Merge branch 'master'

CHANGELOG.md

@@ -1,3 +1,20 @@
+# 2023-07-24
+
+## matrix-registration-bot usage changed
+
+[matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and now supports password-only-based login. Therefore the bot now doesn't need any manual configuration except setting a password in your `vars.yml`. The bot will be registered as admin and access tokens will be obtained automatically by the bot.
+
+**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings
+
+* `matrix_bot_matrix_registration_bot_bot_access_token`
+* `matrix_bot_matrix_registration_bot_api_token`
+
+# 2023-07-21
+
+## mautrix-gmessages support
+
+Thanks to [Shreyas Ajjarapu](https://github.com/shreyasajj)'s efforts, the playbook now supports bridging to [Google Messages](https://messages.google.com/) via the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge. See our [Setting up Mautrix Google Messages bridging](docs/configuring-playbook-bridge-mautrix-gmessages.md) documentation page for getting started.
+
 # 2023-07-17
 
 ## matrix-media-repo support

README.md

@@ -103,6 +103,7 @@ Bridges can be used to connect your matrix installation with third-party communi
 | [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
 | [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) |
 | [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
+| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge for bridging your Matrix server to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) |
 | [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
 | [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
 | [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |

docs/configuring-playbook-bot-matrix-registration-bot.md

@@ -2,40 +2,30 @@
 
 The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.
 
-The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server,
-where you invite someone by sending them a registration token. They can register as normal but have to provide a valid
-registration token in a final step  of the registration.
+The bot allows you to easily **create and manage registration tokens** aka. invitation codes.
+It can be used for an invitation-based server,
+where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration.
 
 See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
 does and why it might be useful to you.
 
 
-## Registering the bot user
+## Configuration
 
-By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`.
+To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
 
-(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).
-
-For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
-
-```
-ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
-```
-
-Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
-
-## Obtaining an admin access token
-
-In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
-
-## Adjusting the playbook configuration
-
-Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+For `matrix_bot_matrix_registration_bot_api_token`you need an access token with the permission to access the admin api. Access to the API is needed for all restricted actions of the bot (list, create etc..). Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
 
 ```yaml
 matrix_bot_matrix_registration_bot_enabled: true
-# Token obtained via logging into the bot account (see above)
-matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE"
+
+#By default, the playbook will set use the bot with a username like 
+## this: `@bot.matrix-registration-bot:DOMAIN`.
+# To use a different username, uncomment & adjust the variable.
+# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot
+
+# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
+matrix_bot_matrix_registration_bot_password: PASSWORD_FOR_THE_BOT
 
 # Enables registration
 matrix_synapse_enable_registration: true
@@ -44,6 +34,7 @@ matrix_synapse_enable_registration: true
 matrix_synapse_registration_requires_token: true
 ```
 
+The bot account will be automatically created.
 
 ## Installing
 
@@ -56,10 +47,16 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 
 ## Usage
 
-To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain).
+To use the bot, message `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain).
 
 In this room send `help` and the bot will reply with all options.
 
 You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
 If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md)
 or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
+
+To clean the cache (session&encryption data) after you changed the bot's username, changed the login methon form access_token to password etc.. you can use
+
+```bash
+just run-tags bot-matrix-registration-bot-clean-cache
+```

docs/configuring-playbook-bridge-mautrix-gmessages.md

@@ -0,0 +1,38 @@
+# Setting up Mautrix gmessages (optional)
+
+The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you, for bridging to [Google Messages](https://messages.google.com/).
+
+See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you.
+
+Use the following playbook configuration:
+
+```yaml
+matrix_mautrix_gmessages_enabled: true
+```
+
+## Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
+
+### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+### Method 2: manually, by asking each user to provide a working access token
+
+**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
+
+When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
+
+- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
+
+- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
+
+- make sure you don't log out the `Mautrix-gmessages` device some time in the future, as that would break the Double Puppeting feature
+
+
+## Usage
+
+You then need to start a chat with `@gmessagesbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

