360f53cd1a111997deb522dfecc22dca155 Mon Sep 17 00:00:00 2001 From: Erick Wibben Date: Thu, 21 Apr 2022 06:50:24 -0500 Subject: [PATCH 02/20] Fixed documentation to reflect needed user --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index b1f65a894..c47d5bfd7 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -63,7 +63,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. From de3fc61129beef1368d2cd8bfd685ba05028ec21 Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Thu, 21 Apr 2022 13:53:01 +0200 Subject: [PATCH 03/20] Updated: mautrix-signal v0.3.0 & signald 0.18.0 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 4e95f1f92..c63874e0d 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -8,8 +8,8 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.3 -matrix_mautrix_signal_daemon_version: 0.17.0 +matrix_mautrix_signal_version: v0.3.0 +matrix_mautrix_signal_daemon_version: 0.18.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" From 0b5e4aa784a7d4dc72e5a2b389c5882658f92676 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 15:53:05 +0300 Subject: [PATCH 04/20] Use non-root image for Signald MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1775 Related to https://signald.org/articles/install/docker/#migrating-from-versions-before-0180 > Prior to 0.18.0 the signald container image used the root user, which is not recommended for security reasons. This was fixed in the 0.18.0 release which will start as root, fix permissions on the volume, then drop to the non-root user and start signald. Future images will start as the non-root user, so if you’re upgrading make sure to run 0.18.0 at least once. > A special tag, 0.18.0-non-root, will be published. it starts as the non-root user and does not fix permissions on the volume. --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index c63874e0d..e6b9678dd 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -18,8 +18,9 @@ matrix_mautrix_signal_daemon_container_image_self_build: false matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" -matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}" -matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" +matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}-non-root" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" From 69f684255cf89ac36c5e33037d30eaade1b4a759 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 21 Apr 2022 15:54:29 +0300 Subject: [PATCH 05/20] Fix Signald git repository to unbreak self-building The maunium fork of Signald is no longer up-to-date (does not publish 0.18.0.. at least not yet) and all the necessary changes are now upstream. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1775 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index e6b9678dd..a7532fed3 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -15,7 +15,7 @@ matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautr matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" matrix_mautrix_signal_daemon_container_image_self_build: false -matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" +matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" From 380e8656442cd432c8c1eec7a76ebc36ba9bf79e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 22 Apr 2022 07:41:10 +0200 Subject: [PATCH 06/20] Change list of public servers, old as not functional The old link returned a 404 so I thought I throw in joinmatrix.org :) --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index d9c7a5866..f2df8698b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -55,7 +55,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee - **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting. -- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. +- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://joinmatrix.org/servers/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. - **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server). From 9e0d969ba47480a6355e47c550d828dca5c45afc Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Fri, 22 Apr 2022 13:56:34 +0300 Subject: [PATCH 07/20] Upgrade Heisenbridge (1.10.1 -> 1.12.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 80b3c95af..96ab33821 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.1 +matrix_heisenbridge_version: 1.12.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From fa108b8ae4a4876e8254c1d432d4491cd0e76685 Mon Sep 17 00:00:00 2001 From: Matthew Cengia Date: Fri, 22 Apr 2022 21:47:30 +1000 Subject: [PATCH 08/20] Bump signald to 0.18.1 According to https://signald.org/articles/install/docker/#migrating-from-versions-before-0180, This release only chowns files if the container is running as root. See also this upstream commit: https://gitlab.com/signald/signald/-/commit/3bb7e8d2c128681473e324f811cff25e0883b88d --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index a7532fed3..14a2c35fa 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.18.0 +matrix_mautrix_signal_daemon_version: 0.18.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" @@ -20,7 +20,7 @@ matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }} matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" -matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}-non-root" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" From 68424e68e595e01e68824992062898ec92b26d3f Mon Sep 17 00:00:00 2001 From: Andrea Tartaglia Date: Sat, 23 Apr 2022 11:13:36 +0100 Subject: [PATCH 09/20] feat: make synapse htpasswd file path configurable When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated --- roles/matrix-nginx-proxy/defaults/main.yml | 1 + .