diff --git a/.codespellrc b/.codespellrc new file mode 100644 index 000000000..83ec2578c --- /dev/null +++ b/.codespellrc @@ -0,0 +1,2 @@ +[codespell] +ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr diff --git a/.envrc b/.envrc index 8392d159f..3550a30f2 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use flake \ No newline at end of file +use flake diff --git a/.github/renovate.json b/.github/renovate.json index 18347a32b..5565fefde 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -9,8 +9,8 @@ "customManagers": [ { "customType": "regex", - "fileMatch": [ - "defaults/main.yml$" + "managerFilePatterns": [ + "/defaults/main.yml$/" ], "matchStrings": [ "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?.+?)[\"']?\\s" @@ -20,6 +20,7 @@ "packageRules": [ { "ignoreUnstable": false, + "versioning": "loose", "matchSourceUrls": [ "https://github.com/devture/com.devture.ansible.role{/,}**", "https://github.com/mother-of-all-self-hosting{/,}**" @@ -28,5 +29,8 @@ ], "ignoreDeps": [ "ghcr.io/matrixgpt/matrix-chatgpt-bot" - ] + ], + "pre-commit": { + "enabled": true + } } diff --git a/.github/workflows/close-stale-issues.yml b/.github/workflows/close-stale-issues.yml index 13da4f81a..78df98cf9 100644 --- a/.github/workflows/close-stale-issues.yml +++ b/.github/workflows/close-stale-issues.yml @@ -19,7 +19,7 @@ jobs: if: github.repository == 'spantaleev/matrix-docker-ansible-deploy' runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: ###################################################################### # Issues/PRs diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 0f9abd338..219b0debf 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -7,9 +7,7 @@ --- name: Matrix CI -on: # yamllint disable-line rule:truthy - push: - pull_request: +on: [push, pull_request] # yamllint disable-line rule:truthy jobs: yamllint: @@ -17,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run yamllint uses: frenck/action-yamllint@v1.5.0 ansible-lint: @@ -25,8 +23,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out - uses: actions/checkout@v4 + uses: actions/checkout@v5 + - name: Run ansible-lint - uses: ansible-community/ansible-lint-action@v6.17.0 + uses: ansible/ansible-lint@v25.8.2 with: - path: roles/custom + args: "roles/custom" + setup_python: "true" + working_directory: "" + requirements_file: requirements.yml + precommit: + name: Run pre-commit + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v5 + - name: Run pre-commit + uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml deleted file mode 100644 index 34b7a09bf..000000000 --- a/.github/workflows/reuse.yml +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. -# -# SPDX-License-Identifier: CC0-1.0 ---- -name: REUSE Compliance Check - -on: [push, pull_request] # yamllint disable-line rule:truthy - -permissions: - contents: read - -jobs: - reuse-compliance-check: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: REUSE Compliance Check - uses: fsfe/reuse-action@v5 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 000000000..45fc03d7d --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,26 @@ +--- +default_install_hook_types: [pre-push] + +exclude: "LICENSES/" + +# See: https://pre-commit.com/hooks.html +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v6.0.0 + hooks: + # - id: check-executables-have-shebangs + - id: check-added-large-files + - id: check-case-conflict + - id: check-json + - id: check-toml + - id: trailing-whitespace + - id: end-of-file-fixer + - repo: https://github.com/codespell-project/codespell + rev: v2.4.1 + hooks: + - id: codespell + args: ["--skip=*.po,*.pot,i18n/"] + - repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook + rev: v5.1.1 + hooks: + - id: reuse diff --git a/CHANGELOG.md b/CHANGELOG.md index 84b1dd658..cd8d2089e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +# 2025-04-26 + +## Continuwuity support + +Thanks to [Virkkunen](https://github.com/Virkkunen), we now have optional experimental [Continuwuity](./docs/configuring-playbook-continuwuity.md) homeserver support. + +Continuwuity is a fork of [conduwuit](./docs/configuring-playbook-conduwuit.md), which the playbook also supports. It appears that conduwuit has been abandoned and various forks (like Continuwuity, [Tuwunel](https://github.com/matrix-construct/tuwunel) and possibly others) are continuing in its path. + +Existing installations do **not** need to be updated. **Synapse is still the default homeserver implementation** installed by the playbook. + +People that used to run conduwuit, may wish to: + +- either [migrate from conduwuit to Continuwuity](./docs/configuring-playbook-continuwuity.md#migrating-from-conduwuit) +- or wait for some of the other forks to progress and for support for them to get added to the playbook + +**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse/Conduit/Dendrite to Continuwuity) without data loss. + + # 2025-04-09 ## Element Call frontend installation is now optional @@ -138,7 +156,7 @@ To **completely eliminate the problem** of DDoS amplification attacks done throu The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by default**. -💡 Users may wish to further remove the (now unnnecessary) firewall rule allowing access to `3478/udp`. +💡 Users may wish to further remove the (now unnecessary) firewall rule allowing access to `3478/udp`. If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file: @@ -152,7 +170,7 @@ matrix_coturn_container_stun_plain_host_bind_port_udp: "3478" # 2025-02-17 -## FluffyChat Web suport +## FluffyChat Web support Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [FluffyChat Web](https://github.com/krille-chan/fluffychat) as an additional Matrix client you can self-host. @@ -174,7 +192,7 @@ The playbook will let you know if you're using any `matrix_mautrix_hangouts_*` v ## Redis and KeyDB are no longer part of the playbook -**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly definining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead. +**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly defining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead. The playbook has gone through several iterations of memorystore implementations: @@ -727,7 +745,7 @@ For people building commercial products on top of Synapse, they may have to eith We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own! -If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by intruducing a new Ansible variable. You can do it like this: +If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by introducing a new Ansible variable. You can do it like this: ```yaml # Switch the organization that Synapse container images (or source code for self-building) are pulled from. @@ -810,7 +828,7 @@ Despite these downsides (which the playbook manages automatically), we believe i People running the default Traefik setup do not need to do anything to make Traefik take on this extra job. Your Traefik configuration will be updated automatically. -**People runnning their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below. +**People running their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below. You may disable Traefik acting as an intermediary by explicitly setting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled` to `false`. Services would then be configured to talk to the homeserver directly, giving you a slight performance boost and a "simpler" Traefik setup. However, such a configuration is less tested and will cause troubles, especially if you enable more services (like `matrix-media-repo`, etc.) in the future. As such, it's not recommended. @@ -2833,7 +2851,7 @@ As always, re-running the playbook is enough to get the updated bits. ## SMS bridging requires db reset -The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`. +The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new required var `matrix_sms_bridge_default_region`. To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information. @@ -2865,7 +2883,7 @@ Until the issue gets fixed, we're making User Directory search not go to ma1sd b This upgrades matrix-appservice-irc from 0.14.1 to 0.16.0. Upstream made a change to how you define manual mappings. If you added a -`mapping` to your configuration, you will need to update it accoring +`mapping` to your configuration, you will need to update it according to the [upstream instructions](https://github.com/matrix-org/matrix-appservice-irc/blob/master/CHANGELOG.md#0150-2020-02-05). If you did not include `mappings` in your configuration for IRC, no change is necessary. `mappings` is not part of the default @@ -3028,7 +3046,7 @@ As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unw Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**. -As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively. +As with anything else, these new defaults can be overridden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively. # 2019-10-05 @@ -3582,7 +3600,7 @@ The following changes had to be done: - glue variables had to be introduced to the playbook, so it can wire together the various components. Those glue vars are stored in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. When overriding variables for a given component (role), you need to be aware of both the role defaults (`role/ROLE/defaults/main.yml`) and the role's corresponding section in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. -- `matrix_postgres_use_external` has been superceeded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement. +- `matrix_postgres_use_external` has been superseded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement. - Postgres tools (`matrix-postgres-cli` and `matrix-make-user-admin`) are no longer installed if you're not enabling the `matrix-postgres` role (`matrix_postgres_enabled: false`) @@ -3771,7 +3789,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://dimension.t2bot.io/widge There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse. -You may wish to reenable TLSv1 if you need to access Riot in older browsers. +You may wish to re-enable TLSv1 if you need to access Riot in older browsers. Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details. diff --git a/README.md b/README.md index 47b4074c4..227a6300a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) [![REUSE status](https://api.reuse.software/badge/github.com/spantaleev/matrix-docker-ansible-deploy)](https://api.reuse.software/info/github.com/spantaleev/matrix-docker-ansible-deploy) +[![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com&fetchMode=summary)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) [![REUSE status](https://api.reuse.software/badge/github.com/spantaleev/matrix-docker-ansible-deploy)](https://api.reuse.software/info/github.com/spantaleev/matrix-docker-ansible-deploy) # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker @@ -53,6 +53,7 @@ The homeserver is the backbone of your Matrix system. Choose one from the follow | [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) | | [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) | | [conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) | +| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | [Link](docs/configuring-playbook-continuwuity.md) | | [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) | ### Clients diff --git a/REUSE.toml b/REUSE.toml index 076d318ff..ba7d641f7 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -13,10 +13,12 @@ path = [ "i18n/PUBLISHED_LANGUAGES", "i18n/requirements.txt", "roles/custom/**/*.repo", + ".codespellrc", ".editorconfig", ".envrc", ".gitattributes", ".gitignore", + ".pre-commit-config.yaml", ".yamllint", "ansible.cfg", "flake.lock", diff --git a/YEAR-IN-REVIEW.md b/YEAR-IN-REVIEW.md index e66882873..8ca6db9cb 100644 --- a/YEAR-IN-REVIEW.md +++ b/YEAR-IN-REVIEW.md @@ -11,7 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later 2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable. -AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possiblity of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to: +AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possibility of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to: * complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult * the current setup became "good enough" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way. diff --git a/docs/README.md b/docs/README.md index 0473b77e5..266fad593 100644 --- a/docs/README.md +++ b/docs/README.md @@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later # Table of Contents -## ⬇️ Installaton guides +## ⬇️ Installation guides There are two installation guides available for beginners and advanced users. diff --git a/docs/ansible.md b/docs/ansible.md index ff0398374..454824bd2 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -20,10 +20,13 @@ To manually check which version of Ansible you're on, run: `ansible --version`. For the **best experience**, we recommend getting the **latest version of Ansible available**. -We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`). +We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`). If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker). +> [!WARNING] +> One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory. + ## Upgrading Ansible Depending on your distribution, you may be able to upgrade Ansible in a few different ways: @@ -71,7 +74,7 @@ docker run \ -w /work \ --mount type=bind,src=`pwd`,dst=/work \ --entrypoint=/bin/sh \ -ghcr.io/devture/ansible:11.1.0-r0-0 +ghcr.io/devture/ansible:11.6.0-r0-0 ``` Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. @@ -92,7 +95,7 @@ docker run \ --mount type=bind,src=`pwd`,dst=/work \ --mount type=bind,src$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro \ --entrypoint=/bin/sh \ -ghcr.io/devture/ansible:11.1.0-r0-0 +ghcr.io/devture/ansible:11.6.0-r0-0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_ed25519`) into the container (at `/root/.ssh/id_ed25519`). If your SSH key is at a different path (not in `$HOME/.ssh/id_ed25519`), adjust that part. @@ -117,7 +120,7 @@ Then, to be asked for the password whenever running an `ansible-playbook` comman #### Resolve directory ownership issues -Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as: +Because you're `root` in the container running Ansible and this likely differs from the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as: > fatal: unsafe repository ('/work' is owned by someone else) > To add an exception for this directory, call: diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 0f2362f47..8827f759c 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -95,13 +95,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it. +If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have successfully installed Draupnir for All and can now start using it. The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode. ### Granting Users the ability to use D4A -Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended. +Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recommendation. Using the chat is recommended. The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297)) diff --git a/docs/configuring-playbook-bot-baibot.md b/docs/configuring-playbook-bot-baibot.md index 2e8a66961..60d9bd94e 100644 --- a/docs/configuring-playbook-bot-baibot.md +++ b/docs/configuring-playbook-bot-baibot.md @@ -242,7 +242,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_ # matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" # If you'd like to use another text-generation agent, uncomment and adjust: -# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o +# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1 ``` Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`. diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index 903fa658f..9b8b9a28b 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -57,7 +57,7 @@ matrix_bot_chatgpt_openai_api_key: 'API_KEY_HERE' matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE' -# Configuring the system promt used, needed if the bot is used for special tasks. +# Configuring the system prompt used, needed if the bot is used for special tasks. # More information: https://github.com/mustvlad/ChatGPT-System-Prompts matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' ``` diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 623cabe98..83945f8f7 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -145,6 +145,20 @@ The bot can intercept the report API endpoint of the client-server API, which re matrix_bot_draupnir_config_web_abuseReporting: true ``` +### Enabling synapse-http-antispam support + +Certain protections in Draupnir require the [synapse-http-antispam](https://github.com/maunium/synapse-http-antispam) module and a Synapse homeserver plus homeserver admin status to function. This module can be enabled in the playbook via setting `matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled` to `true` and making sure that Draupnir admin API access is enabled. + +```yaml +# Enables the integration between Draupnir and synapse-http-antispam module. +matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: true + +# Enables draupnir to access Synapse admin APIs. This is required for the module functionality to take full effect. +matrix_bot_draupnir_admin_api_enabled: true +``` + +These protections need to be manually activated and consulting the [enabling protections](#enabling-built-in-protections) guide can be helpful or consulting upstream documentation. + + +# Configuring Continuwuity (optional) + +The playbook can install and configure the [Continuwuity](https://continuwuity.org) Matrix server for you. + +See the project's [documentation](https://continuwuity.org) to learn what it does and why it might be useful to you. + +By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document. + +💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports. + +> [!WARNING] +> - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. +> - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding + +## Adjusting the playbook configuration + +To use Continuwuity, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below: + +```yaml +matrix_homeserver_implementation: continuwuity + +# Registering users can only happen via the API, +# so it makes sense to enable it, at least initially. +matrix_continuwuity_config_allow_registration: true + +# Generate a strong registration token to protect the registration endpoint from abuse. +# You can create one with a command like `pwgen -s 64 1`. +matrix_continuwuity_config_registration_token: '' +``` + +### Extending the configuration + +There are some additional things you may wish to configure about the server. + +Take a look at: + +- `roles/custom/matrix-continuwuity/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2` for the server's default configuration + +There are various Ansible variables that control settings in the `continuwuity.toml` file. + +If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example: + +```yaml +matrix_continuwuity_environment_variables_extension: | + CONTINUWUITY_MAX_REQUEST_SIZE=50000000 + CONTINUWUITY_REQUEST_TIMEOUT=60 +``` + +## Creating the first user account + +Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook. + +If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token. + +This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users. + +The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**. + + +## Configuring bridges / appservices + +For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver. + +For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account. + +The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy. +Your first user account would already have been invited to an admin room with this bot. + +Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`. + +Then, send its content to the existing admin room: + + !admin appservices register + + ``` + as_token: + de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + hs_token: + id: signal + namespaces: + aliases: + - exclusive: true + regex: ^#signal_.+:example\.org$ + users: + - exclusive: true + regex: ^@signal_.+:example\.org$ + - exclusive: true + regex: ^@signalbot:example\.org$ + rate_limited: false + sender_localpart: _bot_signalbot + url: http://matrix-mautrix-signal:29328 + ``` + +## Migrating from conduwuit + +Since Continuwuity is a drop-in replacement for [conduwuit](configuring-playbook-conduwuit.md), migration is possible. + +1. Make sure that Continuwuity is properly set up on your `vars.yml` as described above + +2. Make sure that Conduwuit references are removed from your `vars.yml` file + +3. Run the installation in a way that installs new services and uninstalls old ones (e.g. `just setup-all`) + +4. Run the playbook with the `continuwuity-migrate-from-conduwuit` tag (e.g. `just run-tags continuwuity-migrate-from-conduwuit`). This migrates data from `/matrix/conduwuit` to `/matrix/continuwuity` + +## Troubleshooting + +As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-continuwuity`. diff --git a/docs/configuring-playbook-element-call.md b/docs/configuring-playbook-element-call.md index cc88bec70..fed49ade9 100644 --- a/docs/configuring-playbook-element-call.md +++ b/docs/configuring-playbook-element-call.md @@ -30,7 +30,7 @@ These **clients will use their own embedded Element Call frontend**, so **self-h 💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client). Note that unless you [allow guest accounts to use Element Call](#allowing-guests-to-use-element-call-optional), you will still need a Matrix user account **on the same homeserver** to be able to use Element Call. -The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**. +The playbook makes a distinction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**. | Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) | |------------------------|-----------------------|----------------|---------------------| diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 3a494d083..6c035dee4 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -70,7 +70,7 @@ By default the Jitsi Meet instance **does not require for anyone to log in, and If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode. -See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up. +See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up. ### Enable Gravatar (optional) diff --git a/docs/configuring-playbook-livekit-jwt-service.md b/docs/configuring-playbook-livekit-jwt-service.md index f206c329a..eaf3be171 100644 --- a/docs/configuring-playbook-livekit-jwt-service.md +++ b/docs/configuring-playbook-livekit-jwt-service.md @@ -15,4 +15,4 @@ This is a helper component which is part of the [Matrix RTC stack](configuring-p Take a look at: - `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file -- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration. \ No newline at end of file +- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration. diff --git a/docs/configuring-playbook-livekit-server.md b/docs/configuring-playbook-livekit-server.md index afc514fc7..3579feb56 100644 --- a/docs/configuring-playbook-livekit-server.md +++ b/docs/configuring-playbook-livekit-server.md @@ -35,4 +35,4 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server. -It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92). \ No newline at end of file +It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92). diff --git a/docs/configuring-playbook-matrix-authentication-service.md b/docs/configuring-playbook-matrix-authentication-service.md index eda09cc4b..9173bd399 100644 --- a/docs/configuring-playbook-matrix-authentication-service.md +++ b/docs/configuring-playbook-matrix-authentication-service.md @@ -41,7 +41,7 @@ Below, we'll try to **highlight some potential reasons for switching** to Matrix ## Prerequisites -- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet. +- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet. - ❌ **disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below. @@ -55,15 +55,13 @@ This section details what you can expect when switching to the Matrix Authentica - ❌ **Some services experience issues when authenticating via MAS**: - - [Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting: - - > cannot initialize matrix bot error="olm account is marked as shared, keys seem to have disappeared from the server" + - [Reminder bot](configuring-playbook-bot-matrix-reminder-bot.md) seems to be losing some of its state on each restart and may reschedule old reminders once again - ❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting). - ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break. -- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch. +- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch. - ⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration). @@ -87,7 +85,7 @@ For new homeservers (which don't have any users in their Synapse database yet), ### Existing homeserver -Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet. +Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet. For existing Synapse homeservers: @@ -159,6 +157,10 @@ matrix_authentication_service_config_upstream_oauth2_providers: - # A unique identifier for the provider # Must be a valid ULID id: 01HFVBY12TMNTYTBV8W921M5FA + # This can be set if you're migrating an existing (legacy) Synapse OIDC configuration. + # The value used here would most likely be "oidc" or "oidc-provider". + # See: https://element-hq.github.io/matrix-authentication-service/setup/migration.html#map-any-upstream-sso-providers + synapse_idp_id: null # The issuer URL, which will be used to discover the provider's configuration. # If discovery is enabled, this *must* exactly match the `issuer` field # advertised in `/.well-known/openid-configuration`. @@ -306,7 +308,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start Our migration guide is loosely based on the upstream [Migrating an existing homeserver](https://element-hq.github.io/matrix-authentication-service/setup/migration.html) guide. -Migration is done via a tool called `syn2mas`, which the playbook could run for you (in a container). +Migration is done via a sub-command called `syn2mas`, which the playbook could run for you (in a container). The installation + migration steps are like this: @@ -322,7 +324,7 @@ The installation + migration steps are like this: - The `matrix-user-creator` role would be suppressed, so that it doesn't automatically attempt to create users (for bots, etc.) in the MAS database. These user accounts likely already exist in Synapse's user database and could be migrated over (via syn2mas, as per the steps below), so creating them in the MAS database would have been unnecessary and potentially problematic (conflicts during the syn2mas migration). -3. Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration tool does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break. +3. Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration command does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break. 4. [Migrate your data from Synapse to Matrix Authentication Service using syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-service-using-syn2mas) @@ -342,9 +344,7 @@ The installation + migration steps are like this: ### Migrate your data from Synapse to Matrix Authentication Service using syn2mas -We **don't** ask you to [run the `syn2mas` migration advisor command](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#run-the-migration-advisor), because it only gives you the green light if your Synapse configuration (`homeserver.yaml`) is configured in a way that's compatible with MAS (delegating authentication to MAS; disabling Synapse's password config; etc.). Until we migrate your data with the `syn2mas` tool, we intentionally avoid doing these changes to allow existing user sessions to work. - -You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration). +You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration). #### Configuring syn2mas @@ -356,26 +356,9 @@ When you're done with potentially configuring `syn2mas`, proceed to doing a [dry ##### Configuring upstream OIDC provider mapping for syn2mas -If you have existing OIDC users in your Synapse user database (which will be the case if when using [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)), you may need to pass an additional `--upstreamProviderMapping` argument to the `syn2mas` tool to tell it which provider (on the Synapse side) maps to which other provider on the MAS side. - -If you don't do this, `syn2mas` would report errors like this one: - -> [FATAL] migrate - [Failed to import external id 4264b0f0-4f11-4ddd-aedb-b500e4d07c25 with oidc-keycloak for user @alice:example.com: Error: Unknown upstream provider oidc-keycloak] - -Below is an example situation and a guide for how to solve it. +Since Matrix Authentication Service v0.16.0 (which replaced the standalone `syn2mas` tool with a `mas-cli syn2mas` sub-command), OIDC configuration (mapping from your old OIDC configuration to your new one, etc) is meant to be configured in the Matrix Authentication Service configuration (via `matrix_authentication_service_config_upstream_oauth2_providers`) as a `synapse_idp_id` property for each provider. -If in `matrix_synapse_oidc_providers` your provider `idp_id` is (was) named `keycloak`, in the Synapse database users would be associated with the `oidc-keycloak` provider (note the `oidc-` prefix that was added automatically by Synapse to your `idp_id` value). - -The same OIDC provider may have an `id` of `01HFVBY12TMNTYTBV8W921M5FA` on the MAS side, as defined in `matrix_authentication_service_config_upstream_oauth2_providers` (see the [Upstream OAuth2 configuration](#upstream-oauth2-configuration) section above). - -To tell `syn2mas` how the Synapse-configured OIDC provider maps to the new MAS-configured OIDC provider, add this additional configuration to your `vars.yml` file: - -```yaml -# Adjust the mapping below to match your provider IDs on the Synapse side and the MAS side. -# Don't forget that Synapse automatically adds an `oidc-` prefix to provider ids defined in its configuration. -matrix_authentication_service_syn2mas_process_extra_arguments: - - "--upstreamProviderMapping oidc-keycloak:01HFVBY12TMNTYTBV8W921M5FA" -``` +You can refer to the [Map any upstream SSO providers](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#map-any-upstream-sso-providers) section of the MAS documentation for figuring out how to set the `synapse_idp_id` value in `matrix_authentication_service_config_upstream_oauth2_providers` correctly. #### Performing a syn2mas dry-run @@ -386,7 +369,7 @@ A dry-run would not cause downtime, because it avoids stopping Synapse. To perform a dry-run, run: ```sh -just run-tags matrix-authentication-service-syn2mas -e matrix_authentication_service_syn2mas_dry_run=true +just run-tags matrix-authentication-service-mas-cli-syn2mas -e matrix_authentication_service_syn2mas_migrate_dry_run=true ``` Observe the command output (especially the last line of the the syn2mas output). If you are confident that the migration will work out as expected, you can proceed with a [real migration](#performing-a-real-syn2mas-migration). @@ -405,13 +388,13 @@ Before performing a real migration make sure: - you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and don't see any issues in its output -To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable: +To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable: ```sh -just run-tags matrix-authentication-service-syn2mas +just run-tags matrix-authentication-service-mas-cli-syn2mas ``` -Having performed a `syn2mas` migration once, trying to do it again will report errors for users that were already migrated (e.g. "Error: Unknown upstream provider oauth-delegated"). +Having performed a `syn2mas` migration once, trying to do it again will report errors (e.g. "Error: The MAS database is not empty: rows found in at least `users`. Please drop and recreate the database, then try again."). ## Verify that Matrix Authentication Service is installed correctly diff --git a/docs/configuring-playbook-matrix-corporal.md b/docs/configuring-playbook-matrix-corporal.md index 34c80fe6b..8f3438292 100644 --- a/docs/configuring-playbook-matrix-corporal.md +++ b/docs/configuring-playbook-matrix-corporal.md @@ -13,7 +13,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you. -In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment. +In short, it's a sort of automation and firewalling service, which is helpful if you're installing Matrix services in a controlled corporate environment. See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md index e660d434d..acadf8cf2 100644 --- a/docs/configuring-playbook-matrix-media-repo.md +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -60,7 +60,7 @@ To `matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_use #### Enable Grafana (optional) -Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics. +Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics. To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions. diff --git a/docs/configuring-playbook-matrix-rtc.md b/docs/configuring-playbook-matrix-rtc.md index fae94f497..92a522a01 100644 --- a/docs/configuring-playbook-matrix-rtc.md +++ b/docs/configuring-playbook-matrix-rtc.md @@ -16,7 +16,6 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu ## Prerequisites - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below) -- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146)) - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled) - A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack)) - The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack)) @@ -56,4 +55,4 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju Once installed, Matrix clients which support Element Call (like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android)) will automatically use the Matrix RTC stack. -These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser. \ No newline at end of file +These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser. diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 866f4bc96..872385ca8 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -115,7 +115,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju ## Usage -To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distrubutor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notitications are "distributed" from it. +To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distributor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notifications are "distributed" from it. For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation. diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index c426af8ff..3f9148367 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -258,4 +258,4 @@ As with all other services, you can find the logs in [systemd-journald](https:// - [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2) - [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) -- [The PostgresSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard) +- [The PostgreSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard) diff --git a/docs/configuring-playbook-s3.md b/docs/configuring-playbook-s3.md index bb7a51e7f..b7a5e6bed 100644 --- a/docs/configuring-playbook-s3.md +++ b/docs/configuring-playbook-s3.md @@ -22,13 +22,11 @@ Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring ## Choosing an Object Storage provider -You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Storj](https://storj.io), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc. +You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), [Storj](https://storj.io), etc. -Amazon S3, Backblaze B2, and Storj are pay-as-you with no minimum charges for storing too little data. +Amazon S3 and Backblaze B2 are pay-as-you with no minimum charges for storing too little data. Note that Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress. -All these providers have different prices, with Storj appearing to be the cheapest (as of 2024-10, storage fee is $0.004 per GB/month, and egress fee is $0.007 per GB; check actual pricing [here](https://storj.dev/dcs/pricing)). Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress. - -Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10). +Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10). Though Storj does not set minimum amount of data to be stored, it also charges $5 minimum monthly usage fee since July 1, 2025, if your monthly usage (storage, bandwidth, and segments) totals less than $5. Here are some of the important aspects of choosing the right provider: diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index f6889f803..277d29f8b 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -15,7 +15,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate **Notes**: - This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it. -- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiriation notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/). +- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/). The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md). diff --git a/docs/configuring-playbook-sygnal.md b/docs/configuring-playbook-sygnal.md index 2bd800cdd..b746d2c62 100644 --- a/docs/configuring-playbook-sygnal.md +++ b/docs/configuring-playbook-sygnal.md @@ -49,8 +49,8 @@ aux_file_definitions: content here mode: '0600' - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" ``` Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values. diff --git a/docs/configuring-playbook-synapse-simple-antispam.md b/docs/configuring-playbook-synapse-simple-antispam.md index b5d99844c..75a81bd8a 100644 --- a/docs/configuring-playbook-synapse-simple-antispam.md +++ b/docs/configuring-playbook-synapse-simple-antispam.md @@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you. -It lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting). +It lets you fight invite-spam by automatically blocking invitations from a list of servers specified by you (blacklisting). See the project's [documentation](https://github.com/t2bot/synapse-simple-antispam/blob/master/README.md) to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 4a15ef701..dbb6ef0d6 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -53,7 +53,7 @@ You may also consider [tweaking the number of workers of each type](#controlling ##### Specialized workers -The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requestor's IP adddress, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requestor and/or on the resource (room, etc.) being requested. +The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requester's IP address, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requester and/or on the resource (room, etc.) being requested. The playbook supports these **4 types** of specialized workers: diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 58cea52b9..34c8d698e 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -53,6 +53,8 @@ For a more custom setup, see the [Other configuration options](#other-configurat - [Configuring conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation + - [Configuring continuwuity](configuring-playbook-continuwuity.md), if you've switched to the [continuwuity](https://continuwuity.org) homeserver implementation + - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation - Server components: diff --git a/docs/container-images.md b/docs/container-images.md index b445cc001..953c39d5c 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -28,6 +28,7 @@ We try to stick to official images (provided by their respective projects) as mu | [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | | [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | | [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | +| [continuwuity](configuring-playbook-continuwuity.md) | [continuwuation/continuwuity](https://forgejo.ellis.link/continuwuation/continuwuity) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | | [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | ## Clients diff --git a/docs/faq.md b/docs/faq.md index 9f1ddc6e3..898a1c1f6 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -235,7 +235,7 @@ Running Matrix on a server with 1GB of memory is possible (especially if you dis **We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea. -Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferrably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage. +Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage. ### Can I run this in an LXC container? @@ -362,7 +362,7 @@ Configuration variables are defined in multiple places in this playbook and are You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`). -As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`. +As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`. Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features). diff --git a/docs/howto-srv-server-delegation.md b/docs/howto-srv-server-delegation.md index d1013f598..da6d0727a 100644 --- a/docs/howto-srv-server-delegation.md +++ b/docs/howto-srv-server-delegation.md @@ -26,7 +26,7 @@ The up-to-date list can be accessed on [traefik's documentation](https://doc.tra **Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels: -- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md) or [Dendrite](./configuring-playbook-dendrite.md)) +- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md)) - if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached Also, all instructions below are from an older version of the playbook and may not work anymore. @@ -42,7 +42,7 @@ This is because with SRV federation, some servers / tools (one of which being th ### Tell Traefik which certificate to serve for the federation endpoint -Now that the federation endpoint is not bound to a domain anymore we need to explicitely tell Traefik to use a wildcard certificate in addition to one containing the base name. +Now that the federation endpoint is not bound to a domain anymore we need to explicitly tell Traefik to use a wildcard certificate in addition to one containing the base name. This is because the Matrix specification expects the federation endpoint to be served using a certificate compatible with the base domain, however, the other resources on the endpoint still need a valid certificate to work. @@ -79,7 +79,7 @@ traefik_configuration_extension_yaml: | - "8.8.8.8:53" storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} -# 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare) +# 2. Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare) traefik_environment_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted diff --git a/docs/installing.md b/docs/installing.md index f63f0fdcb..7b6dc33ef 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -157,6 +157,8 @@ The upstream projects, which this playbook makes use of, occasionally if not oft Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date. +Also, do not forget to update your system regularly. While this playbook may install basic services, such as Docker, it will not interfere further with system maintenance. Keeping the system itself up-to-date is out of scope for this playbook. + For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md) Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match. diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 6ee8239e5..bd0ad4316 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -49,7 +49,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas - [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`) -- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default. +- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`, because this Ansible playbook sometimes uses the Ansible [become](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html) module to perform tasks as another user (e.g. `matrix`) and the `become` module's default implementation uses `sudo`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default. - An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). @@ -60,7 +60,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas - `80/tcp`: HTTP webserver - `443/tcp` and `443/udp`: HTTPS webserver - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md)) - - `3478/udp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md)) + - `3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md)) - `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md)) - `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md)) - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**. diff --git a/examples/reverse-proxies/apache/matrix-domain.conf b/examples/reverse-proxies/apache/matrix-domain.conf index cce7723b0..185fc8bb4 100644 --- a/examples/reverse-proxies/apache/matrix-domain.conf +++ b/examples/reverse-proxies/apache/matrix-domain.conf @@ -33,6 +33,12 @@ ProxyRequests Off ProxyVia On RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} + ProxyTimeout 86400 + + RewriteEngine On + RewriteCond %{HTTP:Connection} Upgrade [NC] + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L] AllowEncodedSlashes NoDecode ProxyPass / http://127.0.0.1:81/ retry=0 nocanon diff --git a/examples/reverse-proxies/nginx-proxy-manager/README.md b/examples/reverse-proxies/nginx-proxy-manager/README.md index dad498435..1047ed615 100644 --- a/examples/reverse-proxies/nginx-proxy-manager/README.md +++ b/examples/reverse-proxies/nginx-proxy-manager/README.md @@ -23,7 +23,7 @@ If Matrix federation is enabled, then you will need to make changes to [NPM's Do You'll need to create two proxy hosts in NPM for Matrix web and federation traffic. -Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxys configuration like this: +Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxy's configuration like this: ```md # Details @@ -44,7 +44,7 @@ Custom Nginx Configuration: client_max_body_size 50M; ``` -Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxys configuration like this: +Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxy's configuration like this: ```md # Details diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5dd0d9f5a..71ba3dfdd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -73,11 +73,11 @@ matrix_federation_traefik_entrypoint_tls: "{{ traefik_config_entrypoint_web_secu # # ######################################################################## -aux_directory_default_owner: "{{ matrix_user_username }}" -aux_directory_default_group: "{{ matrix_user_groupname }}" +aux_directory_default_owner: "{{ matrix_user_name }}" +aux_directory_default_group: "{{ matrix_group_name }}" -aux_file_default_owner: "{{ matrix_user_username }}" -aux_file_default_group: "{{ matrix_user_groupname }}" +aux_file_default_owner: "{{ matrix_user_name }}" +aux_file_default_group: "{{ matrix_group_name }}" ######################################################################## # # @@ -243,7 +243,7 @@ matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_revers matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}" # Starting from version `0.6.0` Conduit natively supports some sync v3 (sliding-sync) features. -matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit'] else '') }}" +matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit', 'continuwuity'] else '') }}" ######################################################################## # # @@ -567,6 +567,7 @@ matrix_homeserver_container_client_api_endpoint: |- 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), 'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string), + 'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} @@ -577,6 +578,7 @@ matrix_homeserver_container_federation_api_endpoint: |- 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), 'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string), + 'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} @@ -664,20 +666,10 @@ matrix_authentication_service_config_passwords_schemes: - version: 1 secret: "{{ matrix_synapse_password_config_pepper }}" algorithm: bcrypt + unicode_normalization: true - version: 2 algorithm: argon2id -matrix_authentication_service_config_clients_auto: |- - {{ - ([ - { - 'client_id': matrix_synapse_experimental_features_msc3861_client_id, - 'client_auth_method': matrix_synapse_experimental_features_msc3861_client_auth_method, - 'client_secret': matrix_synapse_experimental_features_msc3861_client_secret, - } - ] if matrix_synapse_experimental_features_msc3861_enabled else []) - }} - matrix_authentication_service_config_email_transport: "{{ 'smtp' if exim_relay_enabled else 'blackhole' }}" matrix_authentication_service_config_email_hostname: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled else 587 }}" @@ -686,8 +678,6 @@ matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_a matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}" -matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}" - matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_authentication_service_container_network: "{{ matrix_homeserver_container_network }}" @@ -997,6 +987,8 @@ matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserve matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}" +matrix_appservice_kakaotalk_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" @@ -1046,6 +1038,8 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}" +matrix_beeper_linkedin_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |- {{ ({ @@ -1166,6 +1160,8 @@ matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_bluesky_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}" matrix_mautrix_bluesky_double_puppet_secrets_auto: |- @@ -1235,6 +1231,8 @@ matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}" +matrix_mautrix_discord_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}" matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}" @@ -1301,6 +1299,8 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}" +matrix_mautrix_slack_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_slack_double_puppet_secrets_auto: |- {{ { @@ -1374,6 +1374,8 @@ matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_ matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_facebook_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_facebook_appservice_public_enabled: true matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}" matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}" @@ -1594,6 +1596,8 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_signal_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_double_puppet_secrets_auto: |- @@ -1672,6 +1676,8 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}" +matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |- {{ { @@ -1748,6 +1754,8 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}" +matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |- {{ { @@ -1833,6 +1841,8 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |- {{ ({ @@ -1909,6 +1919,8 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_twitter_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}" matrix_mautrix_twitter_double_puppet_secrets_auto: |- @@ -1981,6 +1993,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_gmessages_double_puppet_secrets_auto: |- {{ { @@ -2099,6 +2113,8 @@ matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secr matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}" +matrix_wechat_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}" @@ -2160,6 +2176,8 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_whatsapp_double_puppet_secrets_auto: |- {{ { @@ -2317,7 +2335,6 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping: - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" - - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}" matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}" @@ -2326,8 +2343,6 @@ matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_rev matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" - matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}" @@ -3199,8 +3214,11 @@ matrix_bot_draupnir_config_rawHomeserverUrl: "{{ matrix_addons_homeserver_client matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_config_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" -matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" + +#The salt is size restricted here as a maximum salt size of 16 characters exists due to the functions used. +matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'draupnir.httpmod', rounds=655555) | to_uuid }}" # noqa var-naming ###################################################################### # @@ -3312,7 +3330,7 @@ backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S} backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" -backup_borg_username: "{{ matrix_user_username }}" +backup_borg_username: "{{ matrix_user_name }}" backup_borg_uid: "{{ matrix_user_uid }}" backup_borg_gid: "{{ matrix_user_gid }}" @@ -3741,7 +3759,7 @@ jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" jitsi_uid: "{{ matrix_user_uid }}" jitsi_gid: "{{ matrix_user_gid }}" -jitsi_user_username: "{{ matrix_user_username }}" +jitsi_user_username: "{{ matrix_user_name }}" jitsi_web_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_web_container_image_registry_prefix_upstream_default }}" @@ -4388,7 +4406,7 @@ postgres_managed_databases_auto: | 'name': etherpad_database_name, 'username': etherpad_database_username, 'password': etherpad_database_password, - }] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else []) + }] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': prometheus_postgres_exporter_database_name, @@ -4793,7 +4811,7 @@ matrix_client_fluffychat_self_check_validate_certificates: "{{ matrix_playbook_s matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}" -matrix_synapse_username: "{{ matrix_user_username }}" +matrix_synapse_username: "{{ matrix_user_name }}" matrix_synapse_uid: "{{ matrix_user_uid }}" matrix_synapse_gid: "{{ matrix_user_gid }}" @@ -4835,6 +4853,8 @@ matrix_synapse_container_additional_networks_auto: | ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else []) + ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else []) + + + ([matrix_bot_draupnir_container_network] if (matrix_synapse_ext_synapse_http_antispam_enabled and matrix_synapse_ext_synapse_http_antispam_config_base_url == matrix_bot_draupnir_synapse_http_antispam_config_base_url and matrix_bot_draupnir_container_network != matrix_synapse_container_network) else []) ) | unique }} @@ -4880,7 +4900,7 @@ matrix_synapse_tls_federation_listener_enabled: false matrix_synapse_tls_certificate_path: ~ matrix_synapse_tls_private_key_path: ~ -matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}" +matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}" matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" @@ -4909,7 +4929,7 @@ matrix_synapse_systemd_required_services_list_auto: | + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) + - (['matrix-authentication-service.service'] if (matrix_authentication_service_enabled and matrix_synapse_experimental_features_msc3861_enabled) else []) + (['matrix-authentication-service.service'] if (matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_matrix_authentication_service_endpoint == matrix_authentication_service_http_base_container_url) else []) }} matrix_synapse_systemd_wanted_services_list_auto: | @@ -4930,17 +4950,22 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_ # Disable creation of media repository Synapse worker when using media-repo matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}" +matrix_synapse_ext_synapse_http_antispam_enabled: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}" +matrix_synapse_ext_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_synapse_http_antispam_config_base_url if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}" +matrix_synapse_ext_synapse_http_antispam_config_authorization: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}" +matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks: "{{ matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else [] }}" +matrix_synapse_ext_synapse_http_antispam_config_fail_open: "{{ matrix_bot_draupnir_synapse_http_antispam_config_fail_open if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}" +matrix_synapse_ext_synapse_http_antispam_config_async: "{{ matrix_bot_draupnir_synapse_http_antispam_config_async if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}" + # Enable Synapse statistics reporting when using synapse-usage-exporter matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}" matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}" matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_rtc_enabled }}" -matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" -matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}" -matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}" -matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}" -matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}" +matrix_synapse_matrix_authentication_service_enabled: "{{ matrix_authentication_service_enabled }}" +matrix_synapse_matrix_authentication_service_endpoint: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}" +matrix_synapse_matrix_authentication_service_secret: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}" matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" @@ -4952,7 +4977,7 @@ matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_rtc_enabled }}" # Unless this is done, Synapse fails on startup with: # > Error in configuration at 'password_config.enabled': # > Password auth cannot be enabled when OAuth delegation is enabled -matrix_synapse_password_config_enabled: "{{ not matrix_synapse_experimental_features_msc3861_enabled }}" +matrix_synapse_password_config_enabled: "{{ not matrix_synapse_matrix_authentication_service_enabled }}" matrix_synapse_register_user_script_matrix_authentication_service_path: "{{ matrix_authentication_service_bin_path }}/register-user" @@ -5234,7 +5259,7 @@ matrix_synapse_admin_config_asManagedUsers_auto: | + ([ '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', - '^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', + '^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$', ] if matrix_mautrix_telegram_enabled else []) + ([ @@ -5336,7 +5361,7 @@ prometheus_node_exporter_gid: "{{ matrix_user_gid }}" prometheus_node_exporter_hostname: "{{ matrix_server_fqn_matrix }}" -prometheus_node_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_node_exporter_docker_image_registry_prefix_upstream_default }}" +prometheus_node_exporter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_node_exporter_container_image_registry_prefix_upstream_default }}" prometheus_node_exporter_container_network: "{{ matrix_monitoring_container_network }}" @@ -5374,7 +5399,7 @@ prometheus_postgres_exporter_gid: "{{ matrix_user_gid }}" prometheus_postgres_exporter_hostname: "{{ matrix_server_fqn_matrix }}" -prometheus_postgres_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_postgres_exporter_docker_image_registry_prefix_upstream_default }}" +prometheus_postgres_exporter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_postgres_exporter_container_image_registry_prefix_upstream_default }}" prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}" @@ -5640,6 +5665,7 @@ grafana_default_home_dashboard_path: |- 'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), + 'continuwuity': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), }[matrix_homeserver_implementation] }} @@ -5700,6 +5726,7 @@ matrix_registration_shared_secret: |- 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''), 'conduit': '', 'conduwuit': '', + 'continuwuity': '', }[matrix_homeserver_implementation] }} @@ -5977,6 +6004,58 @@ matrix_conduwuit_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabl ###################################################################### +###################################################################### +# +# matrix-continuwuity +# +###################################################################### + +matrix_continuwuity_enabled: "{{ matrix_homeserver_implementation == 'continuwuity' }}" + +matrix_continuwuity_hostname: "{{ matrix_server_fqn_matrix }}" + +matrix_continuwuity_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}" + +matrix_continuwuity_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_continuwuity_docker_image_registry_prefix_upstream_default }}" + +matrix_continuwuity_container_network: "{{ matrix_homeserver_container_network }}" + +matrix_continuwuity_container_additional_networks_auto: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_continuwuity_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else []) + ) | unique + }} + +matrix_continuwuity_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}" +matrix_continuwuity_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_continuwuity_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_continuwuity_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" + +matrix_continuwuity_container_labels_public_client_root_redirection_enabled: "{{ matrix_continuwuity_container_labels_public_client_root_redirection_url != '' }}" +matrix_continuwuity_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" + +matrix_continuwuity_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}" +matrix_continuwuity_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}" +matrix_continuwuity_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}" + +matrix_continuwuity_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" +matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" + +matrix_continuwuity_config_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}" +matrix_continuwuity_config_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}" +matrix_continuwuity_config_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}" +matrix_continuwuity_config_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}" + +matrix_continuwuity_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}" + +###################################################################### +# +# /matrix-continuwuity +# +###################################################################### + + ###################################################################### # # matrix-user-creator @@ -6036,7 +6115,7 @@ matrix_user_creator_users_auto: | ([{ 'username': matrix_bot_draupnir_login, 'initial_password': matrix_bot_draupnir_password, - 'initial_type': 'bot', + 'initial_type': ('admin' if matrix_bot_draupnir_admin_api_enabled else 'bot'), }] if matrix_bot_draupnir_enabled and matrix_bot_draupnir_password else []) }} @@ -6131,7 +6210,7 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{ matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_enabled: "{{ matrix_authentication_service_enabled }}" matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_issuer: "{{ matrix_authentication_service_config_http_issuer if matrix_authentication_service_enabled else '' }}" -matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url }}" +matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}" matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}" matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json" @@ -6276,6 +6355,8 @@ matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'htt matrix_element_call_container_network: "{{ matrix_addons_container_network }}" +matrix_element_call_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_element_call_container_image_registry_prefix_upstream_default }}" + matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" @@ -6311,6 +6392,8 @@ livekit_server_path_prefix: "/livekit-server" livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" +livekit_server_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else livekit_server_container_image_registry_prefix_upstream_default }}" + livekit_server_container_network: "{{ matrix_addons_container_network }}" livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" @@ -6355,6 +6438,15 @@ livekit_server_config_keys_auto: |- ) }} +# We only wish for matrix-livekit-jwt-service to create rooms, only for users on trusted homeservers. +# See `matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers`. +# +# Ref: +# - https://github.com/element-hq/lk-jwt-service/releases/tag/v0.3.0 +# - https://github.com/livekit/livekit/blob/5e483e7554e5afbf254acf84e3ec0aa6e108e758/config-sample.yaml#L168-L170 +# - https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/commit/2a1b04552634097bdd26d472502a8f5bf1b8528f +livekit_server_config_room_auto_create: false + # The playbook intentionally uses a non-standard port than the default used by the role (5349), # because Coturn is already using that port. # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`. @@ -6414,6 +6506,8 @@ matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service" matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" +matrix_livekit_jwt_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default }}" + matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}" matrix_livekit_jwt_service_container_additional_networks_auto: | @@ -6432,6 +6526,8 @@ matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(m matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}" +matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["{{ matrix_domain }}"] + ######################################################################## # # # /matrix-livekit-jwt-service # diff --git a/i18n/README.md b/i18n/README.md index 94cf013e4..b0934b3ef 100644 --- a/i18n/README.md +++ b/i18n/README.md @@ -20,7 +20,7 @@ Currently, we support translation of: Organization of this `i18n` directory is as follows: - [PUBLISHED_LANGUAGES](PUBLISHED_LANGUAGES): a list of languages that we publish translations for (in the [translations/](translations/) directory) -- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionaly ignore translated results (`translations/` directories) for languages taht are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold. +- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionally ignore translated results (`translations/` directories) for languages that are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold. - [justfile](justfile): a list of recipes for [just](https://github.com/casey/just) command runner - [requirements.txt](requirements.txt): a list of Python packages required to work with translations - [translation-templates/](translation-templates/): a list of English translation templates - strings extracted from Markdown files diff --git a/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-continuwuity.po b/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-continuwuity.po new file mode 100644 index 000000000..8e5129018 --- /dev/null +++ b/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-continuwuity.po @@ -0,0 +1,134 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community +# members +# This file is distributed under the same license as the +# matrix-docker-ansible-deploy package. +# FIRST AUTHOR , 2025. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: matrix-docker-ansible-deploy \n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2025-01-27 09:54+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language: bg\n" +"Language-Team: bg \n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Generated-By: Babel 2.16.0\n" + +#: ../../../docs/configuring-playbook-continuwuity.md:1 +msgid "Configuring continuwuity (optional)" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:3 +msgid "The playbook can install and configure the [continuwuity](https://continuwuity.org/) Matrix server for you." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:5 +msgid "See the project's [documentation](https://continuwuity.org/) to learn what it does and why it might be useful to you." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:7 +msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:9 +msgid "💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:11 +msgid "⚠️ **Warnings**:" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:13 +msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse -> continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:15 +msgid "**Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:17 +msgid "Adjusting the playbook configuration" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:19 +msgid "To use continuwuity, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:33 +msgid "Extending the configuration" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:35 +msgid "There are some additional things you may wish to configure about the server." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:37 +msgid "Take a look at:" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:39 +msgid "`roles/custom/matrix-continuwuity/defaults/main.yml` for some variables that you can customize via your `vars.yml` file" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:40 +msgid "`roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2` for the server's default configuration" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:42 +msgid "There are various Ansible variables that control settings in the `continuwuity.toml` file." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:44 +msgid "If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example:" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:52 +msgid "Creating the first user account" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:54 +msgid "Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:56 +msgid "If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:58 +msgid "This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:60 +msgid "The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:63 +msgid "Configuring bridges / appservices" +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:65 +msgid "For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:67 +msgid "For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices#set-up-the-appservice---general-instructions) sent to the server bot account." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:69 +msgid "The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy. Your first user account would already have been invited to an admin room with this bot." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:72 +msgid "Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`." +msgstr "" + +#: ../../../docs/configuring-playbook-continuwuity.md:74 +msgid "Then, send its content to the existing admin room:" +msgstr "" diff --git a/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po b/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po index 0b1dda626..554766af6 100644 --- a/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po +++ b/i18n/locales/bg/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po @@ -435,7 +435,7 @@ msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](htt msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:340 -msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." +msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:342 @@ -535,7 +535,7 @@ msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and d msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:401 -msgid "To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:" +msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:" msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:407 diff --git a/i18n/locales/jp/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po b/i18n/locales/jp/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po index 776945591..84baf5f02 100644 --- a/i18n/locales/jp/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po +++ b/i18n/locales/jp/LC_MESSAGES/docs/configuring-playbook-matrix-authentication-service.po @@ -434,7 +434,7 @@ msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](htt msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:340 -msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." +msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:342 @@ -534,7 +534,7 @@ msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and d msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:401 -msgid "To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:" +msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:" msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:407 diff --git a/i18n/requirements.txt b/i18n/requirements.txt index 24be89607..ed04fbf28 100644 --- a/i18n/requirements.txt +++ b/i18n/requirements.txt @@ -1,26 +1,26 @@ alabaster==1.0.0 babel==2.17.0 -certifi==2025.1.31 -charset-normalizer==3.4.1 -click==8.1.8 -docutils==0.21.2 +certifi==2025.8.3 +charset-normalizer==3.4.3 +click==8.2.2 +docutils==0.22 idna==3.10 imagesize==1.4.1 Jinja2==3.1.6 linkify-it-py==2.0.3 -markdown-it-py==3.0.0 +markdown-it-py==4.0.0 MarkupSafe==3.0.2 -mdit-py-plugins==0.4.2 +mdit-py-plugins==0.5.0 mdurl==0.1.2 myst-parser==4.0.1 -packaging==24.2 -Pygments==2.19.1 +packaging==25.0 +Pygments==2.19.2 PyYAML==6.0.2 -requests==2.32.3 -setuptools==78.1.0 -snowballstemmer==2.2.0 +requests==2.32.5 +setuptools==80.9.0 +snowballstemmer==3.0.1 Sphinx==8.2.3 -sphinx-intl==2.3.1 +sphinx-intl==2.3.2 sphinx-markdown-builder==0.6.8 sphinxcontrib-applehelp==2.0.0 sphinxcontrib-devhelp==2.0.0 @@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0 sphinxcontrib-serializinghtml==2.0.0 tabulate==0.9.0 uc-micro-py==1.0.3 -urllib3==2.4.0 +urllib3==2.5.0 diff --git a/i18n/translation-templates/docs/configuring-playbook-matrix-authentication-service.pot b/i18n/translation-templates/docs/configuring-playbook-matrix-authentication-service.pot index 3e94a3a36..da5f99e98 100644 --- a/i18n/translation-templates/docs/configuring-playbook-matrix-authentication-service.pot +++ b/i18n/translation-templates/docs/configuring-playbook-matrix-authentication-service.pot @@ -430,7 +430,7 @@ msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](htt msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:340 -msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." +msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:342 @@ -530,7 +530,7 @@ msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and d msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:401 -msgid "To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:" +msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:" msgstr "" #: ../../../docs/configuring-playbook-matrix-authentication-service.md:407 diff --git a/requirements.yml b/requirements.yml index 3afe3c692..1a20a1c17 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,37 +4,37 @@ version: v1.0.0-5 name: auxiliary - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git - version: v1.4.0-1.9.13-1 + version: v1.4.1-1.9.14-2 name: backup_borg - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - version: v0.3.0-4 + version: v0.4.1-0 name: container_socket_proxy - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.4.7 + version: 7.5.3 name: docker - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - version: v2.3.0-0 + version: v2.5.0-0 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - version: v4.98.1-r0-2-0 + version: v4.98.1-r0-2-1 name: exim_relay - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - version: v11.6.0-0 + version: v11.6.5-1 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v10184-0 + version: v10431-2 name: jitsi - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - version: v1.8.4-5 + version: v1.9.1-0 name: livekit_server - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - version: v2.11.0-5 + version: v2.14.0-1 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git - version: 201c939eed363de269a83ba29784fc3244846048 + version: 7663e3114513e56f28d3ed762059b445c678a71a name: playbook_help - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 @@ -43,35 +43,35 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - version: v17.4-0 + version: v17.6-1 name: postgres - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git - version: v17-3 + version: v17-8 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.55.1-3 + version: v3.5.0-1 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - version: v1.9.1-0 + version: v1.9.1-11 name: prometheus_node_exporter - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.14.0-9 + version: v0.17.1-8 name: prometheus_postgres_exporter - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - version: v1.4.0-0 + version: v1.4.1-0 name: systemd_docker_base - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: v1.0.0-4 name: systemd_service_manager - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - version: v1.0.0-0 + version: v1.1.0-0 name: timesync - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git - version: v3.3.5-0 + version: v3.5.1-0 name: traefik - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - version: v2.10.0-0 + version: v2.10.0-2 name: traefik_certs_dumper - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git - version: v8.0.1-3 + version: v8.1.3-1 name: valkey diff --git a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml index 4869d823f..0749c48e2 100644 --- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml +++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml @@ -11,7 +11,7 @@ matrix_alertmanager_receiver_enabled: true # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver -matrix_alertmanager_receiver_version: 2025.3.26 +matrix_alertmanager_receiver_version: 2025.9.3 matrix_alertmanager_receiver_scheme: https diff --git a/roles/custom/matrix-alertmanager-receiver/tasks/install.yml b/roles/custom/matrix-alertmanager-receiver/tasks/install.yml index a710fcdf3..d47c27837 100644 --- a/roles/custom/matrix-alertmanager-receiver/tasks/install.yml +++ b/roles/custom/matrix-alertmanager-receiver/tasks/install.yml @@ -10,8 +10,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - path: "{{ matrix_alertmanager_receiver_base_path }}" when: true @@ -26,16 +26,16 @@ content: "{{ matrix_alertmanager_receiver_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_alertmanager_receiver_config_path }}/config.yml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-alertmanager-receiver support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_alertmanager_receiver_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels @@ -60,7 +60,7 @@ dest: "{{ matrix_alertmanager_receiver_container_src_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_alertmanager_receiver_git_pull_results - name: Ensure matrix-alertmanager-receiver container image is built diff --git a/roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml b/roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml index 77ecdce2a..3a75616d6 100644 --- a/roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml +++ b/roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml @@ -7,7 +7,7 @@ ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_alertmanager_receiver_hostname', when: true} - {'name': 'matrix_alertmanager_receiver_path_prefix', when: true} @@ -21,6 +21,6 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'} diff --git a/roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2 b/roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2 index 40d37f9b7..e3f41eca6 100644 --- a/roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2 +++ b/roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # configuration of the HTTP server http: address: 0.0.0.0 # bind address for this service. Can be left unspecified to bind on all interfaces diff --git a/roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2 b/roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2 index 2f0b6622d..adb997d56 100644 --- a/roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2 +++ b/roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=matrix-alertmanager-receiver {% for service in matrix_alertmanager_receiver_systemd_required_services_list %} diff --git a/roles/custom/matrix-appservice-double-puppet/tasks/install.yml b/roles/custom/matrix-appservice-double-puppet/tasks/install.yml index a0a427aae..794f0ba99 100644 --- a/roles/custom/matrix-appservice-double-puppet/tasks/install.yml +++ b/roles/custom/matrix-appservice-double-puppet/tasks/install.yml @@ -9,8 +9,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - path: "{{ matrix_appservice_double_puppet_base_path }}" when: true @@ -23,5 +23,5 @@ content: "{{ matrix_appservice_double_puppet_registration_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_double_puppet_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" diff --git a/roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml b/roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml index abe7b371b..97d482d6e 100644 --- a/roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml +++ b/roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml @@ -7,7 +7,7 @@ ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true} - {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true} diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml index 17e415f6c..d5fee4fbb 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -12,7 +12,7 @@ matrix_appservice_draupnir_for_all_enabled: true # renovate: datasource=docker depName=gnuxie/draupnir -matrix_appservice_draupnir_for_all_version: "v2.2.0" +matrix_appservice_draupnir_for_all_version: "v2.6.1" matrix_appservice_draupnir_for_all_container_image_self_build: false matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" @@ -50,7 +50,7 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: [] # anyone in this room can use the bot - secure your room! # This should be a room alias - not a matrix.to URL. # Note: Draupnir is fairly verbose - expect a lot of messages from it. -# This room is diffrent for Appservice Mode compared to normal mode. +# This room is different for Appservice Mode compared to normal mode. # In Appservice mode it provides functions like user management. matrix_appservice_draupnir_for_all_config_adminRoom: "" # noqa var-naming diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml index 12781f5dc..18e1d43d3 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true} - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true} @@ -44,7 +44,7 @@ version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_appservice_draupnir_for_all_git_pull_results when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" @@ -64,24 +64,24 @@ content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-draupnir-for-all bot config installed ansible.builtin.copy: content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-draupnir-for-all registration.yaml installed ansible.builtin.copy: content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-draupnir-for-all container network is created community.general.docker_network: diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml index 95ed9fde3..b07a2d2f4 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml @@ -20,7 +20,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'} - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'} diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 index 008d0feb1..e5ad7e97f 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Draupnir for All appservice {% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %} diff --git a/roles/custom/matrix-authentication-service/defaults/main.yml b/roles/custom/matrix-authentication-service/defaults/main.yml index 41320b155..6af2a0387 100644 --- a/roles/custom/matrix-authentication-service/defaults/main.yml +++ b/roles/custom/matrix-authentication-service/defaults/main.yml @@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src" # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service -matrix_authentication_service_version: 0.14.1 +matrix_authentication_service_version: 1.1.0 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}" matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}" matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/" @@ -559,29 +559,34 @@ matrix_authentication_service_container_labels_additional_labels: '' matrix_authentication_service_syn2mas_start_wait_time_seconds: 5 -matrix_authentication_service_syn2mas_dry_run: false +# The syn2mas sub-command to run. +# Valid values: migrate, check +matrix_authentication_service_syn2mas_subcommand: migrate -# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service/syn2mas -matrix_authentication_service_syn2mas_version: 0.14.1 -matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}" -matrix_authentication_service_syn2mas_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream }}" -matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}" -matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default: ghcr.io/ -matrix_authentication_service_syn2mas_container_image_force_pull: "{{ matrix_authentication_service_syn2mas_container_image.endswith(':latest') }}" +# Whether to pass a `--dry-run` flag to the 'migrate' sub-command. +# See `matrix_authentication_service_syn2mas_subcommand` +matrix_authentication_service_syn2mas_migrate_dry_run: false -matrix_authentication_service_syn2mas_container_image_self_build: "{{ matrix_authentication_service_container_image_self_build }}" +# Path to Synapse's homeserver.yaml configuration file. +matrix_authentication_service_syn2mas_synapse_homeserver_config_path: "" matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}" -# Path to Synapse's homeserver.yaml configuration file. -matrix_authentication_service_syn2mas_synapse_homeserver_config_path: "" +# Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas [OPTIONS] migrate|check`). +# Also see: `matrix_authentication_service_syn2mas_subcommand_extra_options` +# +# Example: +# matrix_authentication_service_syn2mas_command_extra_options: +# - "--something" +matrix_authentication_service_syn2mas_command_extra_options: [] -# Additional arguments passed to the syn2mas process. +# Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas migrate|check [OPTIONS]`). +# Also see: `matrix_authentication_service_syn2mas_command_extra_options` # # Example: -# matrix_authentication_service_syn2mas_process_extra_arguments: -# - "--upstreamProviderMapping oidc-keycloak:01H8PKNWKKRPCBW4YGH1RWV279" -matrix_authentication_service_syn2mas_process_extra_arguments: [] +# matrix_authentication_service_syn2mas_subcommand_extra_options: +# - "--dry-run" +matrix_authentication_service_syn2mas_subcommand_extra_options: [] ######################################################################################## # # diff --git a/roles/custom/matrix-authentication-service/tasks/install.yml b/roles/custom/matrix-authentication-service/tasks/install.yml index 2b04b6708..89ee7943b 100644 --- a/roles/custom/matrix-authentication-service/tasks/install.yml +++ b/roles/custom/matrix-authentication-service/tasks/install.yml @@ -9,8 +9,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_authentication_service_base_path }}", when: true} - {path: "{{ matrix_authentication_service_bin_path }}", when: true} @@ -38,16 +38,16 @@ content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_authentication_service_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Matrix Authentication Service support files created ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_authentication_service_config_path }}/env" @@ -83,7 +83,7 @@ dest: "{{ matrix_authentication_service_container_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" - name: Ensure Matrix Authentication Service container image is built ansible.builtin.command: diff --git a/roles/custom/matrix-authentication-service/tasks/main.yml b/roles/custom/matrix-authentication-service/tasks/main.yml index 6b6a07718..95c40fea7 100644 --- a/roles/custom/matrix-authentication-service/tasks/main.yml +++ b/roles/custom/matrix-authentication-service/tasks/main.yml @@ -9,18 +9,33 @@ - setup-matrix-authentication-service - install-all - install-matrix-authentication-service + - matrix-authentication-service-mas-cli-syn2mas block: - when: matrix_authentication_service_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" +- tags: + - setup-all + - setup-matrix-authentication-service + - install-all + - install-matrix-authentication-service + block: - when: matrix_authentication_service_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" +# The tag 'matrix-authentication-service-syn2mas' has been replaced by the tag 'matrix-authentication-service-mas-cli-syn2mas'. - tags: - matrix-authentication-service-syn2mas + block: + - name: Warn about deprecated tag + ansible.builtin.fail: + msg: "WARNING: The 'matrix-authentication-service-syn2mas' tag has been replaced by 'matrix-authentication-service-mas-cli-syn2mas'. Please update your command." + +- tags: + - matrix-authentication-service-mas-cli-syn2mas block: - when: matrix_authentication_service_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/syn2mas.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/mas_cli_syn2mas.yml" - tags: - matrix-authentication-service-mas-cli-doctor diff --git a/roles/custom/matrix-authentication-service/tasks/syn2mas.yml b/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml similarity index 51% rename from roles/custom/matrix-authentication-service/tasks/syn2mas.yml rename to roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml index fd30158a4..b058d87d8 100644 --- a/roles/custom/matrix-authentication-service/tasks/syn2mas.yml +++ b/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml @@ -6,7 +6,7 @@ --- - ansible.builtin.set_fact: - matrix_authentication_service_syn2mas_dry_run: "{{ matrix_authentication_service_syn2mas_dry_run | bool }}" + matrix_authentication_service_syn2mas_migrate_dry_run: "{{ matrix_authentication_service_syn2mas_migrate_dry_run | bool }}" - name: Abort, if not using Synapse when: not matrix_synapse_enabled | bool @@ -19,7 +19,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] | length == 0" + when: "item.when | bool and vars[item.name] | string | length == 0" with_items: - {'name': 'matrix_authentication_service_syn2mas_synapse_homeserver_config_path', when: true} @@ -33,41 +33,8 @@ msg: "The Synapse homeserver config file does not exist at the specified path: {{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }}" when: not matrix_authentication_service_syn2mas_synapse_config_stat.stat.exists -- name: Ensure Matrix Authentication Service syn2mas container image is pulled - community.docker.docker_image: - name: "{{ matrix_authentication_service_syn2mas_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_authentication_service_syn2mas_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_authentication_service_syn2mas_container_image_force_pull }}" - when: "not matrix_authentication_service_syn2mas_container_image_self_build | bool" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- when: "matrix_authentication_service_syn2mas_container_image_self_build | bool" - block: - - name: Ensure Matrix Authentication Service repository is present on self-build - ansible.builtin.git: - repo: "{{ matrix_authentication_service_container_repo }}" - version: "{{ matrix_authentication_service_container_repo_version }}" - dest: "{{ matrix_authentication_service_container_src_files_path }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_authentication_service_git_pull_results - - - name: Ensure Matrix Authentication Service syn2mas container image is built - ansible.builtin.command: - cmd: |- - {{ devture_systemd_docker_base_host_command_docker }} buildx build - --tag={{ matrix_authentication_service_syn2mas_container_image }} - --file={{ matrix_authentication_service_container_src_files_path }}/tools/syn2mas/Dockerfile - {{ matrix_authentication_service_container_src_files_path }}/tools/syn2mas - changed_when: true - - name: Ensure Synapse is stopped - when: not matrix_authentication_service_syn2mas_dry_run | bool + when: not matrix_authentication_service_syn2mas_migrate_dry_run | bool ansible.builtin.service: name: matrix-synapse state: stopped @@ -81,14 +48,19 @@ # # Still, it's probably safer to stop it anyway. - name: Ensure Matrix Authentication Service is stopped + when: not matrix_authentication_service_syn2mas_migrate_dry_run | bool ansible.builtin.service: name: matrix-authentication-service state: stopped register: matrix_authentication_service_mas_ensure_stopped_result +# This is similar to the command found in the systemd service file. +# +# We cannot use `docker exec` with the existing Matrix Authentication Service container here, +# because we need an additional mount (the Synapse homeserver config). - name: Generate syn2mas migration command ansible.builtin.set_fact: - matrix_authentication_service_syn2mas_migration_command: >- + matrix_authentication_service_mas_cli_syn2mas_command: >- {{ devture_systemd_docker_base_host_command_docker }} run --rm --name=matrix-authentication-service-syn2mas @@ -96,14 +68,16 @@ --user={{ matrix_authentication_service_uid }}:{{ matrix_authentication_service_gid }} --cap-drop=ALL --network={{ matrix_authentication_service_syn2mas_container_network }} + --mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro + --mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro --mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro - --mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/mas-config.yaml,ro - {{ matrix_authentication_service_syn2mas_container_image }} - --command=migrate - --synapseConfigFile=/homeserver.yaml - --masConfigFile=/mas-config.yaml - {{ matrix_authentication_service_syn2mas_process_extra_arguments | join(' ') }} - {% if matrix_authentication_service_syn2mas_dry_run | bool %}--dryRun{% endif %} + {{ matrix_authentication_service_container_image }} + syn2mas + --synapse-config=/homeserver.yaml + {{ matrix_authentication_service_syn2mas_command_extra_options | join(' ') }} + {{ matrix_authentication_service_syn2mas_subcommand }} + {{ '--dry-run' if matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_syn2mas_subcommand == 'migrate' else '' }} + {{ matrix_authentication_service_syn2mas_subcommand_extra_options | join(' ') }} tags: - skip_ansible_lint @@ -111,33 +85,33 @@ # See: https://ansibledaily.com/print-to-standard-output-without-escaping/ # # We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it, -# which ruins the command (`matrix_authentication_service_syn2mas_migration_command`). +# which ruins the command (`matrix_authentication_service_mas_cli_syn2mas_command`). - name: Note about syn2mas migration ansible.builtin.set_fact: dummy: true with_items: - >- - Running syn2mas migration using the following command: `{{ matrix_authentication_service_syn2mas_migration_command }}`. - If this crashes, you can stop Synapse (`systemctl stop matrix-synapse`) and run the command manually. + Running syn2mas migration using the following command: `{{ matrix_authentication_service_mas_cli_syn2mas_command }}`. + If this crashes, you can stop Synapse (`systemctl stop matrix-synapse`), start Matrix Authentication Service (`systemctl start matrix-authentication-service`) and run the command manually. - name: Perform syn2mas migration ansible.builtin.command: - cmd: "{{ matrix_authentication_service_syn2mas_migration_command }}" - register: matrix_authentication_service_syn2mas_migration_command_result - changed_when: matrix_authentication_service_syn2mas_migration_command_result.rc == 0 + cmd: "{{ matrix_authentication_service_mas_cli_syn2mas_command }}" + register: matrix_authentication_service_mas_cli_syn2mas_command_result + changed_when: matrix_authentication_service_mas_cli_syn2mas_command_result.rc == 0 - name: Print syn2mas migration command result ansible.builtin.debug: - var: matrix_authentication_service_syn2mas_migration_command_result + var: matrix_authentication_service_mas_cli_syn2mas_command_result - name: Ensure Synapse is started (if it previously was) - when: "not matrix_authentication_service_syn2mas_dry_run and matrix_authentication_service_synapse_ensure_stopped_result.changed" + when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_cli_syn2mas_command_result.changed" ansible.builtin.service: name: matrix-synapse state: started - name: Ensure Matrix Authentication Service is started (if it previously was) - when: "not matrix_authentication_service_syn2mas_dry_run and matrix_authentication_service_mas_ensure_stopped_result.changed" + when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_ensure_stopped_result.changed" ansible.builtin.service: name: matrix-authentication-service state: started diff --git a/roles/custom/matrix-authentication-service/tasks/util/prepare_key.yml b/roles/custom/matrix-authentication-service/tasks/util/prepare_key.yml index 1c1877ccd..bd487b201 100644 --- a/roles/custom/matrix-authentication-service/tasks/util/prepare_key.yml +++ b/roles/custom/matrix-authentication-service/tasks/util/prepare_key.yml @@ -13,4 +13,4 @@ cmd: "{{ private_key_definition.generation_command | replace('__KEY_FILE_PATH__', matrix_authentication_service_private_key_file_path) }}" creates: "{{ matrix_authentication_service_private_key_file_path }}" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" diff --git a/roles/custom/matrix-authentication-service/tasks/validate_config.yml b/roles/custom/matrix-authentication-service/tasks/validate_config.yml index 7a0f50b83..ee40118a5 100644 --- a/roles/custom/matrix-authentication-service/tasks/validate_config.yml +++ b/roles/custom/matrix-authentication-service/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] | length == 0" + when: "item.when | bool and vars[item.name] | string | length == 0" with_items: - {'name': 'matrix_authentication_service_hostname', when: true} - {'name': 'matrix_authentication_service_config_database_username', when: true} @@ -40,7 +40,15 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'} - {'old': 'matrix_authentication_service_syn2mas_container_image_name_prefix', 'new': 'matrix_authentication_service_syn2mas_container_image_registry_prefix'} + - {'old': 'matrix_authentication_service_syn2mas_container_image', 'new': ''} + - {'old': 'matrix_authentication_service_syn2mas_container_image_registry_prefix', 'new': ''} + - {'old': 'matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream', 'new': ''} + - {'old': 'matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default', 'new': ''} + - {'old': 'matrix_authentication_service_syn2mas_container_image_force_pull', 'new': ''} + - {'old': 'matrix_authentication_service_syn2mas_container_image_self_build', 'new': ''} + - {'old': 'matrix_authentication_service_syn2mas_process_extra_arguments', 'new': 'matrix_authentication_service_syn2mas_command_extra_options or matrix_authentication_service_syn2mas_subcommand_extra_options'} + - {'old': 'matrix_authentication_service_syn2mas_dry_run', 'new': 'matrix_authentication_service_syn2mas_migrate_dry_run'} diff --git a/roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2 b/roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2 index d4d1d9c1e..b6c05f6fe 100644 --- a/roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2 +++ b/roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True #!