docs/configuring-playbook-mautrix-bridges.md

@@ -32,14 +32,18 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
       '@YOUR_USERNAME:{{ matrix_domain }}': admin
 ```
 
+## encryption
+
 Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
 
 **for all bridges with encryption support**:
+
 ```yaml
 matrix_bridges_encryption_enabled: true
 ```
 
 **Alternatively**, for a specific bridge:
+
 ```yaml
 matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
   bridge:
@@ -48,6 +52,24 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
       default: true
 ```
 
+## relay mode
+
+Relay mode is off by default. If you would like to enable relay mode, add the following to your `vars.yml` file:
+
+**for all bridges with relay mode support**:
+
+```yaml
+matrix_bridges_relay_enabled: true
+```
+
+**Alternatively**, for a specific bridge:
+
+```yaml
+matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
+  bridge:
+    relay:
+      enabled: true
+```
 
 You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this:
 

docs/configuring-playbook.md

@@ -114,6 +114,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md) (optional)
 
+- [Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md) (optional)
+
 - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
 
 - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional)

docs/container-images.md

@@ -46,6 +46,8 @@ These services are not part of our default installation, but can be enabled by [
 
 - [mautrix/telegram](https://mau.dev/mautrix/telegram/container_registry) - the [mautrix-telegram](https://github.com/mautrix/telegram) bridge to [Telegram](https://telegram.org/) (optional)
 
+- [mautrix/gmessages](https://mau.dev/mautrix/gmessages/container_registry) - the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge to [Google Messages](https://messages.google.com/) (optional)
+
 - [mautrix/whatsapp](https://mau.dev/mautrix/whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
 
 - [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)

docs/self-building.md

@@ -32,6 +32,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `matrix-bridge-mautrix-googlechat`
 - `matrix-bridge-mautrix-telegram`
 - `matrix-bridge-mautrix-signal`
+- `matrix-bridge-mautrix-gmessages`
 - `matrix-bridge-mautrix-whatsapp`
 - `matrix-bridge-mx-puppet-steam`
 - `matrix-bot-mjolnir`

group_vars/matrix_servers

@@ -101,6 +101,8 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
     +
+    (['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else [])
+    +
     (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
@@ -158,6 +160,8 @@ matrix_homeserver_app_service_config_files_auto: |
     +
     (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
     +
+    (['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else [])
+    +
     (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
     +
     (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
@@ -270,6 +274,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
     +
+    ([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else [])
+    +
     ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
     +
     ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
@@ -1153,6 +1159,51 @@ matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_ge
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bridge-mautrix-gmessages
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_gmessages_enabled: false
+
+matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+matrix_mautrix_gmessages_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.as.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
+# - `matrix_mautrix_gmessages_metrics_enabled`
+# - `matrix_mautrix_gmessages_proxying_metrics_enabled`
+# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
+matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled }}"
+
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-gmessages
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bridge-mautrix-whatsapp
@@ -1182,10 +1233,10 @@ matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge
 matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 # People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
-# - `matrix_mautrix_twitter_metrics_enabled`
-# - `matrix_mautrix_twitter_proxying_metrics_enabled`
+# - `matrix_mautrix_whatsapp_metrics_enabled`
+# - `matrix_mautrix_whatsapp_proxying_metrics_enabled`
 # - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
-matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled }}"
+matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled }}"
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
@@ -3016,6 +3067,12 @@ devture_postgres_managed_databases_auto: |
       'password': matrix_mautrix_twitter_database_password,
     }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else [])
     +
+    ([{
+      'name': matrix_mautrix_gmessages_database_name,
+      'username': matrix_mautrix_gmessages_database_username,
+      'password': matrix_mautrix_gmessages_database_password,
+    }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else [])
+    +
     ([{
       'name': matrix_mautrix_whatsapp_database_name,
       'username': matrix_mautrix_whatsapp_database_username,
@@ -4066,6 +4123,12 @@ matrix_conduit_systemd_required_services_list: |
 
 matrix_user_creator_users_auto: |
   {{
+    ([{
+      'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
+      'initial_password': matrix_bot_matrix_registration_bot_bot_password,
+      'initial_type': 'admin',
+    }] if matrix_bot_matrix_registration_bot_enabled else [])
+    +
     ([{
       'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
       'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,

requirements.yml

@@ -47,7 +47,7 @@
 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
   version: v1.6.0-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
-  version: v0.13.1-0
+  version: v0.13.2-0
   name: prometheus_postgres_exporter
 - src: git+https://gitlab.com/etke.cc/roles/redis.git
   version: v7.0.10-0

roles/custom/matrix-base/defaults/main.yml

@@ -16,6 +16,9 @@ matrix_admin: ''