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 0aaa53edc..8067b916e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -221,6 +221,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "/nginx-data/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index b15546fe6..9a1576d48 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -161,7 +161,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} @@ -177,7 +177,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} From 290754371a8407c8b21044d40678799d2ad6d633 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 23 Apr 2022 16:19:24 +0300 Subject: [PATCH 10/20] add matrix-bot-buscarron --- docs/configuring-dns.md | 3 + docs/configuring-playbook-bot-buscarron.md | 75 +++++++++++++ group_vars/matrix_servers | 42 +++++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-bot-buscarron/defaults/main.yml | 96 ++++++++++++++++ roles/matrix-bot-buscarron/tasks/init.yml | 5 + roles/matrix-bot-buscarron/tasks/main.yml | 23 ++++ .../tasks/setup_install.yml | 100 +++++++++++++++++ .../tasks/setup_uninstall.yml | 36 ++++++ .../tasks/validate_config.yml | 9 ++ roles/matrix-bot-buscarron/templates/env.j2 | 19 ++++ .../systemd/matrix-bot-buscarron.service.j2 | 39 +++++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-bot-buscarron.conf.j2 | 104 ++++++++++++++++++ setup.yml | 1 + 16 files changed, 575 insertions(+) create mode 100644 docs/configuring-playbook-bot-buscarron.md create mode 100644 roles/matrix-bot-buscarron/defaults/main.yml create mode 100644 roles/matrix-bot-buscarron/tasks/init.yml create mode 100644 roles/matrix-bot-buscarron/tasks/main.yml create mode 100644 roles/matrix-bot-buscarron/tasks/setup_install.yml create mode 100644 roles/matrix-bot-buscarron/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-buscarron/tasks/validate_config.yml create mode 100644 roles/matrix-bot-buscarron/templates/env.j2 create mode 100644 roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index c16ab2fca..666f8a63d 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -38,6 +38,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `sygnal` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | +| CNAME | `buscarron` | - | - | - | `matrix.` | ## Subdomains setup @@ -60,6 +61,8 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. +The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. + ## `_matrix-identity._tcp` SRV record setup To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md new file mode 100644 index 000000000..3e2a395a2 --- /dev/null +++ b/docs/configuring-playbook-bot-buscarron.md @@ -0,0 +1,75 @@ +# Setting up Buscarron (optional) + +The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/buscarron) for you. + +It's a bot you can use to setup **your own helpdesk on matrix** +It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room + +## Registering the bot user + +By default, the playbook will set up the bot with a username like this: `@buscarron:DOMAIN`. + +(to use a different username, adjust the `matrix_bot_buscarron_login` variable). + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_buscarron_enabled: true + +# Adjust this to whatever password you chose when registering the bot user +matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT + +# Adjust accepted forms +matrix_bot_buscarron_forms: + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) + +matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically +matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically +``` + +You will also need to add a DNS record so that buscarron can be accessed. +By default buscarron will use https://buscarron.DOMAIN so you will need to create an CNAME record for `buscarron`. +See [Configuring DNS](configuring-dns.md). + +If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain): + +```yaml +matrix_server_fqn_buscarron: "form.{{ matrix_domain }}" +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, invite the `@buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: + +```html +
+ +
+``` + +You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/buscarron). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 738c71ba7..225d29134 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1047,6 +1047,37 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [ # ###################################################################### +###################################################################### +# +# matrix-bot-buscarron +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_buscarron_enabled: false + +matrix_bot_buscarron_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" + +###################################################################### +# +# /matrix-bot-buscarron +# +###################################################################### + ###################################################################### # @@ -1472,6 +1503,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}" matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}" matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" +matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" @@ -1556,6 +1588,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-client-cinny.service'] if matrix_client_cinny_enabled else []) + + (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else []) + + (['matrix-client-element.service'] if matrix_client_element_enabled else []) + (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else []) @@ -1587,6 +1621,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else []) + + ([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else []) + + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) @@ -1698,6 +1734,12 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_buscarron_database_name, + 'username': matrix_bot_buscarron_database_username, + 'password': matrix_bot_buscarron_database_password, + }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_registration_database_name, 