/bin/bash args=$@ diff --git a/roles/custom/matrix-authentication-service/templates/bin/register-user.j2 b/roles/custom/matrix-authentication-service/templates/bin/register-user.j2 index 54d60e8b9..8c159eaa9 100644 --- a/roles/custom/matrix-authentication-service/templates/bin/register-user.j2 +++ b/roles/custom/matrix-authentication-service/templates/bin/register-user.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True #!/bin/bash if [ $# -ne 3 ]; then diff --git a/roles/custom/matrix-authentication-service/templates/config.yaml.j2 b/roles/custom/matrix-authentication-service/templates/config.yaml.j2 index f53b3c94c..32065d221 100644 --- a/roles/custom/matrix-authentication-service/templates/config.yaml.j2 +++ b/roles/custom/matrix-authentication-service/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True http: listeners: - name: web diff --git a/roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2 b/roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2 index f1a23ac5a..97ac3c477 100644 --- a/roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2 +++ b/roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_base_url | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_api_key | to_json }} diff --git a/roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2 b/roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2 index c1c381ca3..6bafce672 100644 --- a/roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2 +++ b/roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_base_url | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_api_key | to_json }} diff --git a/roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2 b/roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2 index 5843ba4d6..5e1265f39 100644 --- a/roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2 +++ b/roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_base_url | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_api_key | to_json }} diff --git a/roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2 b/roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2 index fcc462d1b..63a10e30e 100644 --- a/roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2 +++ b/roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_base_url | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_api_key | to_json }} diff --git a/roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2 b/roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2 index 1f03c6b4f..6b6d042a7 100644 --- a/roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2 +++ b/roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Authentication Service {% for service in matrix_authentication_service_systemd_required_services_list %} diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 31ccaad86..406cd9af0 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -48,6 +48,9 @@ matrix_bridges_encryption_enabled: false # Global var to make encryption default/optional across all bridges with encryption support matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}" +# Global var for enabling msc4190 ( On supported bridges) +matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled and matrix_synapse_experimental_features_msc3202_device_masquerading_enabled }}" + # Global var to enable/disable relay mode across all bridges with relay mode support matrix_bridges_relay_enabled: false @@ -78,7 +81,7 @@ matrix_monitoring_container_network: matrix-monitoring matrix_homeserver_enabled: true # This will contain the homeserver implementation that is in use. -# Valid values: synapse, dendrite, conduit, conduwuit +# Valid values: synapse, dendrite, conduit, conduwuit, continuwuity # # By default, we use Synapse, because it's the only full-featured Matrix server at the moment. # @@ -158,7 +161,7 @@ matrix_federation_traefik_entrypoint_tls: true # Recognized values by us are 'amd64', 'arm32' and 'arm64'. # Not all architectures support all services, so your experience (on non-amd64) may vary. # See docs/alternative-architectures.md -matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}" +matrix_architecture: "{{ 'amd64' if ansible_facts.architecture == 'x86_64' else ('arm64' if ansible_facts.architecture == 'aarch64' else ('arm32' if ansible_facts.architecture.startswith('armv') else '')) }}" # The architecture for Debian packages. # See: https://wiki.debian.org/SupportedArchitectures @@ -172,11 +175,15 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar # Example value: "registry.example.com/" (note the trailing `/`). matrix_container_global_registry_prefix_override: "" -matrix_user_username: "matrix" -matrix_user_groupname: "matrix" +matrix_user_name: "matrix" +matrix_user_system: true +matrix_user_shell: /sbin/nologin + +matrix_group_name: "matrix" +matrix_group_system: true -# By default, the playbook creates the user (`matrix_user_username`) -# and group (`matrix_user_groupname`) with a random ID. +# By default, the playbook creates the user (`matrix_user_name`) +# and group (`matrix_group_name`) with a random ID. # To use a specific user/group ID, override these variables. matrix_user_uid: ~ matrix_user_gid: ~ @@ -210,7 +217,7 @@ matrix_homeserver_container_url: "http://{{ matrix_homeserver_container_client_a # Specifies where the homeserver's Client-Server API is on the container network (matrix_homeserver_container_network). # Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc. -# This likely gets overriden elsewhere. +# This likely gets overridden elsewhere. matrix_homeserver_container_client_api_endpoint: "" # Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network). @@ -218,7 +225,7 @@ matrix_homeserver_container_federation_url: "http://{{ matrix_homeserver_contain # Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network). # Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc. -# This likely gets overriden elsewhere. +# This likely gets overridden elsewhere. matrix_homeserver_container_federation_api_endpoint: "" # Specifies the public url of the Sync v3 (sliding-sync) API. diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml index 3a30837cf..ad698284f 100644 --- a/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml @@ -6,11 +6,11 @@ # This is for both RedHat 7 and 8 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml" - when: ansible_os_family == 'RedHat' + when: ansible_facts.os_family == 'RedHat' # This is for both Debian and Raspbian - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml" - when: ansible_os_family == 'Debian' + when: ansible_facts.os_family == 'Debian' - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml" - when: ansible_os_family == 'Archlinux' + when: ansible_facts.os_family == 'Archlinux' diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml index be2888030..1a86fd2bb 100644 --- a/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml @@ -5,6 +5,6 @@ --- - name: Ensure fuse installed (RedHat) - ansible.builtin.yum: + ansible.builtin.package: name: fuse state: present diff --git a/roles/custom/matrix-base/tasks/setup_matrix_base.yml b/roles/custom/matrix-base/tasks/setup_matrix_base.yml index 337017a46..472889708 100644 --- a/roles/custom/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml @@ -17,8 +17,8 @@ path: "{{ item }}" state: directory mode: "{{ matrix_base_data_path_mode }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - "{{ matrix_base_data_path }}" - "{{ matrix_bin_path }}" diff --git a/roles/custom/matrix-base/tasks/setup_matrix_user.yml b/roles/custom/matrix-base/tasks/setup_matrix_user.yml index 146452302..b2512a437 100644 --- a/roles/custom/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/custom/matrix-base/tasks/setup_matrix_user.yml @@ -7,20 +7,22 @@ - name: Ensure Matrix group is created ansible.builtin.group: - name: "{{ matrix_user_groupname }}" + name: "{{ matrix_group_name }}" gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}" state: present + system: "{{ matrix_group_system }}" register: matrix_group - name: Ensure Matrix user is created ansible.builtin.user: - name: "{{ matrix_user_username }}" + name: "{{ matrix_user_name }}" uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present - group: "{{ matrix_user_groupname }}" + group: "{{ matrix_group_name }}" home: "{{ matrix_base_data_path }}" create_home: false - system: true + system: "{{ matrix_user_system }}" + shell: "{{ matrix_user_shell }}" register: matrix_user - name: Initialize matrix_user_uid and matrix_user_gid diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml index 730b0d1d8..6100dada4 100644 --- a/roles/custom/matrix-base/tasks/validate_config.yml +++ b/roles/custom/matrix-base/tasks/validate_config.yml @@ -13,14 +13,14 @@ - name: Fail if invalid homeserver implementation ansible.builtin.fail: msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`" - when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit']" + when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit', 'continuwuity']" - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'} - {'old': 'hostname_identity', 'new': 'matrix_domain'} @@ -32,6 +32,8 @@ - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'} - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'} - {'old': 'matrix_container_global_registry_prefix', 'new': ''} + - {'old': 'matrix_user_username', 'new': 'matrix_user_name'} + - {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'} # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. - name: Fail if matrix_homeserver_generic_secret_key is undefined @@ -62,7 +64,7 @@ - name: Fail if matrix_architecture is set incorrectly ansible.builtin.fail: - msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}." + msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_facts.architecture }}." when: matrix_architecture not in ['amd64', 'arm32', 'arm64'] - name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly @@ -95,14 +97,14 @@ To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration. To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal. If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`. - when: "'matrix_mx_puppet_skype_enabled' in vars" + when: "lookup('ansible.builtin.varnames', '^matrix_mx_puppet_skype_enabled$', wantlist=True) | length > 0" - name: Fail if mautrix-instagram and mautrix-meta-instagram are in conflict ansible.builtin.fail: msg: >- Your configuration enables both the old mautrix-instagram bridge and the new mautrix-meta-instagram bridge. By default, both bridges are configured to use the same bridge bot username (`@{{ matrix_mautrix_meta_instagram_appservice_username }}:{{ matrix_domain }}`) which is a conflict. - We recommend that you disable at least one of the bridges (preferrably the old mautrix-instagram bridge), or to resolve the conflict in another way. + We recommend that you disable at least one of the bridges (preferably the old mautrix-instagram bridge), or to resolve the conflict in another way. To resolve the conflict without disabling a bridge, consider adjusting one of `matrix_mautrix_instagram_appservice_bot_username` or `matrix_mautrix_meta_instagram_appservice_username` - they both have a value of {{ matrix_mautrix_meta_instagram_appservice_username }} right now. when: - matrix_mautrix_instagram_enabled | bool diff --git a/roles/custom/matrix-base/templates/bin/remove-all.j2 b/roles/custom/matrix-base/templates/bin/remove-all.j2 index 5a0579586..e35abc462 100644 --- a/roles/custom/matrix-base/templates/bin/remove-all.j2 +++ b/roles/custom/matrix-base/templates/bin/remove-all.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True #!/bin/bash if [ "$(id -u)" != "0" ]; then diff --git a/roles/custom/matrix-bot-baibot/defaults/main.yml b/roles/custom/matrix-bot-baibot/defaults/main.yml index cbb94b5bb..d7ffcb4b5 100644 --- a/roles/custom/matrix-bot-baibot/defaults/main.yml +++ b/roles/custom/matrix-bot-baibot/defaults/main.yml @@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" # renovate: datasource=docker depName=ghcr.io/etkecc/baibot -matrix_bot_baibot_version: v1.6.0 +matrix_bot_baibot_version: v1.7.6 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}" matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}" @@ -368,16 +368,16 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "" matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true # For valid model choices, see: https://platform.openai.com/docs/models -matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o +matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5 # The prompt text to use (can be null or empty to not use a prompt). # See: https://huggingface.co/docs/transformers/en/tasks/prompting matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" # The temperature parameter controls the randomness of the generated text. # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0 -matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: 16384 -matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: ~ -matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 128000 +matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: ~ +matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: 128000 +matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 400000 matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_enabled: true matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_model_id: whisper-1 @@ -389,9 +389,10 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_response_format: opus matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_enabled: true -matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: dall-e-3 -matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: vivid -matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: 1024x1024 +matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: gpt-image-1 +matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: null +matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: null +matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality: null ######################################################################################## # # diff --git a/roles/custom/matrix-bot-baibot/tasks/install.yml b/roles/custom/matrix-bot-baibot/tasks/install.yml index c2d781e59..13a13e797 100644 --- a/roles/custom/matrix-bot-baibot/tasks/install.yml +++ b/roles/custom/matrix-bot-baibot/tasks/install.yml @@ -10,8 +10,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_baibot_base_path }}", when: true} - {path: "{{ matrix_bot_baibot_config_path }}", when: true} @@ -24,15 +24,15 @@ content: "{{ matrix_bot_baibot_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_baibot_config_path }}/config.yml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure baibot environment variables file created ansible.builtin.template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_baibot_config_path }}/env" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 - name: Ensure baibot container image is pulled @@ -56,7 +56,7 @@ dest: "{{ matrix_bot_baibot_container_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_baibot_git_pull_results - name: Ensure baibot container image is built diff --git a/roles/custom/matrix-bot-baibot/tasks/validate_config.yml b/roles/custom/matrix-bot-baibot/tasks/validate_config.yml index ee4eae03c..14d155b6e 100644 --- a/roles/custom/matrix-bot-baibot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-baibot/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_bot_baibot_config_user_mxid_localpart', when: true} - {'name': 'matrix_bot_baibot_config_user_password', when: true} @@ -37,6 +37,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_baibot_container_image_name_prefix', 'new': 'matrix_bot_baibot_container_image_registry_prefix'} diff --git a/roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2 b/roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2 index 1d613b70c..a8007a868 100644 --- a/roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2 +++ b/roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_base_url | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key | to_json }} diff --git a/roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2 b/roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2 index fbefa5a3b..7009b5546 100644 --- a/roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2 +++ b/roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_base_url | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key | to_json }} diff --git a/roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2 b/roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2 index 5f97e69fd..9e007cb3d 100644 --- a/roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2 +++ b/roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_base_url | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key | to_json }} diff --git a/roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2 b/roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2 index aada4234e..37ceeaada 100644 --- a/roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2 +++ b/roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True base_url: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_base_url | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key | to_json }} @@ -35,4 +35,5 @@ image_generation: model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id | to_json }} style: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style | to_json }} size: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size | to_json }} + quality: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality | to_json }} {% endif %} diff --git a/roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2 b/roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2 index 01b6c0a06..e9b01fb0a 100644 --- a/roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2 +++ b/roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix baibot bot {% for service in matrix_bot_baibot_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 35d583f8c..89bf6d48f 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -39,8 +39,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_buscarron_config_path }}", when: true} - {path: "{{ matrix_bot_buscarron_data_path }}", when: true} @@ -52,8 +52,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_bot_buscarron_config_path }}/{{ item }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 with_items: - env @@ -78,7 +78,7 @@ dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_buscarron_git_pull_results when: "matrix_bot_buscarron_container_image_self_build | bool" diff --git a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml index 45e6690e2..97b765235 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml @@ -10,7 +10,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_buscarron_noencryption', 'new': ''} - {'old': 'matrix_bot_buscarron_spam_hosts', 'new': ''} @@ -22,7 +22,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_bot_buscarron_password', when: true} - {'name': 'matrix_bot_buscarron_hostname', when: true} diff --git a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 index c5ed0f3e0..3593fff97 100644 --- a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix web forms bot {% for service in matrix_bot_buscarron_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-chatgpt/tasks/install.yml b/roles/custom/matrix-bot-chatgpt/tasks/install.yml index 1f2beae64..ff54aad3a 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/install.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/install.yml @@ -10,20 +10,20 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_chatgpt_config_path }}", when: true} - {path: "{{ matrix_bot_chatgpt_data_path }}", when: true} - - {path: "{{ matrix_bot_chatgpt_container_src_path }}", when: matrix_bot_chatgpt_container_image_self_build} + - {path: "{{ matrix_bot_chatgpt_container_src_path }}", when: "{{ matrix_bot_chatgpt_container_image_self_build }}"} when: "item.when | bool" - name: Ensure chatgpt environment variables file created ansible.builtin.template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_chatgpt_config_path }}/env" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 - name: Ensure chatgpt container image is pulled @@ -47,7 +47,7 @@ dest: "{{ matrix_bot_chatgpt_container_src_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_chatgpt_git_pull_results - name: Ensure chatgpt container image is built diff --git a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml index d9c266dad..2c175b4a5 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_bot_chatgpt_openai_api_key', when: true} - {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true} @@ -20,9 +20,9 @@ - name: Fail if OpenAI configuration not up-to-date. ansible.builtin.fail: msg: >- - Your configuration contains a varible that is no longer used. + Your configuration contains a variable that is no longer used. Please change your configuration to remove the variable (`{{ item.name }}`). - when: "item.name in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.name + '$'), wantlist=True) | length > 0" with_items: - {'name': 'matrix_bot_chatgpt_openai_email'} - {'name': 'matrix_bot_chatgpt_openai_password'} @@ -33,7 +33,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_chatgpt_docker_image', 'new': 'matrix_bot_chatgpt_container_image'} - {'old': 'matrix_bot_chatgpt_docker_image_name_prefix', 'new': 'matrix_bot_chatgpt_container_image_name_prefix'} diff --git a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 index a3a3ba219..9cef687f3 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix chatgpt bot {% for service in matrix_bot_chatgpt_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 0b2eb28d0..f1fc09112 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -12,7 +12,7 @@ matrix_bot_draupnir_enabled: true # renovate: datasource=docker depName=gnuxie/draupnir -matrix_bot_draupnir_version: "v2.2.0" +matrix_bot_draupnir_version: "v2.6.1" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" @@ -28,8 +28,18 @@ matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config" matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data" matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src" +matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}" # noqa var-naming + matrix_bot_draupnir_config_web_abuseReporting: false # noqa var-naming -matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting }}" # noqa var-naming + +matrix_bot_draupnir_config_web_port: 8080 + +# These variables are used for turning on the integration between the synapseHTTPAntispam module and Draupnir. +# Authorisation is a shared secret between Draupnir and the module just like is used by Appservices and the homeserver +# therefore the same creation mechanism is used here too. +matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: false # noqa var-naming +matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: '' # noqa var-naming + matrix_bot_draupnir_config_displayReports: "{{ matrix_bot_draupnir_config_web_abuseReporting }}" # noqa var-naming matrix_bot_draupnir_container_network: "" @@ -129,6 +139,24 @@ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand: false # noqa var-n # This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers. matrix_bot_draupnir_config_roomStateBackingStore_enabled: true # noqa var-naming +matrix_bot_draupnir_web_url: 'http://matrix-bot-draupnir' + +# This controls the URL that the module targets in Draupnir. +matrix_bot_draupnir_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_web_url }}:{{ matrix_bot_draupnir_config_web_port }}/api/1/spam_check" + +# These variables control the configuration of the Synapse module as the configuration is highly consumer dependent. +# Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant. + +matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks: + - user_may_invite + - user_may_join_room + +matrix_bot_draupnir_synapse_http_antispam_config_fail_open: + user_may_invite: true + user_may_join_room: true + +matrix_bot_draupnir_synapse_http_antispam_config_async: {} + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -157,13 +185,13 @@ matrix_bot_draupnir_configuration: "{{ matrix_bot_draupnir_configuration_yaml | # See `matrix_synapse_container_labels_traefik_enabled` or `matrix_synapse_container_labels_matrix_related_labels_enabled` matrix_bot_draupnir_container_labels_traefik_enabled: false matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_draupnir_bot_container_network }}" -matrix_bot_draupnir_container_labels_traefik_hostname: "{{ matrix_synapse_container_labels_traefik_hostname }}" -matrix_bot_draupnir_container_labels_traefik_path_regexp: "^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/" -matrix_bot_draupnir_container_labels_traefik_rule: "Host(`{{ matrix_bot_draupnir_container_labels_traefik_hostname }}`) && PathRegexp(`{{ matrix_bot_draupnir_container_labels_traefik_path_regexp }}`)" -matrix_bot_draupnir_container_labels_traefik_priority: 0 -matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ matrix_synapse_container_labels_traefik_entrypoints }}" -matrix_bot_draupnir_container_labels_traefik_tls: "{{ matrix_bot_draupnir_container_labels_traefik_entrypoints != 'web' }}" -matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_hostname: "{{ matrix_synapse_container_labels_traefik_hostname }}" # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_path_regexp: "^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$" # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_rule: "Host(`{{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_hostname }}`) && PathRegexp(`{{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_path_regexp }}`)" # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_priority: 0 # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints: "{{ matrix_synapse_container_labels_traefik_entrypoints }}" # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls: "{{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints != 'web' }}" # noqa var-naming +matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming # matrix_bot_draupnir_container_labels_traefik_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. # diff --git a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml index 042fcbb9e..5693da0a0 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_draupnir_base_path }}", when: true} - {path: "{{ matrix_bot_draupnir_config_path }}", when: true} @@ -29,8 +29,8 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0644 with_items: - src: "{{ role_path }}/templates/labels.j2" @@ -55,7 +55,7 @@ version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_draupnir_git_pull_results when: "matrix_bot_draupnir_container_image_self_build | bool" @@ -75,8 +75,8 @@ content: "{{ matrix_bot_draupnir_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_draupnir_config_path }}/production.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-bot-draupnir container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml index a876c9e4f..d9c2a698a 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml @@ -11,7 +11,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'} - {'old': 'matrix_bot_draupnir_enable_room_state_backing_store', 'new': 'matrix_bot_draupnir_config_roomStateBackingStore_enabled'} @@ -24,12 +24,19 @@ - {'old': 'matrix_bot_draupnir_web_enabled', 'new': 'matrix_bot_draupnir_config_web_enabled'} - {'old': 'matrix_bot_draupnir_abuse_reporting_enabled', 'new': 'matrix_bot_draupnir_config_web_abuseReporting'} - {'old': 'matrix_bot_draupnir_display_reports', 'new': 'matrix_bot_draupnir_config_displayReports'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_hostname', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_hostname'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_path_regexp', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_path_regexp'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_rule', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_rule'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_priority', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_priority'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_entrypoints', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_tls', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls'} + - {'old': 'matrix_bot_draupnir_container_labels_traefik_tls_certResolver', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver'} - name: Fail if required matrix-bot-draupnir variables are undefined ansible.builtin.fail: msg: "The `{{ item.name }}` variable must be defined and have a non-null value." with_items: - - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"} + - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use and not matrix_bot_draupnir_login_native }}"} - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_config_experimentalRustCrypto }}"} - {'name': 'matrix_bot_draupnir_config_managementRoom', when: true} - {'name': 'matrix_bot_draupnir_container_network', when: true} @@ -56,7 +63,7 @@ ansible.builtin.fail: msg: >- Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time. - These settings are mutually incompatible and therefore cant be used at the same time. + These settings are mutually incompatible and therefore can't be used at the same time. when: - matrix_bot_draupnir_pantalaimon_use - matrix_bot_draupnir_config_experimentalRustCrypto diff --git a/roles/custom/matrix-bot-draupnir/templates/labels.j2 b/roles/custom/matrix-bot-draupnir/templates/labels.j2 index aeab96277..15740adf5 100644 --- a/roles/custom/matrix-bot-draupnir/templates/labels.