ansol
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git
7
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into conduit

This commit is contained in:
Slavi Pantaleev 2022-08-09 10:46:03 +03:00 committed by GitHub
parent e74560c6ef 20775fbe30
commit 04f224e634
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
559 changed files with 10081 additions and 4434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.config/ansible-lint.yml Normal file
View File

@ -0,0 +1,13 @@
---
use_default_rules: true
skip_list:
- unnamed-task
- no-handler
- no-jinja-nesting
- schema
- command-instead-of-shell
- role-name
offline: false

16
.github/workflows/matrix.yml vendored
View File

@ -7,10 +7,18 @@ on: # yamllint disable-line rule:truthy
jobs:
yamllint:
name: 🧹 yamllint
name: yamllint
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out configuration from GitHub
- name: Check out
uses: actions/checkout@v3
- name: 🚀 Run yamllint
uses: frenck/action-yamllint@v1.1.2
- name: Run yamllint
uses: frenck/action-yamllint@v1.2.0
ansible-lint:
name: ansible-lint
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v3
- name: Run ansible-lint
uses: ansible-community/ansible-lint-action@main

197
CHANGELOG.md
View File

@ -1,3 +1,200 @@
# 2022-07-29
## mautrix-discord support
Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started.
**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases).
# 2022-07-27
## matrix-appservice-kakaotalk support
The playbook now supports bridging to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) via [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) - a bridge based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. Thanks to [hnarjis](https://github.com/hnarjis) for helping us add support for this!
See our [Setting up Appservice Kakaotalk bridging](docs/configuring-playbook-bridge-appservice-kakaotalk.md) documentation to get started.
# 2022-07-20
## maubot support
Thanks to [Stuart Mumford (@Cadair)](https://github.com/cadair) for starting ([PR #373](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/373) and [PR #622](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/622)) and to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s) for finishing up (in [PR #1894](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894)), the playbook can now help you set up [maubot](https://github.com/maubot/maubot) - a plugin-based Matrix bot system.
See our [Setting up maubot](docs/configuring-playbook-bot-maubot.md) documentation to get started.
# 2022-07-14
## mx-puppet-skype removal
The playbook no longer includes the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge, because it has been broken and unmaintaned for a long time. Users that have `matrix_mx_puppet_skype_enabled` in their configuration files will encounter an error when running the playbook until they remove references to this bridge from their configuration.
To completely clean up your server from `mx-puppet-skype`'s presence on it:
- ensure your Ansible configuration (`vars.yml` file) no longer contains `matrix_mx_puppet_skype_*` references
- stop and disable the systemd service (run `systemctl disable --now matrix-mx-puppet-skype` on the server)
- delete the systemd service (run `rm /etc/systemd/system/matrix-mx-puppet-skype.service` on the server)
- delete `/matrix/mx-puppet-skype` (run `rm -rf /matrix/mx-puppet-skype` on the server)
- drop the `matrix_mx_puppet_skype` database (run `/usr/local/bin/matrix-postgres-cli` on the server, and execute the `DROP DATABASE matrix_mx_puppet_skype;` query there)
If you still need bridging to [Skype](https://www.skype.com/), consider switching to [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) instead. See [Setting up Go Skype Bridge bridging](docs/configuring-playbook-bridge-go-skype-bridge.md).
If you think this is a mistake and `mx-puppet-skype` works for you (or you get it to work somehow), let us know and we may reconsider this removal.
## signald (0.19.0+) upgrade requires data migration
In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`.
Back in the [`v0.19.0` released of signald](https://gitlab.com/signald/signald/-/blob/main/releases/0.19.0.md) (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem).
If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded.
We attempt to do this data migration automatically every time Signald starts (`matrix-mautrix-signal-daemon.service`) using a `ExecStartPre` systemd unit definition.
Keep an eye on your Signal bridge and let us know (in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921)) if you experience any trouble!
# 2022-07-05
## Ntfy push notifications support
Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you.
See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started.
# 2022-06-23
## (Potential Backward Compatibility Break) Changes around metrics collection
**TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below.
**Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all).
**The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that:
1. **Metrics may not be enabled by default anymore**:
- If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network.
- **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below.
2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation.
3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`.
**If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`.
**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`.
**If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that:
1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them.
2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation
3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics`
4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`).
**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now.
# 2022-06-13
## go-skype-bridge bridging support
Thanks to [CyberShadow](https://github.com/CyberShadow), the playbook can now install the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) bridge for bridging Matrix to [Skype](https://www.skype.com/).
See our [Setting up Go Skype Bridge](docs/configuring-playbook-bridge-go-skype-bridge.md) documentation to get started.
The playbook has supported [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridging (see [Setting up MX Puppet Skype bridging](docs/configuring-playbook-bridge-mx-puppet-skype.md)) since [2020-04-09](#2020-04-09), but `mx-puppet-skype` is reportedly broken.
# 2022-06-09
## Running Ansible in a container can now happen on the Matrix server itself
If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself).
# 2022-05-31
## Synapse v1.60 upgrade may cause trouble and require manual intervention
Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted.
We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky.
**If Synapse fails to start** after your next playbook run, you'll need to:
- SSH into the Matrix server
- launch `/usr/local/bin/matrix-postgres-cli`
- switch to the `synapse` database: `\c synapse`
- run the following SQL query:
```sql
BEGIN;
DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN (
SELECT row_id, state_group, prev_state_group
FROM (
SELECT
ctid AS row_id,
MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id,
state_group,
prev_state_group
FROM state_group_edges
) AS t1
WHERE row_id <> min_row_id
);
COMMIT;
```
You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
# 2022-04-25
## buscarron bot support
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [the Buscarron bot](https://gitlab.com/etke.cc/buscarron). It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room
See our [Setting up Buscarron](docs/configuring-playbook-bot-buscarron.md) documentation to get started.
# 2022-04-21
## matrix-registration-bot support
Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server.
See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started.
# 2022-04-19
## Borg backup support
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [Borg](https://www.borgbackup.org/) backups with [borgmatic](https://torsion.org/borgmatic/) of your Matrix server.
See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) documentation to get started.
## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action
If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading:
> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs.
If you're not running an `appservice` worker (`matrix_synapse_workers_preset: little-federation-helper` or `matrix_synapse_workers_appservice_workers_count: 0`), you are probably safe to upgrade as per normal, without taking any special care.
If you are running a setup with an `appservice` worker, or otherwise want to be on the safe side, we recommend the following upgrade path:
0. Pull the latest playbook changes
1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
2. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`)
3. Start Postgres (`systemctl start matrix-postgres` on the server)
4. Start the main Synapse process (`systemctl start matrix-synapse` on the server)
5. Wait a while so that Synapse can start and complete the database migrations. You can use `journalctl -fu matrix-synapse` on the server to get a clue. Waiting a few minutes should also be enough.
6. It should now be safe to start all other services. `ansible-playbook -i inventory/hosts setup.yml --tags=start` will do it for you
# 2022-04-14
## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action