'username': matrix_registration_database_username, diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 498a6c321..645563781 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -37,6 +37,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}" # This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default). matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}" +# This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default). +matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" + # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml new file mode 100644 index 000000000..ca13bf308 --- /dev/null +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -0,0 +1,96 @@ +--- +# buscarron is a helpdesk bot +# See: https://gitlab.com/etke.cc/buscarron + +matrix_bot_buscarron_enabled: true + +matrix_bot_buscarron_container_image_self_build: false +matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" +matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" + +matrix_bot_buscarron_version: latest +matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" +matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" + +matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron" +matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config" +matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data" +matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store" + +# A list of extra arguments to pass to the container +matrix_bot_buscarron_container_extra_arguments: [] + +# List of systemd services that matrix-bot-buscarron.service depends on +matrix_bot_buscarron_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-buscarron.service wants +matrix_bot_buscarron_systemd_wanted_services_list: [] + + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_bot_buscarron_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_bot_buscarron_database_*` variables +matrix_bot_buscarron_database_engine: 'sqlite' + +matrix_bot_buscarron_sqlite_database_path_local: "{{ matrix_bot_buscarron_data_path }}/bot.db" +matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db" + +matrix_bot_buscarron_database_username: 'buscarron' +matrix_bot_buscarron_database_password: 'some-password' +matrix_bot_buscarron_database_hostname: 'matrix-postgres' +matrix_bot_buscarron_database_port: 5432 +matrix_bot_buscarron_database_name: 'buscarron' + +matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable' + +matrix_bot_buscarron_storage_database: "{{ + { + 'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container, + 'postgres': matrix_bot_buscarron_database_connection_string, + }[matrix_bot_buscarron_database_engine] +}}" + +matrix_bot_buscarron_database_dialect: "{{ + { + 'sqlite': 'sqlite3', + 'postgres': 'postgres', + }[matrix_bot_buscarron_database_engine] +}}" + + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_buscarron_password`. +matrix_bot_buscarron_login: "buscarron" + +# The password that the bot uses to authenticate. +matrix_bot_buscarron_password: '' + +# the homeserver URL, uses internal synapse container address by default +matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" + +# forms configuration +matrix_bot_buscarron_forms: [] + +# Sentry DSN +matrix_bot_buscarron_sentry: + +# Log level +matrix_bot_buscarron_loglevel: INFO + +# spam hosts/domains +matrix_bot_buscarron_spam_hosts: [] + +# spam email addresses +matrix_bot_buscarron_spam_emails: [] + +# Additional environment variables to pass to the buscarron container +# +# Example: +# matrix_bot_buscarron_environment_variables_extension: | +# BUSCARRON_LOGLEVEL=DEBUG +matrix_bot_buscarron_environment_variables_extension: '' diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/matrix-bot-buscarron/tasks/init.yml new file mode 100644 index 000000000..3da32948f --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" + when: matrix_bot_buscarron_enabled|bool diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/matrix-bot-buscarron/tasks/main.yml new file mode 100644 index 000000000..63e87dfb8 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml new file mode 100644 index 000000000..0ebe7e426 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -0,0 +1,100 @@ +--- +- set_fact: + matrix_bot_buscarron_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + register: matrix_bot_buscarron_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + dst: "{{ matrix_bot_buscarron_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_bot_buscarron_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-bot-buscarron.service'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_bot_buscarron_requires_restart: true + when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_buscarron_database_engine == 'postgres'" + +- name: Ensure buscarron paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_buscarron_config_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure buscarron environment variables file created + template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_bot_buscarron_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure buscarron image is pulled + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" + when: "not matrix_bot_buscarron_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure buscarron repository is present on self-build + git: + repo: "{{ matrix_bot_buscarron_docker_repo }}" + dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_buscarron_git_pull_results + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure buscarron image is built + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: build + force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_buscarron_docker_src_files_path }}" + pull: true + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure matrix-bot-buscarron.