 # Global var to enable/disable encryption across all bridges with encryption support
 matrix_bridges_encryption_enabled: false
 
+# Global var to enable/disable relay mode across all bridges with relay mode support
+matrix_bridges_relay_enabled: false
+
 # matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
 #
 # Unless you're wrapping this playbook in another one

roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri
 matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
 matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
 
-matrix_bot_matrix_registration_bot_version: latest
-matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}"
+matrix_bot_matrix_registration_bot_version: 1.3.0
+matrix_bot_matrix_registration_bot_docker_iteration: 0
+matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}"
+matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
 matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
 
 matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
@@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration
 matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
 matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
 
-# The access token that the bot uses to communicate in Matrix chats
-# This does not necessarily need to be a privileged (admin) access token.
-matrix_bot_matrix_registration_bot_bot_access_token: ''
 
-# The access token that the bot uses to call the Matrix API for creating registration tokens.
-# This needs to be a privileged (admin) access token.
-# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is.
-# If necessary, you can define your own other access token here, which might even be for a different Matrix user.
-matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}"
+# The bot's password (can also be used to login via a client like element)
+matrix_bot_matrix_registration_bot_bot_password: ''
+
+# Optional variable that only needs to be set if the bot account is not admin
+# Needs to be a valid access token of an admin account
+matrix_bot_matrix_registration_bot_api_token: ''
+
+matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy"
 
 matrix_bot_matrix_registration_bot_logging_level: info
 matrix_bot_matrix_registration_environment_variables_extension: ''

roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Delete cache files
+  ansible.builtin.file:
+    state: "{{ item }}"
+    path: "{{ matrix_bot_matrix_registration_bot_data_path }}"
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - absent
+    - directory

roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml

@@ -18,3 +18,9 @@
   block:
     - when: not matrix_bot_matrix_registration_bot_enabled | bool
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+
+- tags:
+    - bot-matrix-registration-bot-clean-cache
+  block:
+    - when: matrix_bot_matrix_registration_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml"

roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml

@@ -9,7 +9,7 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
-    - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
+    - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
     - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
   when: "item.when | bool"
 

roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml

@@ -5,6 +5,13 @@
     msg: >-
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_matrix_registration_bot_bot_password"
+
+- name: (Deprecation) Catch and report old settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot.
+  when: "item in vars"
   with_items:
     - "matrix_bot_matrix_registration_bot_bot_access_token"
-    - "matrix_bot_matrix_registration_bot_api_token"

roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2

@@ -1,12 +1,16 @@
 bot:
   server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
   username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
-  access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
+  password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
+
 api:
   # API endpoint of the registration tokens
   base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
   # Access token of an administrator on the server
+{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %}
   token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
+{% endif %}
+
 logging:
   level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}
 

roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml

@@ -110,6 +110,8 @@ matrix_appservice_kakaotalk_login_shared_secret: ''
 
 matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}"
 
+matrix_appservice_kakaotalk_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
+
 matrix_appservice_kakaotalk_bridge_permissions: |
   {{
     {matrix_appservice_kakaotalk_homeserver_domain: 'user'}

roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2

@@ -220,7 +220,7 @@ bridge:
     relay:
         # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any
         # authenticated user into a relaybot for that chat.
-        enabled: false
+        enabled: {{ matrix_appservice_kakaotalk_bridge_relay_enabled }}
         # The formats to use when sending messages to KakaoTalk via a relay user.
         #
         # Available variables:

roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -103,6 +103,9 @@ matrix_mautrix_facebook_login_shared_secret: ''
 
 matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}"
 
+# Enable bridge relay bot functionality
+matrix_mautrix_facebook_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
+
 matrix_mautrix_facebook_appservice_bot_username: facebookbot
 
 matrix_mautrix_facebook_bridge_presence: true

roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -206,7 +206,7 @@ bridge:
     relay:
         # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
         # authenticated user into a relaybot for that chat.
-        enabled: false
+        enabled: {{ matrix_mautrix_facebook_relay_enabled }}
         # The formats to use when sending messages to Messenger via a relay user.
         #
         # Available variables:

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -0,0 +1,151 @@
+---
+# mautrix-gmessages is a Matrix <-> gmessages bridge