7
Makefile Normal file
View File

@ -0,0 +1,7 @@
.PHONY: lint
help: ## Show this help.
@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
lint: ## Runs ansible-lint against all roles in the playbook
ansible-lint

14
README.md
View File

@ -47,6 +47,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation
- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/)
@ -79,7 +81,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation
- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation
- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation
- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
@ -89,7 +91,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
@ -103,6 +105,10 @@ Using this playbook, you can get the following services configured on your serve
- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation
- (optional) [maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation
- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
@ -117,12 +123,16 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation
- (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation
- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation
Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.

4
docs/alternative-architectures.md
View File

@ -2,7 +2,7 @@
As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
To that end add the following variable to your `vars.yaml` file:
To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)):
```yaml
matrix_architecture: <your-matrix-server-architecture>
@ -13,7 +13,7 @@ Currently supported architectures are the following:
- `arm64`
- `arm32`
so for the Raspberry Pi, the following should be in your `vars.yaml` file:
so for the Raspberry Pi, the following should be in your `vars.yml` file:
```yaml
matrix_architecture: "arm32"

53
docs/ansible.md
View File

@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff
- by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`).
If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path.
@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting
## Using Ansible via Docker
Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
Here's a sample command to get you started (run this from the playbook's directory):
This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook.
There are 2 ways to go about it:
- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself)
- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)
### Running Ansible in a container on the Matrix server itself
To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:
- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around
Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).
You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH.
Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...`
Run this from the playbook's directory:
```bash
docker run -it --rm \
--privileged \
--pid=host \
-w /work \
-v `pwd`:/work \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.0-r0
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
### Running Ansible in a container on another computer (not the Matrix server)
Run this from the playbook's directory:
```bash
docker run -it --rm \
@ -51,7 +92,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.11.6-r1
docker.io/devture/ansible:2.13.0-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
You can execute `ansible-playbook` commands as per normal now.
You can execute `ansible-playbook ...` commands as per normal now.
### If you don't use SSH keys for authentication
#### If you don't use SSH keys for authentication
If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:

BIN
docs/assets/obtain_admin_access_token_element.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 205 KiB

6
docs/configuring-dns.md
View File

@ -36,8 +36,10 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
| CNAME | `stats` | - | - | - | `matrix.<your-domain>` |
| CNAME | `goneb` | - | - | - | `matrix.<your-domain>` |
| CNAME | `sygnal` | - | - | - | `matrix.<your-domain>` |
| CNAME | `ntfy` | - | - | - | `matrix.<your-domain>` |
| CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` |
| CNAME | `cinny` | - | - | - | `matrix.<your-domain>` |
| CNAME | `buscarron` | - | - | - | `matrix.<your-domain>` |
## Subdomains setup
@ -56,10 +58,14 @@ The `goneb.<your-domain>` subdomain may be necessary, because this playbook coul
The `sygnal.<your-domain>` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.<your-domain>` DNS record.
The `ntfy.<your-domain>` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.<your-domain>` DNS record.
The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.
The `buscarron.<your-domain>` subdomain may be necessary, because this playbook could install the [buscarron](https://gitlab.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.<your-domain>` DNS record.
## `_matrix-identity._tcp` SRV record setup
To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this:

13
docs/configuring-playbook-backup-borg.md
View File

@ -8,6 +8,9 @@ You will need a remote server where borg will store the backups. There are hoste
The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day.
By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), Borg backups will also include dumps of your Postgres database. An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for Borg using the `matrix_backup_borg_postgresql_enabled` variable.
## Prerequisites
1. Create a new SSH key:
@ -40,7 +43,13 @@ matrix_backup_borg_location_repositories:
- USER@HOST:REPO
matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE"
matrix_backup_borg_ssh_key_private: |
PRIVATE KEY
-----BEGIN OPENSSH PRIVATE KEY-----
TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZW
xpdCwgc2VkIGRvIGVpdXNtb2QgdGVtcG9yIGluY2lkaWR1bnQgdXQgbGFib3JlIGV0IGRv
bG9yZSBtYWduYSBhbGlxdWEuIFV0IGVuaW0gYWQgbWluaW0gdmVuaWFtLCBxdWlzIG5vc3
RydWQgZXhlcmNpdGF0aW9uIHVsbGFtY28gbGFib3JpcyBuaXNpIHV0IGFsaXF1aXAgZXgg
ZWEgY29tbW9kbyBjb25zZXF1YXQuIA==
-----END OPENSSH PRIVATE KEY-----
```
where:
@ -49,7 +58,7 @@ where:
* HOST - SSH host of a provider/server
* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`
* PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager
* PRIVATE KEY - the content of the **private** part of the SSH key you created before
* PRIVATE KEY - the content of the **private** part of the SSH key you created before. The whole key (all of its belonging lines) under `matrix_backup_borg_ssh_key_private` needs to be indented with 2 spaces
To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable.

75
docs/configuring-playbook-bot-buscarron.md Normal file
View File

@ -0,0 +1,75 @@
# Setting up Buscarron (optional)
The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/buscarron) for you.
It's a bot you can use to setup **your own helpdesk on matrix**
It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`.
(to use a different username, adjust the `matrix_bot_buscarron_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_bot_buscarron_enabled: true
# Adjust this to whatever password you chose when registering the bot user
matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT
# Adjust accepted forms
matrix_bot_buscarron_forms:
- name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact
room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted
redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission
ratelimit: 1r/m # (optional) rate limit of the form, format: <max requests>r/<interval:s,m>, eg: 1r/s or 54r/m
extensions: [] # (optional) list of form extensions (not used yet)
matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically
matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically
```
You will also need to add a DNS record so that buscarron can be accessed.
By default buscarron will use https://buscarron.DOMAIN so you will need to create an CNAME record for `buscarron`.
See [Configuring DNS](configuring-dns.md).
If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain):
```yaml
matrix_server_fqn_buscarron: "form.{{ matrix_domain }}"
```
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
To use the bot, invite the `@bot.buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form:
```html
<form method="POST" action="https://buscarron.DOMAIN/contact">
<!--your fields-->
</form>
```
You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/buscarron).