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + mode: 0644 + register: matrix_bot_buscarron_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation + service: + daemon_reload: true + when: "matrix_bot_buscarron_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-buscarron.service restarted, if necessary + service: + name: "matrix-bot-buscarron.service" + state: restarted + when: "matrix_bot_buscarron_requires_restart|bool" diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml new file mode 100644 index 000000000..cc70e79a3 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-buscarron service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + register: matrix_bot_buscarron_service_stat + +- name: Ensure matrix-buscarron is stopped + service: + name: matrix-bot-buscarron + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-buscarron.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + state: absent + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal + service: + daemon_reload: true + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure Matrix buscarron paths don't exist + file: + path: "{{ matrix_bot_buscarron_base_path }}" + state: absent + +- name: Ensure buscarron Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/matrix-bot-buscarron/tasks/validate_config.yml new file mode 100644 index 000000000..5a517d394 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_buscarron_password" diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 new file mode 100644 index 000000000..c833f27be --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -0,0 +1,19 @@ +BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }} +BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }} +BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }} +BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} +BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} +BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} +BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} +BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +{% set forms = [] %} +{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} +BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} +BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} +BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +{% endfor %} +BUSCARRON_LIST={{ forms|join(" ") }} + +{{ matrix_bot_buscarron_environment_variables_extension }} diff --git a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 new file mode 100644 index 000000000..fd6d03100 --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -0,0 +1,39 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix web forms bot +{% for service in matrix_bot_buscarron_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_buscarron_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_buscarron_config_path }}/env \ + --mount type=bind,src={{ matrix_bot_buscarron_data_path }},dst=/data \ + {% for arg in matrix_bot_buscarron_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_buscarron_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-buscarron + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 0aaa53edc..ed8a88171 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -159,6 +159,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}" matrix_nginx_proxy_proxy_cinny_enabled: false matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}" +# Controls whether proxying the buscarron domain should be done. +matrix_nginx_proxy_proxy_buscarron_enabled: false +matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}" + # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" @@ -303,6 +307,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf). matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf). +matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 30001dd29..a559e1090 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -110,6 +110,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_cinny_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_buscarron_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for dimension domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" @@ -259,6 +266,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 new file mode 100644 index 000000000..0ce1473be --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 @@ -0,0 +1,104 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header Content-Security-Policy "frame-ancestors 'none'"; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-buscarron:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/setup.yml b/setup.yml index d24c3c991..ce36d1cec 100755 --- a/setup.yml +++ b/setup.yml @@ -38,6 +38,7 @@ - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-matrix-registration-bot + - matrix-bot-buscarron - matrix-bot-honoroit - matrix-bot-go-neb - matrix-bot-mjolnir From 5ae93fbf2bc5c2288ede6f338c9f404dd3035cf5 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 23 Apr 2022 17:11:24 +0300 Subject: [PATCH 11/20] add buscarron to the readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 631dc297d..26f109404 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation +- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. From b720b15de64d5e12e2543cb9d57e710c4236148d Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 24 Apr 2022 09:50:23 +0300 Subject: [PATCH 12/20] buscarron v1.0.0 --- roles/matrix-bot-buscarron/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index ca13bf308..6322144eb 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: latest +matrix_bot_buscarron_version: v1.0.