+# Project source code URL: https://github.com/mautrix/gmessages
+
+matrix_mautrix_gmessages_enabled: true
+
+matrix_mautrix_gmessages_container_image_self_build: false
+matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git"
+matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
+
+matrix_mautrix_gmessages_version: latest
+# See: https://mau.dev/mautrix/gmessages/container_registry
+matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
+matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}"
+matrix_mautrix_gmessages_docker_image_force_pull: "{{ matrix_mautrix_gmessages_docker_image.endswith(':latest') }}"
+
+matrix_mautrix_gmessages_base_path: "{{ matrix_base_data_path }}/mautrix-gmessages"
+matrix_mautrix_gmessages_config_path: "{{ matrix_mautrix_gmessages_base_path }}/config"
+matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/data"
+matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src"
+
+matrix_mautrix_gmessages_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
+matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
+
+matrix_mautrix_gmessages_command_prefix: "!gm"
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_gmessages_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-gmessages.service depends on.
+matrix_mautrix_gmessages_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-gmessages.service wants
+matrix_mautrix_gmessages_systemd_wanted_services_list: []
+
+matrix_mautrix_gmessages_appservice_token: ''
+matrix_mautrix_gmessages_homeserver_token: ''
+
+matrix_mautrix_gmessages_appservice_bot_username: gmessagesbot
+
+# Minimum severity of journal log messages.
+# Options: debug, info, warn, error, fatal
+matrix_mautrix_gmessages_logging_level: 'warn'
+
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_gmessages_federate_rooms: true
+
+# Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_gmessages_metrics_proxying_enabled`.
+matrix_mautrix_gmessages_metrics_enabled: false
+
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-gmessages`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_gmessages_metrics_proxying_enabled: false
+
+# Database-related configuration fields.
+#
+# To use SQLite, stick to these defaults.
+#
+# To use Postgres:
+# - change the engine (`matrix_mautrix_gmessages_database_engine: 'postgres'`)
+# - adjust your database credentials via the `matrix_mautrix_gmessages_database_*` variables
+matrix_mautrix_gmessages_database_engine: 'sqlite'
+
+matrix_mautrix_gmessages_sqlite_database_path_local: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
+matrix_mautrix_gmessages_sqlite_database_path_in_container: "/data/mautrix-gmessages.db"
+
+matrix_mautrix_gmessages_database_username: 'matrix_mautrix_gmessages'
+matrix_mautrix_gmessages_database_password: 'some-password'
+matrix_mautrix_gmessages_database_hostname: ''
+matrix_mautrix_gmessages_database_port: 5432
+matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages'
+
+matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode=disable'
+
+matrix_mautrix_gmessages_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3',
+		'postgres':'postgres',
+	}[matrix_mautrix_gmessages_database_engine]
+}}"
+
+matrix_mautrix_gmessages_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_gmessages_database_connection_string,
+	}[matrix_mautrix_gmessages_database_engine]
+}}"
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mautrix_gmessages_login_shared_secret: ''
+matrix_mautrix_gmessages_bridge_login_shared_secret_map:
+  "{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
+matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
+
+matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
+matrix_mautrix_gmessages_bridge_mute_bridging: true
+
+matrix_mautrix_gmessages_bridge_permissions: |
+  {{
+    {matrix_mautrix_gmessages_homeserver_domain: 'user'}
+    | combine({matrix_admin: 'admin'} if matrix_admin else {})
+  }}
+
+# Default mautrix-gmessages configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mautrix_gmessages_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mautrix_gmessages_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mautrix_gmessages_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mautrix_gmessages_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mautrix_gmessages_configuration_yaml`.
+
+matrix_mautrix_gmessages_configuration_extension: "{{ matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml if matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_gmessages_configuration_yaml`.
+matrix_mautrix_gmessages_configuration: "{{ matrix_mautrix_gmessages_configuration_yaml | from_yaml | combine(matrix_mautrix_gmessages_configuration_extension, recursive=True) }}"
+
+matrix_mautrix_gmessages_registration_yaml: |
+  id: gmessages
+  url: {{ matrix_mautrix_gmessages_appservice_address }}
+  as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
+  hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
+  # See https://github.com/mautrix/signal/issues/43
+  sender_localpart: _bot_{{ matrix_mautrix_gmessages_appservice_bot_username }}
+  rate_limited: false
+  namespaces:
+      users:
+      - regex: '^@gmessages_.+:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
+        exclusive: true
+      - exclusive: true
+        regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
+  de.sorunome.msc2409.push_ephemeral: true
+
+matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}"

roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml

@@ -0,0 +1,35 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append mautrix-gmessages-metrics's reverse-proxying configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role had already executed.
+      To fix this, please change the order of roles in your playbook,
+      so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-gmessages role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- when: matrix_mautrix_gmessages_metrics_proxying_enabled | bool
+  block:
+    - name: Generate mautrix-gmessages metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages)
+      ansible.builtin.set_fact:
+        matrix_mautrix_gmessages_nginx_metrics_configuration_block: |
+          location /metrics/mautrix-gmessages {