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/labels.j2 @@ -1,5 +1,6 @@ {# SPDX-FileCopyrightText: 2024 MDAD project contributors +SPDX-FileCopyrightText: 2025 Catalan Lover SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -11,8 +12,9 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_draupnir_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port=8080 +traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port={{ matrix_bot_draupnir_config_web_port }} +{% if matrix_bot_draupnir_config_web_abuseReporting %} ############################################################ # # # Abuse Reports (/_matrix/client/../rooms/../report) # @@ -21,32 +23,32 @@ traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port=8080 {% set middlewares = [] %} -traefik.http.middlewares.matrix-bot-draupnir-redirect.replacepathregex.regex=^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ -traefik.http.middlewares.matrix-bot-draupnir-redirect.replacepathregex.replacement=/api/1/report/$2/$3 +traefik.http.middlewares.matrix-bot-draupnir-web-abuseReporting-redirect.replacepathregex.regex={{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_path_regexp }} +traefik.http.middlewares.matrix-bot-draupnir-web-abuseReporting-redirect.replacepathregex.replacement=/api/1/report/$2/$3 -{% set middlewares = middlewares + ['matrix-bot-draupnir-redirect'] %} +{% set middlewares = middlewares + ['matrix-bot-draupnir-web-abuseReporting-redirect'] %} -traefik.http.middlewares.matrix-bot-draupnir-cors.headers.accesscontrolalloworiginlist=* -traefik.http.middlewares.matrix-bot-draupnir-cors.headers.accesscontrolallowheaders=Content-Type,Authorization -traefik.http.middlewares.matrix-bot-draupnir-cors.headers.accesscontrolallowmethods=POST,OPTIONS +traefik.http.middlewares.matrix-bot-draupnir-web-abuseReporting-cors.headers.accesscontrolalloworiginlist=* +traefik.http.middlewares.matrix-bot-draupnir-web-abuseReporting-cors.headers.accesscontrolallowheaders=Content-Type,Authorization +traefik.http.middlewares.matrix-bot-draupnir-web-abuseReporting-cors.headers.accesscontrolallowmethods=POST,OPTIONS -{% set middlewares = middlewares + ['matrix-bot-draupnir-cors'] %} +{% set middlewares = middlewares + ['matrix-bot-draupnir-web-abuseReporting-cors'] %} -traefik.http.routers.matrix-bot-draupnir.rule={{ matrix_bot_draupnir_container_labels_traefik_rule }} +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.rule={{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_rule }} -{% if matrix_bot_draupnir_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-bot-draupnir.priority={{ matrix_bot_draupnir_container_labels_traefik_priority }} +{% if matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_priority | int > 0 %} +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.priority={{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_priority }} {% endif %} {% if middlewares | length > 0 %} -traefik.http.routers.matrix-bot-draupnir.middlewares={{ middlewares | join(',') }} +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.middlewares={{ middlewares | join(',') }} {% endif %} -traefik.http.routers.matrix-bot-draupnir.service=matrix-bot-draupnir -traefik.http.routers.matrix-bot-draupnir.entrypoints={{ matrix_bot_draupnir_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-bot-draupnir.tls={{ matrix_bot_draupnir_container_labels_traefik_tls | to_json }} +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.service=matrix-bot-draupnir +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.entrypoints={{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints }} +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.tls={{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls | to_json }} -{% if matrix_bot_draupnir_container_labels_traefik_tls %} -traefik.http.routers.matrix-bot-draupnir.tls.certResolver={{ matrix_bot_draupnir_container_labels_traefik_tls_certResolver }} +{% if matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls %} +traefik.http.routers.matrix-bot-draupnir-web-abuseReporting.tls.certResolver={{ matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver }} {% endif %} ############################################################ @@ -55,5 +57,6 @@ traefik.http.routers.matrix-bot-draupnir.tls.certResolver={{ matrix_bot_draupnir # # ############################################################ {% endif %} +{% endif %} {{ matrix_bot_draupnir_container_labels_traefik_labels_additional_labels }} diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index d3184c273..874a3badd 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -7,7 +7,8 @@ SPDX-FileCopyrightText: 2024 Suguru Hirahara SPDX-License-Identifier: AGPL-3.0-or-later #} -# Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API), +# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API), +# set this to the pantalaimon URL if you're using that. homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }} # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), @@ -22,7 +23,10 @@ accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }} {% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %} # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) pantalaimon: - # Set to `true` when the bot is to login and fetch the access token on its own. + # Whether or not Draupnir will use pantalaimon to access the matrix homeserver, + # set to `true` if you're using pantalaimon. + # + # Be sure to point homeserverUrl to the pantalaimon instance. # # Draupnir will log in using the given username and password once, # then store the resulting access token in a file under dataPath. @@ -34,13 +38,14 @@ pantalaimon: # The password Draupnir will login with. # # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. - # This option can be loaded from a file by passing "--password-path " at the command line, + # This option can be loaded from a file by passing "--pantalaimon-password-path " at the command line, # which would allow using secret management systems such as systemd's service credentials. password: {{ matrix_bot_draupnir_password | to_json }} {% endif %} -# Experimental usage of the matrix-bot-sdk rust crypto. This can not be used with Pantalaimon. -# Make sure Pantalaimon is disabled in Draupnir's configuration. +# Experimental usage of the matrix-bot-sdk rust crypto. +# This can not be used with Pantalaimon. +# Make sure to setup the bot as if you are not using pantalaimon for this. # # Warning: At this time this is not considered production safe. experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }} @@ -68,22 +73,12 @@ recordIgnoredInvites: false # (see verboseLogging to adjust this a bit.) managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }} -# Deprecated and will be removed in a future version. -# Running with verboseLogging is unsupported. -# Whether Draupnir should log a lot more messages in the room, -# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room. -verboseLogging: false - # The log level of terminal (or container) output, # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. # # This should be at INFO or DEBUG in order to get support for Draupnir problems. logLevel: "INFO" -# Whether or not Draupnir should synchronize policy lists immediately after startup. -# Equivalent to running '!draupnir sync'. -syncOnStartup: true - # Whether or not Draupnir should check moderation permissions in all protected rooms on startup. # Equivalent to running `!draupnir verify`. verifyPermissionsOnStartup: true @@ -131,11 +126,13 @@ protectAllJoinedRooms: false # of the homeserver may be more impacted. backgroundDelayMS: 500 -# Server administration commands, these commands will only work if Draupnir is +# Server administrative features. These will only work if Draupnir is # a global server administrator, and the bot's server is a Synapse instance. +# Please review https://the-draupnir-project.github.io/draupnir-documentation/bot/homeserver-administration admin: - # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room - # (with enough permissions) to "make" a user an admin. + # Whether to enable the make admin command. + # This command allows Draupnir can temporarily take control of any eligible account + # from the local homeserver in the target room (with enough permissions) to "make" another user an admin. # # This only works if a local user with enough admin permissions is present in the room. enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }} @@ -266,7 +263,7 @@ web: enabled: true # The port to expose the webserver on. Defaults to 8080. - port: 8080 + port: {{ matrix_bot_draupnir_config_web_port | to_json }} # The address to listen for requests on. Defaults to only the current # computer. @@ -286,15 +283,24 @@ web: abuseReporting: # Whether to enable this feature. enabled: {{ matrix_bot_draupnir_config_web_abuseReporting | to_json }} + # Whether to setup a endpoints for synapse-http-antispam + # https://github.com/maunium/synapse-http-antispam + # this is required for some features of Draupnir, + # such as support for room takedown policies. + # + # Please FOLLOW the instructions here: + # https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam + synapseHTTPAntispam: + enabled: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled | to_json }} + # This is a secret that you must place into your synapse module config + # https://github.com/maunium/synapse-http-antispam?tab=readme-ov-file#configuration + authorization: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization | to_json }} {% endif %} -# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot -# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308 # Whether or not to actively poll synapse for abuse reports, to be used # instead of intercepting client calls to synapse's abuse endpoint, when that # isn't possible/practical. -#pollReports: false +pollReports: false # Whether or not new reports, received either by webapi or polling, # should be printed to our managementRoom. diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 index 1c9c72de1..e54f1c7d0 100644 --- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Draupnir bot {% for service in matrix_bot_draupnir_systemd_wanted_services_list %} @@ -25,7 +25,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --read-only \ --network={{ matrix_bot_draupnir_container_network }} \ {% if matrix_bot_draupnir_container_http_host_bind_port %} - -p {{ matrix_bot_draupnir_container_http_host_bind_port }}:8080 \ + -p {{ matrix_bot_draupnir_container_http_host_bind_port }}:{{ matrix_bot_draupnir_config_web_port }} \ {% endif %} --label-file={{ matrix_bot_draupnir_base_path }}/labels \ --mount type=bind,src={{ matrix_bot_draupnir_config_path }},dst=/data/config,ro \ diff --git a/roles/custom/matrix-bot-go-neb/tasks/install.yml b/roles/custom/matrix-bot-go-neb/tasks/install.yml index d590bc999..54cdec680 100644 --- a/roles/custom/matrix-bot-go-neb/tasks/install.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/install.yml @@ -15,8 +15,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_go_neb_config_path }}", when: true} - {path: "{{ matrix_bot_go_neb_data_path }}", when: true} @@ -28,16 +28,16 @@ content: "{{ matrix_bot_go_neb_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure go-neb support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_bot_go_neb_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - env - labels diff --git a/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index c8c028b77..d27909e4b 100644 --- a/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Go-NEB bot {% for service in matrix_bot_go_neb_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index edac46e0a..0374002e4 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -30,7 +30,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" # renovate: datasource=docker depName=ghcr.io/etkecc/honoroit -matrix_bot_honoroit_version: v0.9.27 +matrix_bot_honoroit_version: v0.9.29 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}" matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}" diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index 18730e27c..18b3e4932 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -41,8 +41,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_honoroit_config_path }}", when: true} - {path: "{{ matrix_bot_honoroit_data_path }}", when: true} @@ -54,8 +54,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_bot_honoroit_config_path }}/{{ item }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 with_items: - env @@ -80,7 +80,7 @@ dest: "{{ matrix_bot_honoroit_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_honoroit_git_pull_results when: "matrix_bot_honoroit_container_image_self_build | bool" diff --git a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml index fcaa04b68..6c0c12a19 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_bot_honoroit_homeserver', when: true} - {'name': 'matrix_bot_honoroit_password', when: true} @@ -22,6 +22,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'} diff --git a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index 3bcd8441b..1fcbbb03c 100644 --- a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix helpdesk bot {% for service in matrix_bot_honoroit_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index c26848c73..889ad62c8 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -43,6 +43,9 @@ matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_regist # The bot's password (can also be used to login via a client like Element Web) matrix_bot_matrix_registration_bot_bot_password: '' +# Optional bot command prefix +matrix_bot_matrix_registration_bot_bot_prefix: "" + # Homeserver base URL matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml index d5d590895..5e599ec50 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml @@ -9,8 +9,8 @@ state: "{{ item }}" path: "{{ matrix_bot_matrix_registration_bot_data_path }}" mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - absent - directory diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index c23ce719f..e9956a335 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -13,8 +13,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} @@ -25,8 +25,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/config.yaml.j2" dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yaml" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 - name: Ensure matrix-registration-bot image is pulled @@ -50,7 +50,7 @@ dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_matrix_registration_bot_git_pull_results - name: Ensure matrix-registration-bot image is built diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml index 8fc291061..3021c8537 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -20,7 +20,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_matrix_registration_bot_bot_access_token', 'new': ''} - {'old': 'matrix_bot_matrix_registration_bot_matrix_homeserver_url', 'new': 'matrix_bot_matrix_registration_bot_api_base_url'} diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 index b76ee9824..c5738594d 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 @@ -10,6 +10,7 @@ bot: server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }} + prefix: {{ matrix_bot_matrix_registration_bot_bot_prefix|to_json }} api: # API endpoint of the registration tokens diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index 1ad089e3d..5d78bacfc 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix registration bot {% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index ebe0815a2..664b042a8 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -43,8 +43,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true} - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true} @@ -71,7 +71,7 @@ dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_matrix_reminder_bot_git_pull_results when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool" @@ -92,8 +92,8 @@ content: "{{ matrix_bot_matrix_reminder_bot_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-reminder-bot container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml index 06781bd19..51fb49de5 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_bot_matrix_reminder_bot_matrix_user_password', when: true} - {'name': 'matrix_bot_matrix_reminder_bot_reminders_timezone', when: true} @@ -23,7 +23,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'} - {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'} diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index 823d050c2..0453cf934 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix reminder bot {% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 64e717219..e6e6694e9 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -30,7 +30,7 @@ matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" # renovate: datasource=docker depName=dock.mau.dev/maubot/maubot -matrix_bot_maubot_version: v0.5.1 +matrix_bot_maubot_version: v0.5.2 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_docker_image_registry_prefix_upstream }}" matrix_bot_maubot_docker_image_registry_prefix_upstream: "{{ matrix_bot_maubot_docker_image_registry_prefix_upstream_default }}" diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml index 973dff0c6..75f710ad0 100644 --- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml @@ -14,8 +14,8 @@ path: "{{ item.path }}" state: directory mode: 0755 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_config_path }}", when: true} @@ -31,8 +31,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/config.yaml.j2" dest: "{{ matrix_bot_maubot_config_path }}/config.yaml" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: "u=rwx" - name: Ensure maubot image is pulled @@ -56,7 +56,7 @@ dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_maubot_git_pull_results - name: Ensure maubot image is built @@ -76,8 +76,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/customizations/Dockerfile.j2" dest: "{{ matrix_bot_maubot_customized_docker_src_files_path }}/Dockerfile" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 register: matrix_bot_maubot_container_image_customizations_dockerfile_result @@ -96,8 +96,8 @@ src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_bot_maubot_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml index 11c53f8ca..f1a247aee 100644 --- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml @@ -12,7 +12,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_maubot_management_interface_port', 'new': 'matrix_bot_maubot_server_port'} - {'old': 'matrix_bot_maubot_management_interface_http_bind_port', 'new': 'matrix_bot_maubot_container_management_interface_http_bind_port'} @@ -23,7 +23,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_bot_maubot_hostname', when: true} - {'name': 'matrix_bot_maubot_path_prefix', when: true} diff --git a/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2 b/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2 index 0f2f4e508..f580a96af 100644 --- a/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2 +++ b/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True FROM {{ matrix_bot_maubot_docker_image }} {{ matrix_bot_maubot_container_image_customizations_dockerfile_body_custom }} diff --git a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 6c6174677..36082f58c 100644 --- a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Maubot {% for service in matrix_bot_maubot_systemd_required_services_list %} diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 24f24e573..317876625 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -17,7 +17,7 @@ matrix_bot_mjolnir_enabled: true # renovate: datasource=docker depName=matrixdotorg/mjolnir -matrix_bot_mjolnir_version: "v1.9.2" +matrix_bot_mjolnir_version: "v1.11.0" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml index c533948f4..8aea69a3c 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml @@ -18,8 +18,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true} - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true} @@ -46,7 +46,7 @@ version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_bot_mjolnir_git_pull_results when: "matrix_bot_mjolnir_container_image_self_build | bool" @@ -66,8 +66,8 @@ content: "{{ matrix_bot_mjolnir_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-bot-mjolnir container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml index 6b9ae0030..53ef0fdd4 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml @@ -32,6 +32,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'} diff --git a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 9c1f46733..9c2933489 100644 --- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mjolnir bot {% for service in matrix_bot_mjolnir_systemd_wanted_services_list %} diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index 6da159f0d..8a2d35c78 100644 --- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -119,7 +119,7 @@ matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml | from_yaml | combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" matrix_appservice_discord_registration_yaml: | - #jinja2: lstrip_blocks: "True" + #jinja2: lstrip_blocks: True id: appservice-discord as_token: "{{ matrix_appservice_discord_appservice_token }}" hs_token: "{{ matrix_appservice_discord_homeserver_token }}" diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index 0fddef00e..578cb4b37 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -56,8 +56,8 @@ path: "{{ item }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - "{{ matrix_appservice_discord_base_path }}" - "{{ matrix_appservice_discord_config_path }}" @@ -93,16 +93,16 @@ content: "{{ matrix_appservice_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure AppService Discord registration.yaml installed ansible.builtin.copy: content: "{{ matrix_appservice_discord_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" # If `matrix_appservice_discord_client_id` hasn't changed, the same invite link would be generated. # We intentionally suppress Ansible changes. diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml index e2be8da0a..6b46cbcb8 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_appservice_discord_client_id', when: true} - {'name': 'matrix_appservice_discord_bot_token', when: true} @@ -24,7 +24,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': ''} - {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 index a304a4f24..63c45d020 100644 --- a/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -1,8 +1,8 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True bridge: # Domain part of the bridge, e.g. matrix.org domain: {{ matrix_appservice_discord_bridge_domain|to_json }} - # This should be your publically facing URL because Discord may use it to + # This should be your publicly facing URL because Discord may use it to # fetch media from the media store. homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }} # Interval at which to process users in the 'presence queue'. If you have diff --git a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index e4a943bc2..a832b991f 100644 --- a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Appservice Discord bridge {% for service in matrix_appservice_discord_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 3ce0a176d..7ea0ee4cc 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -358,7 +358,7 @@ matrix_appservice_irc_ircService_servers: [] # noqa var-naming # # not apply an idle timeout. This value is ignored if this IRC server is # # mirroring Matrix membership lists to IRC. Default: 172800 (48 hours) # idleTimeout: 10800 -# # The number of millseconds to wait between consecutive reconnections if a +# # The number of milliseconds to wait between consecutive reconnections if a # # client gets disconnected. Setting to 0 will cause the scheduling to be # # disabled, i.e. it will be scheduled immediately (with jitter. # # Otherwise, the scheduling interval will be used such that one client diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 866d0cba3..eafa0c58f 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -80,6 +80,6 @@ devture_playbook_runtime_messages_list | default([]) + [ - "Note: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_irc_data_path }}/*.db` to `{{ matrix_appservice_irc_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." + "Note: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `" + matrix_appservice_irc_data_path + "/*.db` to `" + matrix_appservice_irc_data_path + "/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." ] }} diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml index b4cb63c86..79b51ab6f 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -22,8 +22,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_appservice_irc_base_path }}", when: true} - {path: "{{ matrix_appservice_irc_config_path }}", when: true} @@ -97,7 +97,7 @@ dest: "{{ matrix_appservice_irc_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_appservice_irc_git_pull_results when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool" @@ -118,15 +118,15 @@ content: "{{ matrix_appservice_irc_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Generate Appservice IRC passkey if it doesn't exist ansible.builtin.shell: cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" creates: "{{ matrix_appservice_irc_data_path }}/passkey.pem" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" # In the past, we used to generate the passkey.pem file with root, so permissions may not be okay. # Fix it. @@ -134,8 +134,8 @@ ansible.builtin.file: path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" # Ideally, we'd like to generate the final registration.yaml file by ourselves. # @@ -198,8 +198,8 @@ content: "{{ matrix_appservice_irc_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-irc container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml index fb7d77281..00124dc40 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_appservice_irc_appservice_token', when: true} - {'name': 'matrix_appservice_irc_homeserver_url', when: true} @@ -39,7 +39,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': ''} - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'} diff --git a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 0b50d10e2..aa26ff78b 100644 --- a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Appservice IRC bridge {% for service in matrix_appservice_irc_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index aed2476e5..8a25b6205 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -57,6 +57,9 @@ matrix_appservice_kakaotalk_command_prefix: "!kt" matrix_appservice_kakaotalk_homeserver_address: "" matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}' +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_appservice_kakaotalk_homeserver_async_media: false matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115' @@ -182,7 +185,7 @@ matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_confi # # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. # This is unlike what it does when looking up YAML template files (no automatic parsing there). -matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}" +matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2', convert_data=False) | from_json }}" # Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`. # This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`). diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml index 3c3da6765..291928df8 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -35,8 +35,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true} - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true} @@ -51,7 +51,7 @@ version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_appservice_kakaotalk_git_pull_results when: "matrix_appservice_kakaotalk_container_image_self_build | bool" @@ -84,24 +84,24 @@ content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}" dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-kakaotalk config.yaml installed ansible.builtin.copy: content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-kakaotalk registration.yaml installed ansible.builtin.copy: content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-kakaotalk container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml index ebabe36aa..a22214c05 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_appservice_kakaotalk_appservice_token', when: true} - {'name': 'matrix_appservice_kakaotalk_homeserver_address', when: true} @@ -22,7 +22,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix'} - {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 709a59934..0f76a976b 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -21,7 +21,7 @@ homeserver: message_send_checkpoint_endpoint: null # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_appservice_kakaotalk_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 index 12f688112..cac295057 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=appservice-kakaotalk-node bridge helper {% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 index 0f5e2fe2d..3c5e15b3a 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=appservice-kakaotalk bridge {% for service in matrix_appservice_kakaotalk_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index e4b2f372f..3f3500da7 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -75,6 +75,6 @@ devture_playbook_runtime_messages_list | default([]) + [ - "Note: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_slack_data_path }}/*.db` to `{{ matrix_appservice_slack_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." + "Note: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `" + matrix_appservice_slack_data_path + "/*.db` to `" + matrix_appservice_slack_data_path + "/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." ] }} diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml index b556910f8..496c4556e 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -17,8 +17,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_appservice_slack_base_path }}", when: true} - {path: "{{ matrix_appservice_slack_config_path }}", when: true} @@ -62,7 +62,7 @@ dest: "{{ matrix_appservice_slack_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_appservice_slack_git_pull_results when: "matrix_appservice_slack_container_image_self_build | bool" @@ -83,16 +83,16 @@ content: "{{ matrix_appservice_slack_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure appservice-slack registration.yaml installed ansible.builtin.copy: content: "{{ matrix_appservice_slack_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-slack container network is created community.general.docker_network: @@ -106,8 +106,8 @@ src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_appservice_slack_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml index b35e2cdb6..ceb4e4a75 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml @@ -11,7 +11,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_appservice_slack_control_room_id', when: true} - {'name': 'matrix_appservice_slack_appservice_token', when: true} @@ -28,6 +28,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_appservice_slack_container_self_build', 'new': 'matrix_appservice_slack_container_image_self_build'} diff --git a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 36d9377ea..7c50d692c 100644 --- a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Appservice Slack bridge {% for service in matrix_appservice_slack_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 208399355..a68bbc805 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -17,8 +17,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_appservice_webhooks_base_path }}", when: true} - {path: "{{ matrix_appservice_webhooks_config_path }}", when: true} @@ -47,7 +47,7 @@ version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_appservice_webhooks_git_pull_results - name: Ensure matrix-appservice-webhooks container image is built @@ -66,32 +66,32 @@ content: "{{ matrix_appservice_webhooks_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-webhooks schema.yml template exists ansible.builtin.template: src: "{{ role_path }}/templates/schema.yml.j2" dest: "{{ matrix_appservice_webhooks_config_path }}/schema.yml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-webhooks database.json template exists ansible.builtin.template: src: "{{ role_path }}/templates/database.json.j2" dest: "{{ matrix_appservice_webhooks_data_path }}/database.json" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure appservice-webhooks registration.yaml installed ansible.builtin.copy: content: "{{ matrix_appservice_webhooks_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-appservice-webhooks container network is created community.general.docker_network: @@ -105,8 +105,8 @@ src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_appservice_webhooks_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml index 7f0d8bfec..5742c4c49 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml @@ -27,6 +27,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_appservice_webhooks_docker_image_name_prefix', 'new': 'matrix_appservice_webhooks_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index e761442cc..9e7df5c4c 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Appservice webhooks bridge {% for service in matrix_appservice_webhooks_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index e06c37c37..5fc9a2c40 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -37,6 +37,9 @@ matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_pa matrix_beeper_linkedin_homeserver_address: "" matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_beeper_linkedin_homeserver_async_media: false matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true @@ -167,5 +170,6 @@ matrix_beeper_linkedin_registration_yaml: | - exclusive: true regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username | regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index e61dc18fb..5149ddf13 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_beeper_linkedin_base_path }}", when: true} - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true} @@ -30,16 +30,16 @@ content: "{{ matrix_beeper_linkedin_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure beeper-linkedin registration.yaml installed ansible.builtin.copy: content: "{{ matrix_beeper_linkedin_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Beeper LinkedIn container image is pulled community.docker.docker_image: @@ -62,7 +62,7 @@ version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_beeper_linkedin_git_pull_results # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml index 1bc9de53a..2d9cbb3e6 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -11,7 +11,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_beeper_linkedin_appservice_token', when: true} - {'name': 'matrix_beeper_linkedin_homeserver_address', when: true} @@ -24,7 +24,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': ''} - {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index d73988cdf..2213b1fde 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. @@ -21,7 +21,7 @@ homeserver: message_send_checkpoint_endpoint: null # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_beeper_linkedin_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -67,7 +67,7 @@ appservice: bot_username: {{ matrix_beeper_linkedin_appservice_bot_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - bot_displayname: {{ matrix_beeper_linkedin_appservice_bot_displayname | to_json }} + bot_displayname: {{ matrix_beeper_linkedin_appservice_bot_displayname | to_json(ensure_ascii=False) }} bot_avatar: {{ matrix_beeper_linkedin_appservice_bot_avatar | to_json }} # Whether or not to receive ephemeral events via appservice transactions. diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index d3fe0d249..10ca9af5f 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Beeper Linkedin bridge {% for service in matrix_beeper_linkedin_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 0b8c9b3e0..92f43be70 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -159,5 +159,6 @@ matrix_go_skype_bridge_registration_yaml: | - exclusive: true regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username | regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 5d05a3540..e877e9dfd 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -40,8 +40,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_go_skype_bridge_base_path }}", when: true} - {path: "{{ matrix_go_skype_bridge_config_path }}", when: true} @@ -68,7 +68,7 @@ version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_go_skype_bridge_git_pull_results when: "matrix_go_skype_bridge_container_image_self_build | bool" @@ -122,16 +122,16 @@ content: "{{ matrix_go_skype_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure go-skype-bridge registration.yaml installed ansible.builtin.copy: content: "{{ matrix_go_skype_bridge_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-go-skype-bridge container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml index d7d20b94d..b1c73a99c 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_go_skype_bridge_appservice_token', when: true} - {'name': 'matrix_go_skype_bridge_homeserver_address', when: true} @@ -23,6 +23,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_go_skype_bridge_docker_image_name_prefix', 'new': 'matrix_go_skype_bridge_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 6e5ac7f52..219a7e97d 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. @@ -224,7 +224,7 @@ logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. - # empy/null = journal logging only + # empty/null = journal logging only file_name_format: # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" diff --git a/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 index fcd05f49e..816dd676a 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 +++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Go Skype Bridge bridge {% for service in matrix_go_skype_bridge_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml index a748464db..cbc99b51e 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -26,8 +26,8 @@ path: "{{ item }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - "{{ matrix_heisenbridge_base_path }}" @@ -36,16 +36,16 @@ content: "{{ matrix_heisenbridge_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Heisenbridge support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_heisenbridge_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml index 34e63877f..43f900514 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_heisenbridge_container_network', when: true} - {'name': 'matrix_heisenbridge_homeserver_url', when: true} diff --git a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index 556eb28c9..7810444f4 100644 --- a/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=a bouncer-style Matrix IRC bridge {% for service in matrix_heisenbridge_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 2b204cbd3..49437fa4f 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: [] matrix_hookshot_container_additional_networks_custom: [] # renovate: datasource=docker depName=halfshot/matrix-hookshot -matrix_hookshot_version: 6.0.3 +matrix_hookshot_version: 7.1.