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" From 2d21a70b3e9f835c94080f0298cec68c56956c3d Mon Sep 17 00:00:00 2001 From: Sekki21956 Date: Mon, 25 Apr 2022 02:05:13 +0200 Subject: [PATCH 13/20] Update path to signald Dockerfile --- roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index c7202f05a..06f77348b 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -70,7 +70,7 @@ force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: Containerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" From c83c70ac35687cb620c3c23656c62bdfd8ac7a9f Mon Sep 17 00:00:00 2001 From: Matthew Cengia Date: Mon, 25 Apr 2022 10:21:48 +1000 Subject: [PATCH 14/20] Don't self-build signald image on arm64, as upstream image exists --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 738c71ba7..bcd26b993 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != ['amd64', 'arm64'] }}" ###################################################################### # From 47e5bab784339b416f67b5a5d5a006c1df9a289a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 09:22:01 +0300 Subject: [PATCH 15/20] Fix self-building if condition --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bcd26b993..d42567347 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != ['amd64', 'arm64'] }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # From c92af9fe894d466e9b02e1279ecda9f7161b1a60 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 25 Apr 2022 09:40:49 +0300 Subject: [PATCH 16/20] matrix-bot-buscarron: feedback --- docs/configuring-playbook-bot-buscarron.md | 14 +++++++------- roles/matrix-bot-buscarron/defaults/main.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 3e2a395a2..5a2c327d8 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -7,7 +7,7 @@ It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matri ## Registering the bot user -By default, the playbook will set up the bot with a username like this: `@buscarron:DOMAIN`. +By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`. (to use a different username, adjust the `matrix_bot_buscarron_login` variable). @@ -32,11 +32,11 @@ matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT # Adjust accepted forms matrix_bot_buscarron_forms: - - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact - room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted - redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission - ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m - extensions: [] # (optional) list of form extensions (not used yet) + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically @@ -64,7 +64,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, invite the `@buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: +To use the bot, invite the `@bot.buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: ```html
diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml index 6322144eb..96e8ef91a 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -65,7 +65,7 @@ matrix_bot_buscarron_database_dialect: "{{ # The bot's username. This user needs to be created manually beforehand. # Also see `matrix_bot_buscarron_password`. -matrix_bot_buscarron_login: "buscarron" +matrix_bot_buscarron_login: "bot.buscarron" # The password that the bot uses to authenticate. matrix_bot_buscarron_password: '' From 4a0b8397680119432287c175dad68f479324cb82 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 09:42:36 +0300 Subject: [PATCH 17/20] Automatically do the right thing with regards to Synapse Metrics htpasswd .. regardless of whether matrix-nginx-proxy runs in a container or not --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8067b916e..3c68e7753 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -221,7 +221,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" -matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "/nginx-data/matrix-synapse-metrics-htpasswd" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. From 2f33b330ff58d676e5db5081a60d6a3fadcf56c6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 10:29:09 +0300 Subject: [PATCH 18/20] Announce Buscarron bot support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fdac2aa1..03ce5c7b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-04-25 + +## buscarron bot support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [the Buscarron bot](https://gitlab.com/etke.cc/buscarron). It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room + +See our [Setting up Buscarron](docs/configuring-playbook-bot-buscarron.md) documentation to get started. + + # 2022-04-21 ## matrix-registration-bot support From 1163e9880fda08bb55d46e6b388c35efb0c4fc75 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 25 Apr 2022 10:37:35 +0300 Subject: [PATCH 19/20] Link to Buscarron bot from configuring docs page Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782 --- docs/configuring-playbook.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 5233a6626..16a7aeeb6 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -145,13 +145,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) +- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) -- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) +- [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional) + ### Backups From 4d08e935a2f235f36f261a54aa5233e77848a70e Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 25 Apr 2022 12:36:27 +0300 Subject: [PATCH 20/20] matrix-bot-buscarron: fix username in docs --- docs/configuring-playbook-bot-buscarron.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 5a2c327d8..3a5822abd 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -14,7 +14,7 @@ By default, the playbook will set up the bot with a username like this: `@bot.bu You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): ``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.