+            {% if matrix_nginx_proxy_enabled | default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-mautrix-gmessages:8001";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+            {% endif %}
+          }
+
+    - name: Register mautrix-gmessages metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages)
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+            +
+            [matrix_mautrix_gmessages_nginx_metrics_configuration_block]
+          }}

roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- tags:
+    - setup-all
+    - setup-nginx-proxy
+    - install-all
+    - install-nginx-proxy
+  block:
+    - when: matrix_mautrix_gmessages_enabled | bool and matrix_mautrix_gmessages_metrics_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+
+- tags:
+    - setup-all
+    - setup-mautrix-gmessages
+    - install-all
+    - install-mautrix-gmessages
+  block:
+    - when: matrix_mautrix_gmessages_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_mautrix_gmessages_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+    - setup-all
+    - setup-mautrix-gmessages
+  block:
+    - when: not matrix_mautrix_gmessages_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml

@@ -0,0 +1,140 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_mautrix_gmessages_requires_restart: false
+
+- when: "matrix_mautrix_gmessages_database_engine == 'postgres'"
+  block:
+    - name: Check if an SQLite database already exists
+      ansible.builtin.stat:
+        path: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
+      register: matrix_mautrix_gmessages_sqlite_database_path_local_stat_result
+
+    - when: "matrix_mautrix_gmessages_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
+        - ansible.builtin.include_role:
+            name: galaxy/com.devture.ansible.role.postgres
+            tasks_from: migrate_db_to_postgres
+          vars:
+            devture_postgres_db_migration_request:
+              src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
+              dst: "{{ matrix_mautrix_gmessages_database_connection_string }}"
+              caller: "{{ role_path | basename }}"
+              engine_variable_name: 'matrix_mautrix_gmessages_database_engine'
+              engine_old: 'sqlite'
+              systemd_services_to_stop: ['matrix-mautrix-gmessages.service']
+              pgloader_options: ['--with "quote identifiers"']
+
+        - ansible.builtin.set_fact:
+            matrix_mautrix_gmessages_requires_restart: true
+
+- name: Ensure Mautrix gmessages paths exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_mautrix_gmessages_base_path }}", when: true}
+    - {path: "{{ matrix_mautrix_gmessages_config_path }}", when: true}
+    - {path: "{{ matrix_mautrix_gmessages_data_path }}", when: true}
+    - {path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}", when: "{{ matrix_mautrix_gmessages_container_image_self_build }}"}
+  when: item.when | bool
+
+- name: Ensure Mautrix gmessages image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_mautrix_gmessages_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_gmessages_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_docker_image_force_pull }}"
+  when: not matrix_mautrix_gmessages_container_image_self_build
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure Mautrix gmessages repository is present on self-build
+  ansible.builtin.git:
+    repo: "{{ matrix_mautrix_gmessages_container_image_self_build_repo }}"
+    dest: "{{ matrix_mautrix_gmessages_docker_src_files_path }}"
+    version: "{{ matrix_mautrix_gmessages_container_image_self_build_branch }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
+  register: matrix_mautrix_gmessages_git_pull_results
+  when: "matrix_mautrix_gmessages_container_image_self_build | bool"
+
+- name: Ensure Mautrix gmessages Docker image is built
+  community.docker.docker_image:
+    name: "{{ matrix_mautrix_gmessages_docker_image }}"
+    source: build
+    force_source: "{{ matrix_mautrix_gmessages_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}"
+      pull: true
+  when: "matrix_mautrix_gmessages_container_image_self_build | bool"
+
+- name: Check if an old database file exists
+  ansible.builtin.stat:
+    path: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db"
+  register: matrix_mautrix_gmessages_stat_database
+
+- name: Check if an old matrix state file exists
+  ansible.builtin.stat:
+    path: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json"
+  register: matrix_mautrix_gmessages_stat_mx_state
+
+- name: (Data relocation) Ensure matrix-mautrix-gmessages.service is stopped
+  ansible.builtin.service:
+    name: matrix-mautrix-gmessages
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  failed_when: false
+  when: "matrix_mautrix_gmessages_stat_database.stat.exists"
+
+- name: (Data relocation) Move mautrix-gmessages database file to ./data directory
+  ansible.builtin.command:
+    cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db {{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
+    creates: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
+    removes: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db"
+  when: "matrix_mautrix_gmessages_stat_database.stat.exists"
+
+- name: (Data relocation) Move mautrix-gmessages mx-state file to ./data directory
+  ansible.builtin.command:
+    cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mx-state.json {{ matrix_mautrix_gmessages_data_path }}/mx-state.json"
+    creates: "{{ matrix_mautrix_gmessages_data_path }}/mx-state.json"
+    removes: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json"
+  when: "matrix_mautrix_gmessages_stat_mx_state.stat.exists"
+
+- name: Ensure mautrix-gmessages config.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_mautrix_gmessages_configuration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_mautrix_gmessages_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mautrix-gmessages registration.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_mautrix_gmessages_registration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_mautrix_gmessages_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mautrix-gmessages.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-gmessages.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