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}" @@ -74,7 +74,7 @@ matrix_hookshot_cache_redisUri: "{{ ('redis://' + matrix_hookshot_cache_redis_ho # - support to also be enabled in the homeserver, see the documentation of Hookshot. # - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_cache_redis*` variables. # See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html -matrix_hookshot_encryption_enabled: false +matrix_hookshot_encryption_enabled: "{{ matrix_bridges_encryption_enabled }}" # Controls whether metrics are enabled in the bridge configuration. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. @@ -181,22 +181,15 @@ matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hoo matrix_hookshot_generic_userIdPrefix: '_webhooks_' # noqa var-naming matrix_hookshot_generic_allowJsTransformationFunctions: false # noqa var-naming matrix_hookshot_generic_waitForComplete: false # noqa var-naming +matrix_hookshot_generic_sendExpiryNotice: false # noqa var-naming +matrix_hookshot_generic_requireExpiryTime: false # noqa var-naming +matrix_hookshot_generic_maxExpiryTime: "30d" # noqa var-naming matrix_hookshot_feeds_enabled: true matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming matrix_hookshot_feeds_pollTimeoutSeconds: 30 # noqa var-naming - -matrix_hookshot_provisioning_enabled: false -# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. -matrix_hookshot_provisioning_port: 9002 -matrix_hookshot_provisioning_secret: '' -# Provisioning will be automatically enabled if Dimension is enabled and you have provided a provisioning secret, unless you override it -matrix_hookshot_provisioning_internal: "/v1" -matrix_hookshot_provisioning_hostname: "{{ matrix_hookshot_public_hostname }}" -matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" - # Valid values: error, warn, info, debug matrix_hookshot_logging_level: warn @@ -289,15 +282,7 @@ matrix_hookshot_container_labels_widgets_traefik_entrypoints: "{{ matrix_hooksho matrix_hookshot_container_labels_widgets_traefik_tls: "{{ matrix_hookshot_container_labels_widgets_traefik_entrypoints != 'web' }}" matrix_hookshot_container_labels_widgets_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}" # noqa var-naming -# Controls whether labels will be added that expose Hookshot's provisioning endpoint -matrix_hookshot_container_labels_provisioning_enabled: "{{ matrix_hookshot_provisioning_enabled }}" -matrix_hookshot_container_labels_provisioning_traefik_rule: "Host(`{{ matrix_hookshot_provisioning_hostname }}`) && PathPrefix(`{{ matrix_hookshot_provisioning_endpoint }}`)" -matrix_hookshot_container_labels_provisioning_traefik_priority: 0 -matrix_hookshot_container_labels_provisioning_traefik_entrypoints: "{{ matrix_hookshot_container_labels_traefik_entrypoints }}" -matrix_hookshot_container_labels_provisioning_traefik_tls: "{{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints != 'web' }}" -matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}" # noqa var-naming - -# Controls whether labels will be added that expose Hookshot's provisioning endpoint +# Controls whether labels will be added that expose Hookshot's metrics endpoint matrix_hookshot_container_labels_metrics_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_hookshot_metrics_proxying_enabled }}" matrix_hookshot_container_labels_metrics_traefik_rule: "Host(`{{ matrix_hookshot_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_hookshot_metrics_proxying_path_prefix }}`)" matrix_hookshot_container_labels_metrics_traefik_priority: 0 diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml index a44edff15..68e5ef920 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml @@ -21,8 +21,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_hookshot_base_path }}", when: true} - {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"} @@ -47,7 +47,7 @@ version: "{{ matrix_hookshot_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_hookshot_git_pull_results when: "matrix_hookshot_container_image_self_build | bool" @@ -73,7 +73,7 @@ cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096" creates: "{{ matrix_hookshot_base_path }}/passkey.pem" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" when: "not hookshot_passkey_file.stat.exists" - name: Ensure hookshot config.yml installed if provided @@ -81,8 +81,8 @@ content: "{{ matrix_hookshot_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/config.yml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Validate hookshot config.yml ansible.builtin.command: @@ -107,16 +107,16 @@ content: "{{ matrix_hookshot_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/registration.yml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure hookshot github private key file installed if github is enabled ansible.builtin.copy: content: "{{ matrix_hookshot_github_private_key }}" dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" mode: 0400 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" when: matrix_hookshot_github_enabled | bool and matrix_hookshot_github_private_key|length > 0 - name: Ensure matrix-hookshot container network is created @@ -131,8 +131,8 @@ src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_hookshot_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml index 1c35abe88..5364b063c 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml @@ -11,7 +11,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'} - {'old': 'matrix_hookshot_generic_urlprefix', 'new': 'matrix_hookshot_generic_urlPrefix'} @@ -39,6 +39,13 @@ - {'old': 'matrix_hookshot_queue_port', 'new': 'matrix_hookshot_cache_redis_port'} - {'old': 'matrix_hookshot_experimental_encryption_enabled', 'new': 'matrix_hookshot_encryption_enabled'} - {'old': 'matrix_hookshot_docker_image_name_prefix', 'new': 'matrix_hookshot_docker_image_registry_prefix'} + - {'old': 'matrix_hookshot_provisioning_enabled', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_port', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_secret', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_internal', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_hostname', 'new': ''} + - {'old': 'matrix_hookshot_provisioning_endpoint', 'new': ''} + - {'old': 'matrix_hookshot_container_labels_provisioning_enabled', 'new': ''} - name: Fail if required Hookshot settings not defined ansible.builtin.fail: @@ -92,14 +99,6 @@ You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma. when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0" -- name: Fail if required provisioning settings not defined - ansible.builtin.fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`) to enable provisioning. - when: "matrix_hookshot_provisioning_enabled and vars[item] == ''" - with_items: - - "matrix_hookshot_provisioning_secret" - - name: Fail if no Redis queue enabled when Hookshot encryption is enabled ansible.builtin.fail: msg: >- @@ -117,4 +116,4 @@ with_items: - matrix_hookshot_proxy_metrics - matrix_hookshot_metrics_endpoint - when: "item in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item + '$'), wantlist=True) | length > 0" diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 index c476f6b4b..0e993f9d0 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True bridge: # Basic homeserver configuration # @@ -80,6 +80,9 @@ generic: userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }} allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }} waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }} + sendExpiryNotice: {{ matrix_hookshot_generic_sendExpiryNotice | to_json }} + requireExpiryTime: {{ matrix_hookshot_generic_requireExpiryTime | to_json }} + maxExpiryTime: {{ matrix_hookshot_generic_maxExpiryTime | to_json }} {% endif %} {% if matrix_hookshot_feeds_enabled %} feeds: @@ -89,12 +92,6 @@ feeds: pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }} pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }} {% endif %} -{% if matrix_hookshot_provisioning_enabled %} -provisioning: - # (Optional) Provisioning API for integration managers - # - secret: {{ matrix_hookshot_provisioning_secret | to_json }} -{% endif %} passFile: # A passkey used to encrypt tokens stored inside the bridge. # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate @@ -103,7 +100,7 @@ passFile: bot: # (Optional) Define profile information for the bot user # - displayname: {{ matrix_hookshot_bot_displayname | to_json }} + displayname: {{ matrix_hookshot_bot_displayname | to_json(ensure_ascii=False) }} avatar: {{ matrix_hookshot_bot_avatar | to_json }} metrics: # (Optional) Prometheus metrics support @@ -143,7 +140,7 @@ permissions: {{ matrix_hookshot_permissions | to_json }} listeners: # (Optional) HTTP Listener configuration. # Bind resource endpoints to ports and addresses. - # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice + # 'resources' may be any of webhooks, widgets, metrics # {# always enabled since all services need it #} - port: {{ matrix_hookshot_webhook_port }} @@ -156,12 +153,6 @@ listeners: resources: - metrics {% endif %} -{% if matrix_hookshot_provisioning_enabled %} - - port: {{ matrix_hookshot_provisioning_port }} - bindAddress: 0.0.0.0 - resources: - - provisioning -{% endif %} {% if matrix_hookshot_widgets_enabled %} - port: {{ matrix_hookshot_widgets_port }} bindAddress: 0.0.0.0 diff --git a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 index d7a36da4d..68dfaa906 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 @@ -14,7 +14,6 @@ traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_networ traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }} traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }} traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }} -traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }} traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }} {% if matrix_hookshot_container_labels_webhooks_enabled %} @@ -118,37 +117,6 @@ traefik.http.routers.matrix-hookshot-widgets.tls.certResolver={{ matrix_hookshot ############################################################ {% endif %} -{% if matrix_hookshot_container_labels_provisioning_enabled %} -############################################################ -# # -# Provisioning # -# # -############################################################ - -traefik.http.middlewares.matrix-hookshot-provisioning-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_provisioning_endpoint }} - -traefik.http.routers.matrix-hookshot-provisioning.rule={{ matrix_hookshot_container_labels_provisioning_traefik_rule }} -traefik.http.routers.matrix-hookshot-provisioning.middlewares=matrix-hookshot-provisioning-strip-prefix - -{% if matrix_hookshot_container_labels_provisioning_traefik_priority | int > 0 %} -traefik.http.routers.matrix-hookshot-provisioning.priority={{ matrix_hookshot_container_labels_provisioning_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-hookshot-provisioning.service=matrix-hookshot-provisioning -traefik.http.routers.matrix-hookshot-provisioning.entrypoints={{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints }} - -traefik.http.routers.matrix-hookshot-provisioning.tls={{ matrix_hookshot_container_labels_provisioning_traefik_tls | to_json }} -{% if matrix_hookshot_container_labels_provisioning_traefik_tls %} -traefik.http.routers.matrix-hookshot-provisioning.tls.certResolver={{ matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver }} -{% endif %} - -############################################################ -# # -# /Provisioning # -# # -############################################################ -{% endif %} - {% if matrix_hookshot_container_labels_metrics_enabled %} ############################################################ diff --git a/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 index 2e617df76..92eda8e4d 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True id: matrix-hookshot # This can be anything, but must be unique within your homeserver as_token: {{ matrix_hookshot_appservice_token|to_json }} # This again can be a random string hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this @@ -32,5 +32,6 @@ rate_limited: false {% if matrix_hookshot_encryption_enabled %} de.sorunome.msc2409.push_ephemeral: true push_ephemeral: true +receive_ephemeral: true org.matrix.msc3202: true {% endif %} diff --git a/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index 3ad5df541..5b698e2e1 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. {% for service in matrix_hookshot_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml index db743b0eb..561a5c046 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml @@ -14,7 +14,7 @@ matrix_mautrix_bluesky_container_image_self_build_repo: "https://github.com/maut matrix_mautrix_bluesky_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_bluesky_version == 'latest' else matrix_mautrix_bluesky_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/bluesky -matrix_mautrix_bluesky_version: v0.1.1 +matrix_mautrix_bluesky_version: v0.1.2 # See: https://mau.dev/tulir/mautrix-bluesky/container_registry matrix_mautrix_bluesky_docker_image: "{{ matrix_mautrix_bluesky_docker_image_registry_prefix }}mautrix/bluesky:{{ matrix_mautrix_bluesky_version }}" matrix_mautrix_bluesky_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_bluesky_container_image_self_build else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream }}" @@ -28,12 +28,22 @@ matrix_mautrix_bluesky_data_path: "{{ matrix_mautrix_bluesky_base_path }}/data" matrix_mautrix_bluesky_docker_src_files_path: "{{ matrix_mautrix_bluesky_base_path }}/docker-src" matrix_mautrix_bluesky_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_bluesky_homeserver_async_media: false matrix_mautrix_bluesky_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340' +matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + # A public address that external services can use to reach this appservice. matrix_mautrix_bluesky_appservice_public_address: '' +# Displayname template for Bluesky users. +# {{ .DisplayName }} is replaced with the display name of the Bluesky user. +# {{ .Username }} is replaced with the username of the Bluesky user. +matrix_mautrix_bluesky_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Bluesky)" + matrix_mautrix_bluesky_bridge_command_prefix: "!bs" matrix_mautrix_bluesky_bridge_permissions: | @@ -187,6 +197,7 @@ matrix_mautrix_bluesky_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled | to_json }} matrix_mautrix_bluesky_registration: "{{ matrix_mautrix_bluesky_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-bluesky/tasks/setup_install.yml index 305ac5730..ed2f7e6b9 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-bluesky/tasks/setup_install.yml @@ -24,8 +24,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_bluesky_base_path }}", when: true} - {path: "{{ matrix_mautrix_bluesky_config_path }}", when: true} @@ -40,7 +40,7 @@ dest: "{{ matrix_mautrix_bluesky_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_bluesky_git_pull_results when: "matrix_mautrix_bluesky_enabled | bool and matrix_mautrix_bluesky_container_image_self_build" @@ -60,24 +60,24 @@ content: "{{ matrix_mautrix_bluesky_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_bluesky_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-bluesky registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_bluesky_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_bluesky_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-bluesky support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_bluesky_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-bluesky/tasks/validate_config.yml index e14168283..cc73aedd6 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-bluesky/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_bluesky_appservice_token', when: true} - {'name': 'matrix_mautrix_bluesky_homeserver_address', when: true} @@ -25,6 +25,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_bluesky_docker_image_name_prefix', 'new': 'matrix_mautrix_bluesky_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 index 156c68048..03ea60d2d 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Proxy to use for all Bluesky connections. @@ -11,7 +11,7 @@ network: # {{ .DisplayName }} is replaced with the display name of the Bluesky user. # {{ .Username }} is replaced with the username of the Bluesky user. # {% endraw %} - displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Bluesky)" + displayname_template: {{ matrix_mautrix_bluesky_network_displayname_template | to_json }} # Maximum number of conversations to sync on startup conversation_sync_limit: 20 @@ -164,7 +164,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_bluesky_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -199,7 +199,7 @@ appservice: username: {{ matrix_mautrix_bluesky_appservice_bot_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - displayname: {{ matrix_mautrix_bluesky_appservice_bot_displayname | to_json }} + displayname: {{ matrix_mautrix_bluesky_appservice_bot_displayname | to_json(ensure_ascii=False) }} avatar: {{ matrix_mautrix_bluesky_appservice_bot_avatar | to_json }} # Whether to receive ephemeral events via appservice transactions. @@ -209,10 +209,6 @@ appservice: # However, messages will not be guaranteed to be bridged in the same order they were sent in. # This value doesn't affect the registration file. async_transactions: false - # Whether to use MSC4190 instead of appservice login to create the bridge bot device. - # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. - # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). - msc4190: false # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: {{ matrix_mautrix_bluesky_appservice_token | to_json }} @@ -358,6 +354,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: {{ matrix_mautrix_bluesky_bridge_encryption_appservice | to_json }} + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_bluesky_bridge_encryption_key_sharing_allow | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/templates/systemd/matrix-mautrix-bluesky.service.j2 b/roles/custom/matrix-bridge-mautrix-bluesky/templates/systemd/matrix-mautrix-bluesky.service.j2 index 5dd291dd2..550c6f226 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/templates/systemd/matrix-mautrix-bluesky.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-bluesky/templates/systemd/matrix-mautrix-bluesky.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Bluesky bridge {% for service in matrix_mautrix_bluesky_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index fa1a8e777..f202510bb 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -21,7 +21,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord -matrix_mautrix_discord_version: v0.7.2 +matrix_mautrix_discord_version: v0.7.5 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_registry_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" @@ -36,9 +36,14 @@ matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data" matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src" matrix_mautrix_discord_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_discord_homeserver_async_media: false matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" +matrix_mautrix_discord_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + matrix_mautrix_discord_bridge_command_prefix: "!discord" # Publicly accessible base URL that Discord can use to reach the bridge, used for avatars in relay mode. @@ -224,6 +229,8 @@ matrix_mautrix_discord_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }} matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml index e08b1c34c..58defde8a 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -40,8 +40,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_discord_base_path }}", when: true} - {path: "{{ matrix_mautrix_discord_config_path }}", when: true} @@ -68,7 +68,7 @@ version: "{{ matrix_mautrix_discord_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_discord_git_pull_results when: "matrix_mautrix_discord_container_image_self_build | bool" @@ -89,24 +89,24 @@ content: "{{ matrix_mautrix_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_discord_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-discord registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_discord_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_discord_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-discord support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_discord_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml index a354dbcd6..d61b33e97 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_discord_appservice_token', when: true} - {'name': 'matrix_mautrix_discord_homeserver_address', when: true} @@ -26,7 +26,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_discord_login_shared_secret', 'new': ''} - {'old': 'matrix_mautrix_discord_homeserver_public_address', 'new': 'matrix_mautrix_discord_bridge_public_address'} diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 index c859c1149..061cc3c82 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. @@ -16,7 +16,7 @@ homeserver: # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_discord_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -61,7 +61,7 @@ appservice: username: {{ matrix_mautrix_discord_appservice_bot_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - displayname: {{ matrix_mautrix_discord_appservice_bot_displayname | to_json }} + displayname: {{ matrix_mautrix_discord_appservice_bot_displayname | to_json(ensure_ascii=False) }} avatar: {{ matrix_mautrix_discord_appservice_bot_avatar | to_json }} # Whether or not to receive ephemeral events via appservice transactions. @@ -268,6 +268,11 @@ bridge: appservice: {{ matrix_mautrix_discord_bridge_encryption_appservice | to_json}} # Require encryption, drop any unencrypted messages. require: {{ matrix_mautrix_discord_bridge_encryption_require | to_json }} + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 index 9344d7866..3a5de31e2 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Discord bridge {% for service in matrix_mautrix_discord_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 0fe7f52f1..0468d92d5 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -37,6 +37,9 @@ matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_ matrix_mautrix_facebook_command_prefix: "!fb" matrix_mautrix_facebook_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_facebook_homeserver_async_media: false matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' # Whether or not the public-facing endpoints should be enabled (web-based login) @@ -214,6 +217,7 @@ matrix_mautrix_facebook_registration_yaml: | sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 36fe8fabb..b3b8aeabc 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -59,8 +59,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_facebook_base_path }}", when: true} - {path: "{{ matrix_mautrix_facebook_config_path }}", when: true} @@ -75,7 +75,7 @@ version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_facebook_git_pull_results when: "matrix_mautrix_facebook_container_image_self_build | bool" @@ -117,24 +117,24 @@ content: "{{ matrix_mautrix_facebook_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-facebook registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_facebook_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-facebook support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_facebook_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index aaab4839f..8d141ec08 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -12,7 +12,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_facebook_public_endpoint', 'new': 'matrix_mautrix_facebook_appservice_public_prefix'} - {'old': 'matrix_mautrix_facebook_docker_image_name_prefix', 'new': 'matrix_mautrix_facebook_docker_image_registry_prefix'} @@ -21,7 +21,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_facebook_appservice_public_hostname', when: "{{ matrix_mautrix_facebook_appservice_public_enabled }}"} - {'name': 'matrix_mautrix_facebook_appservice_public_prefix', when: "{{ matrix_mautrix_facebook_appservice_public_enabled }}"} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 7280ec12d..8e3a6f2db 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. @@ -14,7 +14,7 @@ homeserver: asmux: false # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_mautrix_facebook_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 754c48885..441848a08 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Facebook bridge {% for service in matrix_mautrix_facebook_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 1809f6177..d1196b29a 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages -matrix_mautrix_gmessages_version: v0.6.1 +matrix_mautrix_gmessages_version: v0.6.5 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" @@ -33,9 +33,14 @@ matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/da matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src" matrix_mautrix_gmessages_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_gmessages_homeserver_async_media: false matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" +matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + matrix_mautrix_gmessages_backfill_enabled: true matrix_mautrix_gmessages_backfill_max_initial_messages: 50 matrix_mautrix_gmessages_backfill_max_catchup_messages: 500 @@ -212,5 +217,7 @@ matrix_mautrix_gmessages_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled | to_json }} matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml index 777dceab7..f1cb7af83 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml @@ -40,8 +40,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_gmessages_base_path }}", when: true} - {path: "{{ matrix_mautrix_gmessages_config_path }}", when: true} @@ -68,7 +68,7 @@ version: "{{ matrix_mautrix_gmessages_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_gmessages_git_pull_results when: "matrix_mautrix_gmessages_container_image_self_build | bool" @@ -122,16 +122,16 @@ content: "{{ matrix_mautrix_gmessages_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_gmessages_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-gmessages registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_gmessages_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_gmessages_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-mautrix-gmessages.service installed ansible.builtin.template: @@ -144,8 +144,8 @@ src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_gmessages_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml index 6b1b76e1d..ddd142b72 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_gmessages_appservice_token', when: true} - {'name': 'matrix_mautrix_gmessages_homeserver_address', when: true} @@ -25,7 +25,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'} - {'old': 'matrix_mautrix_gmessages_bridge_mute_bridging', 'new': ''} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 index 3fd39a78a..0f72c1f42 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Displayname template for SMS users. @@ -168,7 +168,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_gmessages_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -354,6 +354,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: {{ matrix_mautrix_gmessages_bridge_encryption_appservice | to_json }} + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 index af3c1731f..e0fa1ab0d 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix gmessages bridge {% for service in matrix_mautrix_gmessages_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index 213573c11..ee0eb4748 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -199,6 +199,7 @@ matrix_mautrix_googlechat_registration_yaml: | sender_localpart: _bot_{{ matrix_mautrix_googlechat_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index d7cc1f1d5..84b3ffcc5 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -54,8 +54,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_googlechat_base_path }}", when: true} - {path: "{{ matrix_mautrix_googlechat_config_path }}", when: true} @@ -70,7 +70,7 @@ dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_googlechat_git_pull_results when: "matrix_mautrix_googlechat_container_image_self_build | bool" @@ -112,24 +112,24 @@ content: "{{ matrix_mautrix_googlechat_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-googlechat registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_googlechat_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-googlechat support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_googlechat_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml index 9e2b20132..ea1359c35 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml @@ -11,7 +11,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_googlechat_public_endpoint', when: true} - {'name': 'matrix_mautrix_googlechat_appservice_token', when: true} @@ -29,6 +29,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_googlechat_docker_image_name_prefix', 'new': 'matrix_mautrix_googlechat_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index e7ee4394f..83b13f6cf 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index 5b38523fe..ee156134c 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix googlechat bridge {% for service in matrix_mautrix_googlechat_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 1304d7586..23c2c85eb 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -183,6 +183,7 @@ matrix_mautrix_instagram_registration_yaml: | sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 21e4e5f44..2058e9b61 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -27,8 +27,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_instagram_base_path }}", when: true} - {path: "{{ matrix_mautrix_instagram_config_path }}", when: true} @@ -43,7 +43,7 @@ dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_instagram_git_pull_results when: "matrix_mautrix_instagram_container_image_self_build | bool" @@ -64,24 +64,24 @@ content: "{{ matrix_mautrix_instagram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-instagram registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_instagram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-instagram support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_instagram_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml index f86e3e243..80259cbda 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_instagram_appservice_token', when: true} - {'name': 'matrix_mautrix_instagram_homeserver_address', when: true} @@ -24,6 +24,6 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_instagram_docker_image_name_prefix', 'new': 'matrix_mautrix_instagram_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index d200ebcd6..428bae149 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 35248d9d1..55356d443 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Instagram bridge {% for service in matrix_mautrix_instagram_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 85b1cce2a..cc78fbc0d 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta -matrix_mautrix_meta_instagram_version: v0.4.5 +matrix_mautrix_meta_instagram_version: v0.5.3 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config" @@ -116,6 +116,9 @@ matrix_mautrix_meta_instagram_database_sslmode: disable matrix_mautrix_meta_instagram_database_connection_string: 'postgres://{{ matrix_mautrix_meta_instagram_database_username }}:{{ matrix_mautrix_meta_instagram_database_password }}@{{ matrix_mautrix_meta_instagram_database_hostname }}:{{ matrix_mautrix_meta_instagram_database_port }}/{{ matrix_mautrix_meta_instagram_database_name }}?sslmode={{ matrix_mautrix_meta_instagram_database_sslmode }}' matrix_mautrix_meta_instagram_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_meta_instagram_homeserver_async_media: false matrix_mautrix_meta_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_meta_instagram_homeserver_token: '' @@ -123,6 +126,8 @@ matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}" +matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons: # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger # - it's easy for users - you may change the mode, but the bot is always at `@messengerbot:example.com` @@ -297,5 +302,7 @@ matrix_mautrix_meta_instagram_registration_yaml: | sender_localpart: _bot_{{ matrix_mautrix_meta_instagram_appservice_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled | to_json }} matrix_mautrix_meta_instagram_registration: "{{ matrix_mautrix_meta_instagram_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml index 4f3749c1e..c70949ccd 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml @@ -49,8 +49,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_meta_instagram_base_path }}", when: true} - {path: "{{ matrix_mautrix_meta_instagram_config_path }}", when: true} @@ -67,7 +67,7 @@ version: "{{ matrix_mautrix_meta_instagram_container_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_meta_instagram_git_pull_results - name: Ensure mautrix-meta-instagram container image is built @@ -86,24 +86,24 @@ content: "{{ matrix_mautrix_meta_instagram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_meta_instagram_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-meta-instagram registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_meta_instagram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_meta_instagram_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-meta-instagram support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_meta_instagram_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml index 62ea8d204..6df63b15c 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_meta_instagram_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_instagram_metrics_proxying_enabled }}"} - {'name': 'matrix_mautrix_meta_instagram_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_instagram_metrics_proxying_enabled }}"} @@ -25,7 +25,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret', 'new': ''} - {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom', 'new': ''} diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 index e905b1771..06f7f2080 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Which service is this bridge for? Available options: @@ -181,7 +181,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_meta_instagram_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -212,7 +212,7 @@ appservice: username: {{ matrix_mautrix_meta_instagram_appservice_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - displayname: {{ matrix_mautrix_meta_instagram_appservice_displayname | to_json }} + displayname: {{ matrix_mautrix_meta_instagram_appservice_displayname | to_json(ensure_ascii=False) }} avatar: {{ matrix_mautrix_meta_instagram_appservice_avatar | to_json }} # Whether to receive ephemeral events via appservice transactions. @@ -367,6 +367,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }} + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/systemd/matrix-mautrix-meta.service.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/systemd/matrix-mautrix-meta.service.j2 index e72e911f2..e9fc2eccb 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/systemd/matrix-mautrix-meta.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/systemd/matrix-mautrix-meta.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=mautrix-meta bridge ({{ matrix_mautrix_meta_instagram_identifier }}) {% for service in matrix_mautrix_meta_instagram_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index f644aec5a..646476807 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta -matrix_mautrix_meta_messenger_version: v0.4.5 +matrix_mautrix_meta_messenger_version: v0.5.3 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config" @@ -117,12 +117,17 @@ matrix_mautrix_meta_messenger_database_connection_string: 'postgres://{{ matrix_ matrix_mautrix_meta_messenger_homeserver_address: "" matrix_mautrix_meta_messenger_homeserver_domain: '{{ matrix_domain }}' +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_meta_messenger_homeserver_async_media: false matrix_mautrix_meta_messenger_homeserver_token: '' matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319" matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}" +matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons: # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger # - it's easy for users - you may change the mode, but the bot is always at `@messengerbot:example.com` @@ -297,5 +302,7 @@ matrix_mautrix_meta_messenger_registration_yaml: | sender_localpart: _bot_{{ matrix_mautrix_meta_messenger_appservice_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled | to_json }} matrix_mautrix_meta_messenger_registration: "{{ matrix_mautrix_meta_messenger_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml index ef09d425b..80235cc3a 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml @@ -49,8 +49,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_meta_messenger_base_path }}", when: true} - {path: "{{ matrix_mautrix_meta_messenger_config_path }}", when: true} @@ -67,7 +67,7 @@ version: "{{ matrix_mautrix_meta_messenger_container_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_meta_messenger_git_pull_results - name: Ensure mautrix-meta-messenger container image is built @@ -86,24 +86,24 @@ content: "{{ matrix_mautrix_meta_messenger_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_meta_messenger_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-meta-messenger registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_meta_messenger_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_meta_messenger_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-meta-messenger support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_meta_messenger_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml index db8bb4fb1..5a005f1e2 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"} - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"} @@ -25,7 +25,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret', 'new': ''} - {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom', 'new': ''} diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 index b5f9404b3..055268aaf 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Which service is this bridge for? Available options: @@ -181,7 +181,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_meta_messenger_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -212,7 +212,7 @@ appservice: username: {{ matrix_mautrix_meta_messenger_appservice_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - displayname: {{ matrix_mautrix_meta_messenger_appservice_displayname | to_json }} + displayname: {{ matrix_mautrix_meta_messenger_appservice_displayname | to_json(ensure_ascii=False) }} avatar: {{ matrix_mautrix_meta_messenger_appservice_avatar | to_json }} # Whether to receive ephemeral events via appservice transactions. @@ -367,6 +367,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }} + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/systemd/matrix-mautrix-meta.service.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/systemd/matrix-mautrix-meta.service.j2 index 92439132e..adf8a9c4e 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/systemd/matrix-mautrix-meta.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/systemd/matrix-mautrix-meta.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=mautrix-meta bridge ({{ matrix_mautrix_meta_messenger_identifier }}) {% for service in matrix_mautrix_meta_messenger_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 790f03b16..e4a77a5ed 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/ matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal -matrix_mautrix_signal_version: v0.8.1 +matrix_mautrix_signal_version: v0.8.6 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}" @@ -42,10 +42,23 @@ matrix_mautrix_signal_docker_src_files_path: "{{ matrix_mautrix_signal_base_path matrix_mautrix_signal_homeserver_address: "" matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_signal_homeserver_async_media: false matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080" +matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + matrix_mautrix_signal_command_prefix: "!signal" +# Displayname template for Signal users. +# {{.ProfileName}} - The Signal profile name set by the user. +# {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. +# {{.PhoneNumber}} - The phone number of the user. +# {{.UUID}} - The UUID of the Signal user. +# {{.AboutEmoji}} - The emoji set by the user in their profile. +matrix_mautrix_signal_network_displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}" + matrix_mautrix_signal_bridge_permissions: | {{ {'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'} @@ -210,6 +223,8 @@ matrix_mautrix_signal_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_signal_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_signal_msc4190_enabled | to_json }} matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 55bcb2cb4..82ef8229a 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -45,8 +45,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_signal_base_path }}", when: true} - {path: "{{ matrix_mautrix_signal_config_path }}", when: true} @@ -73,7 +73,7 @@ version: "{{ matrix_mautrix_signal_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_signal_git_pull_results when: "matrix_mautrix_signal_container_image_self_build | bool" @@ -127,24 +127,24 @@ content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-signal registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_signal_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-signal support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_signal_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml index 1f08f1feb..93d99763d 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml @@ -12,7 +12,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_signal_appservice_token', when: true} - {'name': 'matrix_mautrix_signal_homeserver_address', when: true} @@ -27,7 +27,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_signal_log_level', 'new': 'matrix_mautrix_signal_logging_level'} - {'old': 'matrix_mautrix_signal_bridge_restricted_rooms', 'new': ''} diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index e4af6d962..f4ca2d83d 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Displayname template for Signal users. @@ -9,7 +9,7 @@ network: # {{.UUID}} - The UUID of the Signal user. # {{.AboutEmoji}} - The emoji set by the user in their profile. # {% endraw %} - displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}" + displayname_template: {{ matrix_mautrix_signal_network_displayname_template | to_json }} # Should avatars from the user's contact list be used? This is not safe on multi-user instances. use_contact_avatars: false # Should the bridge request the user's contact list from the phone on startup? @@ -159,7 +159,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_signal_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -334,6 +334,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: false + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_signal_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index f108dce1c..4b06e8529 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Signal bridge {% for service in matrix_mautrix_signal_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index b0d2406fc..71af1d915 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack -matrix_mautrix_slack_version: v0.2.0 +matrix_mautrix_slack_version: v0.2.3 # See: https://mau.dev/mautrix/slack/container_registry matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}" matrix_mautrix_slack_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_docker_image_registry_prefix_upstream }}" @@ -32,8 +32,34 @@ matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path } matrix_mautrix_slack_homeserver_address: "" matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_slack_homeserver_async_media: false matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080" +matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + +# Displayname template for Slack users. Available variables: +# .Name - The username of the user +# .Team.Name - The name of the team the channel is in +# .Team.Domain - The Slack subdomain of the team the channel is in +# .ID - The internal ID of the user +# .IsBot - Whether the user is a bot +# .Profile.DisplayName - The username or real name of the user (depending on settings) +# Variables only available for users (not bots): +# .TeamID - The internal ID of the workspace the user is in +# .TZ - The timezone region of the user (e.g. Europe/London) +# .TZLabel - The label of the timezone of the user (e.g. Greenwich Mean Time) +# .TZOffset - The UTC offset of the timezone of the user (e.g. 0) +# .Profile.RealName - The real name of the user +# .Profile.FirstName - The first name of the user +# .Profile.LastName - The last name of the user +# .Profile.Title - The job title of the user +# .Profile.Pronouns - The pronouns of the user +# .Profile.Email - The email address of the user +# .Profile.Phone - The formatted phone number of the user +matrix_mautrix_slack_network_displayname_template: '{% raw %}{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}{% endraw %}' + matrix_mautrix_slack_command_prefix: "!slack" matrix_mautrix_slack_bridge_permissions: | @@ -151,6 +177,8 @@ matrix_mautrix_slack_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_slack_msc4190_enabled | to_json }} matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}" @@ -164,3 +192,12 @@ matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsa matrix_mautrix_slack_provisioning_shared_secret: '' matrix_mautrix_slack_public_media_signing_key: '' + +# Controls whether relay mode is enabled +matrix_mautrix_slack_bridge_relay_enabled: false + +# Controls whether only admins can set themselves as relay users +matrix_mautrix_slack_bridge_relay_admin_only: true + +# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room +matrix_mautrix_slack_bridge_relay_default_relays: [] diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml index c5266dfff..51aff979f 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -39,8 +39,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_slack_base_path }}", when: true} - {path: "{{ matrix_mautrix_slack_config_path }}", when: true} @@ -67,7 +67,7 @@ version: "{{ matrix_mautrix_slack_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_slack_git_pull_results when: "matrix_mautrix_slack_container_image_self_build | bool" @@ -88,16 +88,16 @@ content: "{{ matrix_mautrix_slack_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_slack_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-slack registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_slack_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_slack_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-mautrix-slack container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml index 8265ee865..0d3adfdec 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_slack_appservice_token', when: true} - {'name': 'matrix_mautrix_slack_homeserver_address', when: true} @@ -22,7 +22,7 @@ when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('') ansible.builtin.fail: msg: | - The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit. + The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflict. To resolve the conflict, make one of these components use a different username. Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component). We recommend that you change the username for the newly-added (and yet unused) component. @@ -32,7 +32,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_slack_login_shared_secret', 'new': ''} - {'old': 'matrix_mautrix_slack_bridge_login_shared_secret_map', 'new': ''} diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 index 5c02dd946..30ea0b349 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Displayname template for Slack users. Available variables: @@ -20,7 +20,7 @@ network: # .Profile.Pronouns - The pronouns of the user # .Profile.Email - The email address of the user # .Profile.Phone - The formatted phone number of the user - displayname_template: '{% raw %}{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}{% endraw %}' + displayname_template: {{ matrix_mautrix_slack_network_displayname_template | to_json }} # Channel name template for Slack channels (all types). Available variables: # .Name - The name of the channel # .Team.Name - The name of the team the channel is in @@ -113,12 +113,12 @@ bridge: relay: # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any # authenticated user into a relaybot for that chat. - enabled: false + enabled: {{ matrix_mautrix_slack_bridge_relay_enabled | to_json }} # Should only admins be allowed to set themselves as relay users? # If true, non-admins can only set users listed in default_relays as relays in a room. - admin_only: true + admin_only: {{ matrix_mautrix_slack_bridge_relay_admin_only | to_json }} # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. - default_relays: [] + default_relays: {{ matrix_mautrix_slack_bridge_relay_default_relays | to_json }} # The formats to use when sending messages via the relaybot. # Available variables: # .Sender.UserID - The Matrix user ID of the sender. @@ -197,7 +197,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_slack_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -371,6 +371,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: false + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_slack_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 index 563ff2552..ff2357791 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Slack bridge {% for service in matrix_mautrix_slack_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index f941b7c59..5d19bab12 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -41,7 +41,7 @@ matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_tele matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram -matrix_mautrix_telegram_version: v0.15.2 +matrix_mautrix_telegram_version: v0.15.3 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_registry_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else matrix_mautrix_telegram_docker_image_registry_prefix_upstream }}" @@ -79,11 +79,16 @@ matrix_mautrix_telegram_public_endpoint: "{{ matrix_mautrix_telegram_path_prefix matrix_mautrix_telegram_homeserver_address: "" matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_telegram_homeserver_async_media: false matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' matrix_mautrix_telegram_appservice_public_external: '{{ matrix_mautrix_telegram_scheme }}://{{ matrix_mautrix_telegram_hostname }}{{ matrix_mautrix_telegram_public_endpoint }}' matrix_mautrix_telegram_appservice_bot_username: telegrambot +matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + # Specifies the default log level for all bridge loggers. matrix_mautrix_telegram_logging_level: WARNING @@ -228,17 +233,19 @@ matrix_mautrix_telegram_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' + regex: '^@{{ matrix_mautrix_telegram_username_template | replace('{userid}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' - exclusive: true regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' aliases: - exclusive: true - regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' + regex: '^#{{ matrix_mautrix_telegram_alias_template | replace('{groupname}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} url: {{ matrix_mautrix_telegram_appservice_address }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_telegram_msc4190_enabled | to_json }} matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index f45cd306f..2b9113199 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -49,8 +49,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_telegram_base_path }}", when: true} - {path: "{{ matrix_mautrix_telegram_config_path }}", when: true} @@ -77,7 +77,7 @@ dest: "{{ matrix_mautrix_telegram_lottieconverter_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_telegram_lottieconverter_git_pull_results when: "matrix_mautrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool" @@ -100,7 +100,7 @@ dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_telegram_git_pull_results when: "matrix_mautrix_telegram_container_image_self_build | bool" @@ -144,24 +144,24 @@ content: "{{ matrix_mautrix_telegram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-telegram registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_telegram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-telegram support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_telegram_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml index 20bad5816..3a234223d 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_telegram_hostname', when: true} - {'name': 'matrix_mautrix_telegram_path_prefix', when: true} @@ -30,7 +30,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': ''} - {'old': 'matrix_mautrix_telegram_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'} diff --git a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 6cbd30130..f0b52729d 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. @@ -21,7 +21,7 @@ homeserver: message_send_checkpoint_endpoint: null # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_mautrix_telegram_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -269,6 +269,11 @@ bridge: default: {{ matrix_mautrix_telegram_bridge_encryption_default|to_json }} # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. appservice: false + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_telegram_msc4190_enabled | to_json }} # Require encryption, drop any unencrypted messages. require: false # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. diff --git a/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index ce59de6af..951343147 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Telegram bridge {% for service in matrix_mautrix_telegram_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 84613f754..a7b055f1b 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter -matrix_mautrix_twitter_version: v0.3.0 +matrix_mautrix_twitter_version: v0.5.0 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}" @@ -36,12 +36,22 @@ matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data" matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src" matrix_mautrix_twitter_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_twitter_homeserver_async_media: false matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' +matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + # A public address that external services can use to reach this appservice. matrix_mautrix_twitter_appservice_public_address: '' +# Displayname template for Twitter users. +# {{ .DisplayName }} is replaced with the display name of the Twitter user. +# {{ .Username }} is replaced with the username of the Twitter user. +matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)" + matrix_mautrix_twitter_bridge_command_prefix: "!tw" matrix_mautrix_twitter_bridge_permissions: | @@ -196,6 +206,7 @@ matrix_mautrix_twitter_registration_yaml: | rate_limited: false de.sorunome.msc2409.push_ephemeral: true receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }} matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 4e5b1d149..ccadf7ef2 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -30,8 +30,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_twitter_base_path }}", when: true} - {path: "{{ matrix_mautrix_twitter_config_path }}", when: true} @@ -46,7 +46,7 @@ dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_twitter_git_pull_results when: "matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_container_image_self_build" @@ -66,24 +66,24 @@ content: "{{ matrix_mautrix_twitter_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-twitter registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_twitter_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-twitter support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_twitter_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml index 0a30cd1d7..94623c041 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml @@ -11,7 +11,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_twitter_appservice_token', when: true} - {'name': 'matrix_mautrix_twitter_homeserver_address', when: true} @@ -26,7 +26,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_twitter_login_shared_secret', 'new': ''} - {'old': 'matrix_mautrix_twitter_appservice_database', 'new': 'matrix_mautrix_twitter_database_uri'} diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 1a0b474f4..146043cbd 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Proxy to use for all Twitter connections. @@ -11,7 +11,7 @@ network: # {{ .DisplayName }} is replaced with the display name of the Twitter user. # {{ .Username }} is replaced with the username of the Twitter user. # {% endraw %} - displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)" + displayname_template: {{ matrix_mautrix_twitter_network_displayname_template | to_json }} # Maximum number of conversations to sync on startup conversation_sync_limit: 20 @@ -164,7 +164,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_twitter_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -199,7 +199,7 @@ appservice: username: {{ matrix_mautrix_twitter_appservice_bot_username | to_json }} # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - displayname: {{ matrix_mautrix_twitter_appservice_bot_displayname | to_json }} + displayname: {{ matrix_mautrix_twitter_appservice_bot_displayname | to_json(ensure_ascii=False) }} avatar: {{ matrix_mautrix_twitter_appservice_bot_avatar | to_json }} # Whether to receive ephemeral events via appservice transactions. @@ -212,7 +212,8 @@ appservice: # Whether to use MSC4190 instead of appservice login to create the bridge bot device. # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). - msc4190: false + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }} # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: {{ matrix_mautrix_twitter_appservice_token | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index c044cc616..eeccc209b 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Twitter bridge {% for service in matrix_mautrix_twitter_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index b461573b6..1d9609c08 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp -matrix_mautrix_whatsapp_version: v0.11.4 +matrix_mautrix_whatsapp_version: v0.12.4 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" @@ -44,8 +44,13 @@ matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_ matrix_mautrix_whatsapp_homeserver_address: "" matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_whatsapp_homeserver_async_media: false matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" +matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" + matrix_mautrix_whatsapp_extev_polls: false matrix_mautrix_whatsapp_command_prefix: "!wa" @@ -159,6 +164,13 @@ matrix_mautrix_whatsapp_double_puppet_secrets: "{{ matrix_mautrix_whatsapp_doubl matrix_mautrix_whatsapp_double_puppet_secrets_auto: {} matrix_mautrix_whatsapp_double_puppet_secrets_custom: {} +# Displayname template for WhatsApp users. +# {{.PushName}} - nickname set by the WhatsApp user +# {{.BusinessName}} - validated WhatsApp business name +# {{.Phone}} - phone number (international format) +# {{.FullName}} - Name you set in the contacts list +matrix_mautrix_whatsapp_network_displayname_template: '{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}' + # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" @@ -224,10 +236,12 @@ matrix_mautrix_whatsapp_registration_yaml: | rate_limited: false namespaces: users: - - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain | regex_escape }}$' + - regex: '^@whatsapp_.