+    mode: 0644
+
+- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary
+  ansible.builtin.service:
+    name: "matrix-mautrix-gmessages.service"
+    state: restarted
+    daemon_reload: true
+  when: "matrix_mautrix_gmessages_requires_restart | bool"

roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Check existence of matrix-mautrix-gmessages service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
+  register: matrix_mautrix_gmessages_service_stat
+
+- when: matrix_mautrix_gmessages_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-mautrix-gmessages is stopped
+      ansible.builtin.service:
+        name: matrix-mautrix-gmessages
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-mautrix-gmessages.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
+        state: absent

roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Fail if required mautrix-gmessages settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
+  with_items:
+    - {'name': 'matrix_mautrix_gmessages_appservice_token', when: true}
+    - {'name': 'matrix_mautrix_gmessages_homeserver_token', when: true}
+    - {'name': 'matrix_mautrix_gmessages_database_hostname', when: "{{ matrix_mautrix_gmessages_database_engine == 'postgres' }}"}
+
+- name: (Deprecation) Catch and report renamed settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'}

roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2

@@ -0,0 +1,292 @@
+#jinja2: lstrip_blocks: "True"
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    address: {{ matrix_mautrix_gmessages_homeserver_address }}
+    # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+    domain: {{ matrix_mautrix_gmessages_homeserver_domain }}
+
+    # What software is the homeserver running?
+    # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+    software: standard
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint: null
+    # Endpoint for reporting per-message status.
+    message_send_checkpoint_endpoint: null
+    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+    async_media: false
+
+    # Should the bridge use a websocket for connecting to the homeserver?
+    # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+    # mautrix-asmux (deprecated), and hungryserv (proprietary).
+    websocket: false
+    # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+    ping_interval_seconds: 0
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration.
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    address: {{ matrix_mautrix_gmessages_appservice_address }}
+
+    # The hostname and port where this appservice should listen.
+    hostname: 0.0.0.0
+    port: 8080
+
+    # Database config.
+    database:
+        # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+        type: postgres
+        # The database URI.
+        #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+        #           https://github.com/mattn/go-sqlite3#connection-string
+        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+        #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+        uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
+        # Maximum number of connections. Mostly relevant for Postgres.
+        max_open_conns: 20
+        max_idle_conns: 2
+        # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+        # Parsed with https://pkg.go.dev/time#ParseDuration
+        max_conn_idle_time: null
+        max_conn_lifetime: null
+
+    # The unique ID of this appservice.
+    id: gmessages
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: {{ matrix_mautrix_gmessages_appservice_bot_username|to_json }}
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: Google Messages bridge bot
+        avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb
+
+    # Whether or not to receive ephemeral events via appservice transactions.
+    # Requires MSC2409 support (i.e. Synapse 1.22+).
+    ephemeral_events: true
+
+    # Should incoming events be handled asynchronously?
+    # This may be necessary for large public instances with lots of messages going through.
+    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+    async_transactions: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
+    hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
+
+# Segment API key to track some events, like provisioning API login and encryption errors.
+segment_key: null
+# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
+segment_user_id: null
+
+# Prometheus config.
+metrics:
+    # Enable prometheus metrics?
+    enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }}
+    # IP and port where the metrics listener should be. The path is always /metrics
+    listen: 127.0.0.1:8001
+
+google_messages:
+    # OS name to tell the phone. This is the name that shows up in the paired devices list.
+    os: mautrix-gmessages
+    # Browser type to tell the phone. This decides which icon is shown.
+    # Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
+    browser: OTHER
+
+    # Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
+    # If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge.
+    aggressive_reconnect: false
+
+# Bridge config
+bridge:
+    # Localpart template of MXIDs for SMS users.
+    # {{ '{{.}}' }} is replaced with an identifier of the recipient.
+    username_template: "{{ 'gmessages_{{.}}' }}"
+    # Displayname template for SMS users.
+    # {{ '{{.FullName}}' }} - Full name provided by the phone
+    # {{ '{{.FirstName}}' }} - First name provided by the phone
+    # {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone
+    displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}"
+    # Should the bridge create a space for each logged-in user and add bridged rooms to it?
+    personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
+    # Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone?
+    delivery_receipts: false
+    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+    message_status_events: false