*:{{ matrix_mautrix_whatsapp_homeserver_domain | regex_escape }}$' exclusive: true - exclusive: true regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true + io.element.msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled | to_json }} matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index ecafc5a32..7f85bc379 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -50,8 +50,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true} - {path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true} @@ -78,7 +78,7 @@ version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mautrix_whatsapp_git_pull_results when: "matrix_mautrix_whatsapp_container_image_self_build | bool" @@ -132,24 +132,24 @@ content: "{{ matrix_mautrix_whatsapp_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-whatsapp registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_whatsapp_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-whatsapp support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_whatsapp_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index a1f7605f3..ca5ef9458 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -12,7 +12,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mautrix_whatsapp_appservice_token', when: true} - {'name': 'matrix_mautrix_whatsapp_homeserver_address', when: true} @@ -24,7 +24,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mautrix_whatsapp_log_level', 'new': 'matrix_mautrix_whatsapp_logging_level'} - {'old': 'matrix_mautrix_whatsapp_login_shared_secret', 'new': ''} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 832234832..e7187abd4 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Network-specific config options network: # Device name that's shown in the "WhatsApp Web" section in the mobile app. @@ -22,7 +22,7 @@ network: # {{.Phone}} - phone number (international format) # {{.FullName}} - Name you set in the contacts list # {% endraw %} - displayname_template: "{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}" + displayname_template: {{ matrix_mautrix_whatsapp_network_displayname_template | to_json }} # Should incoming calls send a message to the Matrix room? call_start_notices: true @@ -255,7 +255,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_whatsapp_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, @@ -445,6 +445,11 @@ encryption: # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. appservice: false + # Whether to use MSC4190 instead of appservice login to create the bridge bot device. + # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. + # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). + # Changing this option requires updating the appservice registration file. + msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled | to_json }} # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index fe77ca34d..4fe10a546 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix Whatsapp bridge {% for service in matrix_mautrix_whatsapp_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml index 9685df0e0..80c03a097 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -26,8 +26,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - path: "{{ matrix_mautrix_wsproxy_base_path }}" when: true @@ -38,8 +38,8 @@ src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mautrix_wsproxy_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - syncproxy-env - wsproxy-labels @@ -63,8 +63,8 @@ path: "{{ item }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - "{{ matrix_mautrix_wsproxy_base_path }}" - "{{ matrix_mautrix_wsproxy_config_path }}" @@ -79,24 +79,24 @@ content: "{{ matrix_mautrix_wsproxy_configuration | to_nice_yaml }}" dest: "{{ matrix_mautrix_wsproxy_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-androidsms registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_androidsms_registration | to_nice_yaml }}" dest: "{{ matrix_mautrix_wsproxy_config_path }}/androidsms-registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-imessage registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_imessage_registration | to_nice_yaml }}" dest: "{{ matrix_mautrix_wsproxy_config_path }}/imessage-registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mautrix-wsproxy container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 index c46d7b6f9..c88d92517 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix wsproxy syncproxy {% for service in matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 index ab71702ea..f49beae40 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mautrix wsproxy bridge {% for service in matrix_mautrix_wsproxy_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index 5cda2b0f4..196052d59 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -139,5 +139,6 @@ matrix_mx_puppet_discord_registration_yaml: | sender_localpart: _discordpuppet_bot url: {{ matrix_mx_puppet_discord_appservice_address }} de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index af1717a0f..d98a2628d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mx_puppet_discord_base_path }}", when: true} - {path: "{{ matrix_mx_puppet_discord_config_path }}", when: true} @@ -91,7 +91,7 @@ force: "yes" version: "{{ matrix_mx_puppet_discord_container_image_self_build_version }}" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mx_puppet_discord_git_pull_results when: "matrix_mx_puppet_discord_enabled | bool and matrix_mx_puppet_discord_container_image_self_build" @@ -112,16 +112,16 @@ content: "{{ matrix_mx_puppet_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-discord discord-registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mx_puppet_discord_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-discord container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml index d343fbba6..ba90eb314 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mx_puppet_discord_appservice_token', when: true} - {'name': 'matrix_mx_puppet_discord_homeserver_address', when: true} @@ -21,6 +21,6 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mx_puppet_discord_docker_image_name_prefix', 'new': 'matrix_mx_puppet_discord_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 index 3db538127..2a1046417 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True bridge: # Port to host the bridge on # Used for communication between the homeserver and the bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 6d75a9332..200712092 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mx Puppet Discord bridge {% for service in matrix_mx_puppet_discord_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml index a4d7570ef..5a58f5be9 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -133,5 +133,6 @@ matrix_mx_puppet_groupme_registration_yaml: | sender_localpart: _groupmepuppet_bot url: {{ matrix_mx_puppet_groupme_appservice_address }} de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 5e09ca887..746471321 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -15,8 +15,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true} - {path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true} @@ -91,7 +91,7 @@ dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mx_puppet_groupme_git_pull_results when: "matrix_mx_puppet_groupme_enabled | bool and matrix_mx_puppet_groupme_container_image_self_build" @@ -112,16 +112,16 @@ content: "{{ matrix_mx_puppet_groupme_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-groupme groupme-registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mx_puppet_groupme_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-groupme container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml index 8d195daff..b1647db23 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mx_puppet_groupme_appservice_token', when: true} - {'name': 'matrix_mx_puppet_groupme_homeserver_address', when: true} @@ -21,6 +21,6 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mx_puppet_groupme_docker_image_name_prefix', 'new': 'matrix_mx_puppet_groupme_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 index c3237513d..eddc714e3 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True bridge: # Port to host the bridge on # Used for communication between the homeserver and the bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index 9f4483c6a..68fb27490 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mx Puppet Groupme bridge {% for service in matrix_mx_puppet_groupme_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 14568af1a..72ccc00d9 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -127,5 +127,6 @@ matrix_mx_puppet_instagram_registration_yaml: | sender_localpart: _instagrampuppet_bot url: {{ matrix_mx_puppet_instagram_appservice_address }} de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 1846ede1f..fbed97693 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -55,8 +55,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true} - {path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true} @@ -71,7 +71,7 @@ dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mx_puppet_instagram_git_pull_results when: "matrix_mx_puppet_instagram_enabled | bool and matrix_mx_puppet_instagram_container_image_self_build | bool" @@ -92,16 +92,16 @@ content: "{{ matrix_mx_puppet_instagram_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-instagram-registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mx_puppet_instagram_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-instagram container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml index 13a9fbf7d..2afd623f4 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml @@ -9,7 +9,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mx_puppet_instagram_appservice_token', when: true} - {'name': 'matrix_mx_puppet_instagram_homeserver_address', when: true} @@ -21,6 +21,6 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mx_puppet_instagram_docker_image_name_prefix', 'new': 'matrix_mx_puppet_instagram_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 index 2e15c5b0c..80c94dd7f 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True bridge: # Port to host the bridge on # Used for communication between the homeserver and the bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 0efca1941..847d10ccf 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mx Puppet Instagram bridge {% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml index 338eb3691..e073b5089 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -179,5 +179,6 @@ matrix_mx_puppet_slack_registration_yaml: | sender_localpart: _slackpuppet_bot url: {{ matrix_mx_puppet_slack_appservice_address }} de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 55e0cdecf..c817d293c 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -11,8 +11,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mx_puppet_slack_base_path }}", when: true} - {path: "{{ matrix_mx_puppet_slack_config_path }}", when: true} @@ -80,7 +80,7 @@ force: "yes" version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build" @@ -108,24 +108,24 @@ content: "{{ matrix_mx_puppet_slack_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-slack slack-registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mx_puppet_slack_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-slack support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mx_puppet_slack_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml index 8ede9eed3..ffe171fd4 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mx_puppet_slack_hostname', when: true} - {'name': 'matrix_mx_puppet_slack_path_prefix', when: true} @@ -25,7 +25,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mx_puppet_slack_redirect_path', 'new': 'matrix_mx_puppet_slack_oauth_redirect_path, but setting matrix_mx_puppet_slack_path_prefix is better'} - {'old': 'matrix_mx_puppet_slack_redirect_uri', 'new': '- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mx_puppet_steam_appservice_token', when: true} - {'name': 'matrix_mx_puppet_steam_homeserver_address', when: true} @@ -21,6 +21,6 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mx_puppet_steam_docker_image_name_prefix', 'new': 'matrix_mx_puppet_steam_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 index c2d089f7f..3819698ca 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True bridge: # Port to host the bridge on # Used for communication between the homeserver and the bridge diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index dd235a4e3..2a376ccef 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Mx Puppet Steam bridge {% for service in matrix_mx_puppet_steam_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index c556cda4a..9f14f1272 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -179,5 +179,6 @@ matrix_mx_puppet_twitter_registration_yaml: | sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}" url: {{ matrix_mx_puppet_twitter_appservice_address }} de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 2f6a7807e..137d358c0 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true} - {path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true} @@ -92,7 +92,7 @@ dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_mx_puppet_twitter_git_pull_results when: "matrix_mx_puppet_twitter_enabled | bool and matrix_mx_puppet_twitter_container_image_self_build" @@ -113,24 +113,24 @@ content: "{{ matrix_mx_puppet_twitter_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-twitter twitter-registration.yaml installed ansible.builtin.copy: content: "{{ matrix_mx_puppet_twitter_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure mx-puppet-twitter support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_mx_puppet_twitter_base_path }}/{{ item }}" mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - labels diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml index 84e2c1c76..286305106 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_mx_puppet_twitter_hostname', when: true} - {'name': 'matrix_mx_puppet_twitter_path_prefix', when: true} @@ -25,7 +25,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_mx_puppet_twitter_webhook_path', 'new': '- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_postmoogle_password', when: true} - {'name': 'matrix_postmoogle_container_network', when: true} @@ -21,6 +21,6 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_postmoogle_docker_image_name_prefix', 'new': 'matrix_postmoogle_docker_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-postmoogle/templates/systemd/matrix-postmoogle.service.j2 b/roles/custom/matrix-bridge-postmoogle/templates/systemd/matrix-postmoogle.service.j2 index 5d730184e..38ce1b6ba 100644 --- a/roles/custom/matrix-bridge-postmoogle/templates/systemd/matrix-postmoogle.service.j2 +++ b/roles/custom/matrix-bridge-postmoogle/templates/systemd/matrix-postmoogle.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Postmoogle bridge {% for service in matrix_postmoogle_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml index 992d8b936..8d9eac2d1 100644 --- a/roles/custom/matrix-bridge-sms/defaults/main.yml +++ b/roles/custom/matrix-bridge-sms/defaults/main.yml @@ -67,7 +67,7 @@ matrix_sms_bridge_provider_android_truststore_password: '' matrix_sms_bridge_configuration_yaml: | - #jinja2: lstrip_blocks: "True" + #jinja2: lstrip_blocks: True # Database connection matrix: diff --git a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml index a46bc21dc..46be38205 100644 --- a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml @@ -24,8 +24,8 @@ path: "{{ item }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - "{{ matrix_sms_bridge_base_path }}" - "{{ matrix_sms_bridge_config_path }}" @@ -36,24 +36,24 @@ content: "{{ matrix_sms_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/application.yml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-sms-bridge registration.yaml installed ansible.builtin.copy: content: "{{ matrix_sms_bridge_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure android-sms-gateway-server cert installed ansible.builtin.copy: src: "{{ matrix_sms_bridge_provider_android_truststore_local_path }}" dest: "{{ matrix_sms_bridge_config_path }}/matrix-sms-gateway-server.p12" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" when: matrix_sms_bridge_provider_android_truststore_local_path != "" - name: Ensure matrix-sms-bridge container network is created diff --git a/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 49af8b715..1a3fe2ef1 100644 --- a/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix sms bridge {% for service in matrix_sms_bridge_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-wechat/defaults/main.yml b/roles/custom/matrix-bridge-wechat/defaults/main.yml index 907f959ba..cd0e660b6 100644 --- a/roles/custom/matrix-bridge-wechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-wechat/defaults/main.yml @@ -47,6 +47,9 @@ matrix_wechat_agent_container_src_files_path: "{{ matrix_wechat_base_path }}/age matrix_wechat_homeserver_address: "" matrix_wechat_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_wechat_homeserver_async_media: false matrix_wechat_appservice_address: 'http://matrix-wechat:8080' matrix_wechat_container_network: "" @@ -150,6 +153,7 @@ matrix_wechat_registration_yaml: | - exclusive: true regex: '^@{{ matrix_wechat_appservice_bot_username | regex_escape }}:{{ matrix_wechat_homeserver_domain | regex_escape }}$' de.sorunome.msc2409.push_ephemeral: true + receive_ephemeral: true matrix_wechat_registration: "{{ matrix_wechat_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-wechat/tasks/install.yml b/roles/custom/matrix-bridge-wechat/tasks/install.yml index 607ca780b..d0bfbbace 100644 --- a/roles/custom/matrix-bridge-wechat/tasks/install.yml +++ b/roles/custom/matrix-bridge-wechat/tasks/install.yml @@ -10,8 +10,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_wechat_base_path }}", when: true} - {path: "{{ matrix_wechat_config_path }}", when: true} @@ -41,7 +41,7 @@ version: "{{ matrix_wechat_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_wechat_git_pull_results - name: Ensure WeChat Bridge container image is built @@ -76,7 +76,7 @@ version: "{{ matrix_wechat_agent_container_image_self_build_branch }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_wechat_agent_git_pull_results - name: Ensure WeChat Agent container image is built @@ -95,24 +95,24 @@ content: "{{ matrix_wechat_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_wechat_config_path }}/config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure WeChat registration.yaml installed ansible.builtin.copy: content: "{{ matrix_wechat_registration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_wechat_config_path }}/registration.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Wechat Agent configuration installed ansible.builtin.copy: content: "{{ matrix_wechat_agent_configuration | to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_wechat_config_path }}/agent-config.yaml" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-wechat container network is created community.general.docker_network: diff --git a/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml index c74f26390..324cb8e1a 100644 --- a/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-wechat/tasks/validate_config.yml @@ -8,7 +8,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_wechat_appservice_token', when: true} - {'name': 'matrix_wechat_homeserver_address', when: true} @@ -26,7 +26,7 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_wechat_container_image_name_prefix', 'new': 'matrix_wechat_container_image_registry_prefix'} - {'old': 'matrix_wechat_agent_container_image_name_prefix', 'new': 'matrix_wechat_agent_container_image_registry_prefix'} diff --git a/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 b/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 index e81583a11..86330ed48 100644 --- a/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. @@ -16,7 +16,7 @@ homeserver: # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_wechat_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 index dc8d348da..9f9a195c2 100644 --- a/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 +++ b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat-agent.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix WeChat Agent {% for service in matrix_wechat_systemd_required_services_list %} diff --git a/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 index 193042a66..4c9deb056 100644 --- a/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 +++ b/roles/custom/matrix-bridge-wechat/templates/systemd/matrix-wechat.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix WeChat Bridge {% for service in matrix_wechat_systemd_required_services_list %} diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml index b753a6c24..dd03d0d4d 100644 --- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml @@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas matrix_cactus_comments_client_public_path_file_permissions: "0644" # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_cactus_comments_client_version: 2.36.1 +matrix_cactus_comments_client_version: 2.38.0 matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}" diff --git a/roles/custom/matrix-cactus-comments-client/tasks/install.yml b/roles/custom/matrix-cactus-comments-client/tasks/install.yml index 6a86df4ce..f068fa8d3 100644 --- a/roles/custom/matrix-cactus-comments-client/tasks/install.yml +++ b/roles/custom/matrix-cactus-comments-client/tasks/install.yml @@ -10,8 +10,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_cactus_comments_client_base_path }}", when: true} - {path: "{{ matrix_cactus_comments_client_public_path }}", when: true} @@ -21,8 +21,8 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0644 with_items: - src: "{{ role_path }}/templates/env.j2" @@ -38,15 +38,15 @@ url: "{{ matrix_cactus_comments_client_webclient_js_url }}" dest: "{{ matrix_cactus_comments_client_public_path }}/cactus.js" mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Download web client css ansible.builtin.get_url: url: "{{ matrix_cactus_comments_client_webclient_css_url }}" dest: "{{ matrix_cactus_comments_client_public_path }}/style.css" mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - when: matrix_cactus_comments_client_local_dir | length > 0 block: @@ -55,15 +55,15 @@ src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js" dest: "{{ matrix_cactus_comments_client_public_path }}/cactus.js" mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Upload locally distributed client CSS ansible.builtin.copy: src: "{{ matrix_cactus_comments_client_local_dir }}/src/style.css" dest: "{{ matrix_cactus_comments_client_public_path }}/style.css" mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure matrix-cactus-comments-client container image is pulled community.docker.docker_image: diff --git a/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 b/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 index 6e49e6fad..726c66c5b 100755 --- a/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 +++ b/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=matrix-cactus-comments-client server {% for service in matrix_cactus_comments_client_systemd_required_services_list %} diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml index 5e6219746..f68b6dff2 100644 --- a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml +++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml @@ -11,28 +11,28 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_cactus_comments_base_path }}", when: true} - {path: "{{ matrix_cactus_comments_container_tmp_path }}", when: true} - - {path: "{{ matrix_cactus_comments_docker_src_files_path }}", when: matrix_cactus_comments_container_image_self_build} + - {path: "{{ matrix_cactus_comments_docker_src_files_path }}", when: "{{ matrix_cactus_comments_container_image_self_build }}"} when: "item.when | bool" - name: Ensure matrix-cactus-comments environment file created ansible.builtin.template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_cactus_comments_app_service_env_file }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 - name: Ensure matrix-cactus-comments appservice file created ansible.builtin.template: src: "{{ role_path }}/templates/cactus_appservice.yaml.j2" dest: "{{ matrix_cactus_comments_app_service_config_file }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" mode: 0640 - name: Ensure matrix-cactus-comments image is pulled @@ -54,7 +54,7 @@ dest: "{{ matrix_cactus_comments_docker_src_files_path }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_cactus_comments_git_pull_results when: "matrix_cactus_comments_container_image_self_build | bool" diff --git a/roles/custom/matrix-cactus-comments/tasks/validate_config.yml b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml index 125b4b858..71ae8f935 100644 --- a/roles/custom/matrix-cactus-comments/tasks/validate_config.yml +++ b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml @@ -11,7 +11,7 @@ msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_bot_cactus_comments_systemd_required_services_list', 'new': 'matrix_cactus_comments_systemd_required_services_list'} - {'old': 'matrix_bot_cactus_comments_systemd_wanted_services_list', 'new': 'matrix_cactus_comments_systemd_wanted_services_list'} diff --git a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 index 64220e310..1178c002f 100644 --- a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 +++ b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Cactus Comments {% for service in matrix_cactus_comments_systemd_required_services_list %} diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 0974ffa92..a6d45b4c1 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v4.6.0 +matrix_client_cinny_version: v4.10.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}" matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}" @@ -159,6 +159,9 @@ matrix_client_cinny_self_check_validate_certificates: true # See `matrix_client_cinny_config_homeserverList`. matrix_client_cinny_default_hs_url: "" +# Controls whether the Cinny access log is enabled +matrix_client_cinny_access_log_enabled: true + # Controls the `defaultHomeserver` value in the `config.json` file. matrix_client_cinny_config_defaultHomeserver: 0 # noqa var-naming @@ -188,7 +191,7 @@ matrix_client_cinny_config_featuredCommunities_openAsDefault: false # noqa var- # # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. # This is unlike what it does when looking up YAML template files (no automatic parsing there). -matrix_client_cinny_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}" +matrix_client_cinny_configuration_default: "{{ lookup('template', 'templates/config.json.j2', convert_data=False) | from_json }}" # Your custom JSON configuration for Cinny should go to `matrix_client_cinny_configuration_extension_json`. # This configuration extends the default starting configuration (`matrix_client_cinny_configuration_default`). diff --git a/roles/custom/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml index 228aa0614..80bff534c 100644 --- a/roles/custom/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml @@ -13,8 +13,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_client_cinny_data_path }}", when: true} - {path: "{{ matrix_client_cinny_docker_src_files_path }}", when: "{{ matrix_client_cinny_container_image_self_build }}"} @@ -39,7 +39,7 @@ version: "{{ matrix_client_cinny_docker_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_client_cinny_git_pull_results when: "matrix_client_cinny_container_image_self_build | bool" @@ -48,16 +48,16 @@ content: "{{ matrix_client_cinny_configuration | to_nice_json }}" dest: "{{ matrix_client_cinny_data_path }}/config.json" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Cinny additional config files installed ansible.builtin.template: src: "{{ item.src }}" dest: "{{ matrix_client_cinny_data_path }}/{{ item.name }}" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/labels.j2", name: "labels"} diff --git a/roles/custom/matrix-client-cinny/tasks/validate_config.yml b/roles/custom/matrix-client-cinny/tasks/validate_config.yml index b3e324a38..fee52fe3c 100644 --- a/roles/custom/matrix-client-cinny/tasks/validate_config.yml +++ b/roles/custom/matrix-client-cinny/tasks/validate_config.yml @@ -8,7 +8,7 @@ ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) to use Cinny. - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_client_cinny_default_hs_url', when: true} - {'name': 'matrix_client_cinny_container_network', when: true} @@ -18,7 +18,7 @@ ansible.builtin.fail: msg: >- The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_client_cinny_container_image_name_prefix', 'new': 'matrix_client_cinny_container_image_registry_prefix'} diff --git a/roles/custom/matrix-client-cinny/templates/nginx.conf.j2 b/roles/custom/matrix-client-cinny/templates/nginx.conf.j2 index 2b70f32d2..a8cc8da68 100644 --- a/roles/custom/matrix-client-cinny/templates/nginx.conf.j2 +++ b/roles/custom/matrix-client-cinny/templates/nginx.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True # This is a custom nginx configuration file that we use in the container (instead of the default one), # because it allows us to run nginx with a non-root user. # @@ -32,10 +32,14 @@ http { default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + {% if matrix_client_cinny_access_log_enabled %} access_log /var/log/nginx/access.log main; + {% else %} + access_log off; + {% endif %} sendfile on; #tcp_nopush on; diff --git a/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index 6aac5e9c3..0275ee8c7 100644 --- a/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Cinny Client {% for service in matrix_client_cinny_systemd_required_services_list %} diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index fa32f286d..05d7beb90 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=ghcr.io/element-hq/element-web -matrix_client_element_version: v1.11.97 +matrix_client_element_version: v1.11.110 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}" @@ -186,6 +186,7 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" matrix_client_element_permalink_prefix: "https://matrix.to" # noqa var-naming +matrix_client_element_mobile_guide_app_variant: "element" matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) @@ -320,7 +321,7 @@ matrix_client_element_setting_defaults_custom_themes: [] # noqa var-naming # # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. # This is unlike what it does when looking up YAML template files (no automatic parsing there). -matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}" +matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2', convert_data=False) | from_json }}" # Your custom JSON configuration for Element Web should go to `matrix_client_element_configuration_extension_json`. # This configuration extends the default starting configuration (`matrix_client_element_configuration_default`). @@ -358,7 +359,7 @@ matrix_client_element_location_sharing_enabled: false # # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. # This is unlike what it does when looking up YAML template files (no automatic parsing there). -matrix_client_element_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}" +matrix_client_element_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2', convert_data=False) | from_json }}" # Your custom JSON configuration for Element location sharing map style should go to `matrix_client_element_location_sharing_map_style_extension_json`. # This configuration extends the default starting configuration (`matrix_client_element_location_sharing_map_style_default`). diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml index 10a8b61ae..a226f5b8a 100644 --- a/roles/custom/matrix-client-element/tasks/setup_install.yml +++ b/roles/custom/matrix-client-element/tasks/setup_install.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {path: "{{ matrix_client_element_data_path }}", when: true} - {path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}"} @@ -42,7 +42,7 @@ version: "{{ matrix_client_element_docker_image.split(':')[1] }}" force: "yes" become: true - become_user: "{{ matrix_user_username }}" + become_user: "{{ matrix_user_name }}" register: matrix_client_element_git_pull_results when: "matrix_client_element_container_image_self_build | bool" @@ -75,8 +75,8 @@ content: "{{ matrix_client_element_configuration | to_nice_json }}" dest: "{{ matrix_client_element_data_path }}/config.json" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Element location sharing map style installed when: matrix_client_element_location_sharing_enabled | bool @@ -84,16 +84,16 @@ content: "{{ matrix_client_element_location_sharing_map_style | to_nice_json }}" dest: "{{ matrix_client_element_data_path }}/map_style.json" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" - name: Ensure Element Web config files installed ansible.builtin.template: src: "{{ item.src }}" dest: "{{ matrix_client_element_data_path }}/{{ item.name }}" mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" + owner: "{{ matrix_user_name }}" + group: "{{ matrix_group_name }}" with_items: - {src: "{{ role_path }}/templates/labels.j2", name: "labels"} - {src: "{{ role_path }}/templates/env.j2", name: "env"} diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 7ff71cc2f..ad44193d0 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -10,7 +10,7 @@ ansible.builtin.fail: msg: > You need to define a required configuration setting (`{{ item }}`) for using Element Web. - when: "item.when | bool and vars[item.name] == ''" + when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" with_items: - {'name': 'matrix_client_element_default_hs_url', when: true} - {'name': 'matrix_client_element_container_network', when: true} @@ -29,18 +29,16 @@ msg: >- Riot has been renamed to Element (https://element.io/blog/welcome-to-element/). The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names. - Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). + Please rename these variable (`matrix_riot_web_*` -> `matrix_client_element_*`) on your configuration file (vars.yml): {{ lookup('ansible.builtin.varnames', '^matrix_riot_web_.+', wantlist=True) | join(', ') }} Also note that DNS configuration changes may be necessary. - when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict" - with_items: - - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'} + when: "lookup('ansible.builtin.varnames', '^matrix_riot_web_.+', wantlist=True) | length > 0" - name: (Deprecation) Catch and report renamed element-web settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). - when: "item.old in vars" + when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" with_items: - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} @@ -59,7 +57,7 @@ ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + when: "lookup('vars', item, default='') | string | length == 0" with_items: - matrix_client_element_container_labels_traefik_hostname - matrix_client_element_container_labels_traefik_path_prefix diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 7516abe48..4a2ec1c5f 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -11,6 +11,7 @@ "setting_defaults": { "custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }} }, + "mobile_guide_app_variant": {{ matrix_client_element_mobile_guide_app_variant | string | to_json }}, "default_theme": {{ matrix_client_element_default_theme | string | to_json }}, "default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, "permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }}, diff --git a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index 9a1475b49..0af097112 100644 --- a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True [Unit] Description=Matrix Element Web server {% for service in matrix_client_element_systemd_required_services_list %} @@ -34,7 +34,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --tmpfs=/var/cache/nginx:rw,mode=777 \ --tmpfs=/var/run:rw,mode=777 \ --tmpfs=/tmp/element-web-config:rw,mode=777 \ - --tmpfs=/etc/nginx/conf.d:rw,mode=777 \ + --tmpfs=/etc/nginx/conf.d:rw,mode=777,uid={{ matrix_user_uid }} \ --mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \ --mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \ {% if matrix_client_element_location_sharing_enabled %} diff --git a/roles/custom/matrix-client-element/templates/welcome.html.j2 b/roles/custom/matrix-client-element/templates/welcome.html.j2 index f25ac6812..d505e2fa2 100644 --- a/roles/custom/matrix-client-element/templates/welcome.html.j2 +++ b/roles/custom/matrix-client-element/templates/welcome.html.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True