+    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+    message_error_notices: true
+
+    portal_message_buffer: 128
+
+    # Should the bridge update the m.direct account data event when double puppeting is enabled.
+    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+    # and is therefore prone to race conditions.
+    sync_direct_chat_list: false
+    # Number of chats to sync when connecting to Google Messages.
+    initial_chat_sync_count: 25
+    # Backfill settings
+    backfill:
+        # Number of messages to backfill in new chats.
+        initial_limit: 50
+        # Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message.
+        missed_limit: 100
+
+    # Servers to always allow double puppeting from
+    double_puppet_server_map:
+        "{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }}
+    # Allow using double puppeting from any server with a valid client .well-known file.
+    double_puppet_allow_discovery: false
+    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+    #
+    # If set, double puppeting will be enabled automatically for local users
+    # instead of users having to find an access token and run `login-matrix`
+    # manually.
+    login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }}
+
+    # Whether to explicitly set the avatar and room name for private chat portal rooms.
+    # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+    # If set to `always`, all DM rooms will have explicit names and avatars set.
+    # If set to `never`, DM rooms will never have names and avatars set.
+    private_chat_portal_meta: default
+    # Should Matrix m.notice-type messages be bridged?
+    bridge_notices: true
+    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+    # This field will automatically be changed back to false after it, except if the config file is not writable.
+    resend_bridge_info: false
+    # When using double puppeting, should muted chats be muted in Matrix?
+    mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }}
+    # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
+    # This can be set to a tag (e.g. m.lowpriority), or null to disable.
+    archive_tag: null
+    # Same as above, but for pinned chats. The favorite tag is called m.favourite
+    pinned_tag: null
+    # Should mute status and tags only be bridged when the portal room is created?
+    tag_only_on_create: true
+    # Whether or not created rooms should have federation enabled.
+    # If false, created portal rooms will never be federated.
+    federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }}
+    # Should the bridge never send alerts to the bridge management room?
+    # These are mostly things like the user being logged out.
+    disable_bridge_alerts: false
+    # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
+    # This is currently not supported in most clients.
+    caption_in_message: false
+
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: "!gm"
+
+    # Messages sent upon joining a management room.
+    # Markdown is supported. The defaults are listed below.
+    management_room_text:
+        # Sent when joining a room.
+        welcome: "Hello, I'm a Google Messages bridge bot."
+        # Sent when joining a management room and the user is already logged in.
+        welcome_connected: "Use `help` for help."
+        # Sent when joining a management room and the user is not logged in.
+        welcome_unconnected: "Use `help` for help or `login` to log in."
+        # Optional extra text sent when joining a management room.
+        additional_help: ""
+
+    # End-to-bridge encryption support options.
+    #
+    # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+    encryption:
+        # Allow encryption, work in group chat rooms with e2ee enabled
+        allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }}
+        # Default to encryption, force-enable encryption in all portals the bridge creates
+        # This will cause the bridge bot to be in private chats for the encryption to work properly.
+        default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }}
+        # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+        appservice: false
+        # Require encryption, drop any unencrypted messages.
+        require: false
+        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+        # You must use a client that supports requesting keys from other users to use this feature.
+        allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }}
+        # Options for deleting megolm sessions from the bridge.
+        delete_keys:
+            # Beeper-specific: delete outbound sessions when hungryserv confirms
+            # that the user has uploaded the key to key backup.
+            delete_outbound_on_ack: false
+            # Don't store outbound sessions in the inbound table.
+            dont_store_outbound: false
+            # Ratchet megolm sessions forward after decrypting messages.
+            ratchet_on_decrypt: false
+            # Delete fully used keys (index >= max_messages) after decrypting messages.
+            delete_fully_used_on_decrypt: false
+            # Delete previous megolm sessions from same device when receiving a new one.
+            delete_prev_on_new_session: false
+            # Delete megolm sessions received from a device when the device is deleted.
+            delete_on_device_delete: false
+            # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+            periodically_delete_expired: false
+            # Delete inbound megolm sessions that don't have the received_at field used for
+            # automatic ratcheting and expired session deletion. This is meant as a migration
+            # to delete old keys prior to the bridge update.
+            delete_outdated_inbound: false
+        # What level of device verification should be required from users?
+        #
+        # Valid levels:
+        #   unverified - Send keys to all device in the room.
+        #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+        #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+        #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+        #                           Note that creating user signatures from the bridge bot is not currently possible.
+        #   verified - Require manual per-device verification
+        #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+        verification_levels:
+            # Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix.
+            receive: unverified
+            # Minimum level that the bridge should accept for incoming Matrix messages.
+            send: unverified
+            # Minimum level that the bridge should require for accepting key requests.
+            share: cross-signed-tofu
+        # Options for Megolm room key rotation. These options allow you to
+        # configure the m.room.encryption event content. See:
+        # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+        # more information about that event.
+        rotation:
+            # Enable custom Megolm room key rotation settings. Note that these
+            # settings will only apply to rooms created after this option is
+            # set.
+            enable_custom: false
+            # The maximum number of milliseconds a session should be used
+            # before changing it. The Matrix spec recommends 604800000 (a week)
+            # as the default.
+            milliseconds: 604800000
+            # The maximum number of messages that should be sent with a given a
+            # session before changing it. The Matrix spec recommends 100 as the
+            # default.
+            messages: 100
+
+            # Disable rotating keys when a user's devices change?
+            # You should not enable this option unless you understand all the implications.
+            disable_device_change_key_rotation: false
+
+    # Settings for provisioning API
+    provisioning:
+        # Prefix for the provisioning API paths.
+        prefix: /_matrix/provision
+        # Shared secret for authentication. If set to "generate", a random secret will be generated,
+        # or if set to "disable", the provisioning API will be disabled.
+        shared_secret: generate
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #     user - Access to use the bridge to link their own Google Messages on android.
+    #    admin - User level and some additional administration tools
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
+
+# Logging config. See https://github.com/tulir/zeroconfig for details.
+logging:
+    min_level: {{ matrix_mautrix_gmessages_logging_level }}
+    writers:
+        - type: stdout
+          format: pretty-colored

roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2

@@ -0,0 +1,43 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Mautrix gmessages bridge
+{% for service in matrix_mautrix_gmessages_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mautrix_gmessages_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-gmessages \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-v {{ matrix_mautrix_gmessages_config_path }}:/config:z \
+			-v {{ matrix_mautrix_gmessages_data_path }}:/data:z \
+			--workdir=/data \
+			{% for arg in matrix_mautrix_gmessages_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_mautrix_gmessages_docker_image }} \
+			/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-mautrix-gmessages
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -83,6 +83,9 @@ matrix_mautrix_instagram_login_shared_secret: ''
 
 matrix_mautrix_instagram_bridge_login_shared_secret_map: "{{ {matrix_mautrix_instagram_homeserver_domain: matrix_mautrix_instagram_login_shared_secret} if matrix_mautrix_instagram_login_shared_secret else {} }}"
 
+# Enable bridge relay bot functionality
+matrix_mautrix_instagram_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
+
 matrix_mautrix_instagram_appservice_bot_username: instagrambot
 
 matrix_mautrix_instagram_bridge_presence: true

roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2

@@ -196,6 +196,23 @@ bridge:
     # The shared secret to authorize users of the API.
     # Set to "generate" to generate and save a new token.
     shared_secret: generate
+  relay:
+    # Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any
+    # authenticated user into a relaybot for that chat.
+    enabled: {{ matrix_mautrix_instagram_relay_enabled }}
+    # The formats to use when sending messages to Instagram via a relay user.
+    #
+    # Available variables:
+    #   $sender_displayname - The display name of the sender (e.g. Example User)
+    #   $sender_username    - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
+    #   $sender_mxid        - The Matrix ID of the sender (e.g. @exampleuser:example.com)
+    #   $message            - The message content
+    #
+    # Note that Instagram doesn't support captions for images, so images won't include any indication of being relayed.
+    message_formats:
+      m.text: '$sender_displayname: $message'
+      m.notice: '$sender_displayname: $message'
+      m.emote: '* $sender_displayname $message'
 
 # Python logging configuration.
 #

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -104,7 +104,7 @@ matrix_mautrix_signal_appservice_database: "{{
 matrix_mautrix_signal_login_shared_secret: ''
 
 # Enable bridge relay bot functionality
-matrix_mautrix_signal_relaybot_enabled: false
+matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}"
 
 # Permissions for using the bridge.
 # Permitted values:

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -113,7 +113,7 @@ matrix_mautrix_whatsapp_bridge_permissions: |
   }}
 
 # Enable bridge relay functionality
-matrix_mautrix_whatsapp_bridge_relay_enabled: false
+matrix_mautrix_whatsapp_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
 
 # Only allow admins on this home server to set themselves as a relay user
 matrix_mautrix_whatsapp_bridge_relay_admin_only: true

setup.yml

@@ -59,6 +59,7 @@
     - custom/matrix-bridge-mautrix-instagram
     - custom/matrix-bridge-mautrix-signal
     - custom/matrix-bridge-mautrix-telegram
+    - custom/matrix-bridge-mautrix-gmessages
     - custom/matrix-bridge-mautrix-whatsapp
     - custom/matrix-bridge-mautrix-discord
     - custom/matrix-bridge-mautrix-slack