72
docs/configuring-playbook-bot-matrix-registration-bot.md Normal file
View File

@ -0,0 +1,72 @@
# Setting up matrix-registration-bot (optional)
The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.
The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server,
where you invite someone by sending them a registration token. They can register as normal but have to provide a valid
registration token in a final step of the registration.
See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
does and why it might be useful to you.
## Registering the bot user
By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`.
(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Obtaining an admin access token
In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the
bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account
(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom.
You can expand "Access token" to copy it.
![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_bot_matrix_registration_bot_enabled: true
# Token obtained via logging into the bot account (see above)
matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE"
# Enables registration
matrix_synapse_enable_registration: true
# Restrict registration to users with a token
matrix_synapse_registration_requires_token: true
```
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
In this room send `help` and the bot will reply with all options.
You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md)
or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).

63
docs/configuring-playbook-bot-maubot.md Normal file
View File

@ -0,0 +1,63 @@
# Setting up maubot (optional)
The playbook can install and configure [maubot](https://github.com/maubot/maubot) for you.
After setting up maubot, you can use the web management interface to make it do things.
The default location of the management interface is `matrix.<your-domain>/_matrix/maubot/`
See the project's [documentation](https://docs.mau.fi/maubot/usage/basic.html) to learn what it
does and why it might be useful to you.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_bot_maubot_enabled: true
matrix_bot_maubot_admins:
- yourusername: securepassword
```
You can add multiple admins. The admin accounts are not connected to any matrix ID and are only used to access the
maubot administration interface.
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
You can visit `matrix.<your-domain>/_matrix/maubot/` to manage your available plugins, clients and instances.
You should start in the following order
1. **Create one or more clients:** A client is a matrix account which the bot will use to message.
2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source.
3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use
and the plugin (how the bot will behave)
To add a client you first need to create an account and obtain a valid access token.
## Registering the bot user
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Obtaining an admin access token
This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)) or by logging into Element/Schildichat with the bot account
(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom.
You can expand "Access token" to copy it.
![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.

6
docs/configuring-playbook-bridge-appservice-discord.md
View File

@ -1,6 +1,8 @@
# Setting up Appservice Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook.
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing.
- For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you.
@ -61,7 +63,7 @@ To get started with Portal Bridging:
1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S).
2. Room addresses follow this syntax: `#_discord_<guildID>_<channelID>`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels/<guildID>/<channelID>`.
3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord_<guildID>_<channelID>` in your Matrix client.
3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord_<guildID>_<channelID>` in your Matrix client.
## Getting Administrator access in a portal bridged room

68
docs/configuring-playbook-bridge-appservice-kakaotalk.md Normal file
View File

@ -0,0 +1,68 @@
# Setting up Appservice Kakaotalk (optional)
The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code.
See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you.
## Installing
To enable the bridge, add this to your `vars.yml` file:
```yaml
matrix_appservice_kakaotalk_enabled: true
```
You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
To make use of the Kakaotalk bridge, see [Usage](#usage) below.
### Additional configuration
There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable
### Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
#### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
#### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Appservice-Kakaotalk", "initial_device_display_name": "Appservice-Kakaotalk"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Appservice-Kakaotalk` device some time in the future, as that would break the Double Puppeting feature
## Usage
Start a chat with `@kakaotalkbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login --save EMAIL_OR_PHONE_NUMBER` to the bridge bot to enable bridging for your Kakaotalk account. The `--save` flag may be omitted, if you'd rather not save your password.
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

23
docs/configuring-playbook-bridge-go-skype-bridge.md Normal file
View File

@ -0,0 +1,23 @@
# Setting up Go Skype Bridge (optional)
The playbook can install and configure
[go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Skype](https://www.skype.com/) bridge just use the following
playbook configuration:
```yaml
matrix_go_skype_bridge_enabled: true
```
## Usage
Once the bot is enabled, you need to start a chat with `Skype bridge bot`
with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Send `help` to the bot to see the commands available.

23
docs/configuring-playbook-bridge-hookshot.md
View File

@ -4,19 +4,19 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr
Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks.
See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you.
See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you.
Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot.
## Setup Instructions
Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do.
Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.
1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
@ -26,14 +26,14 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| listener | default path | variable | used as |
|---|---|---|---|
| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. |
| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. |
| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth |
| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets |
| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus |
| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml).
@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_
### Metrics
If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md).
Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them.
To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however.
**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to:
- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature)
- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true`
### Collision with matrix-appservice-webhooks

87
docs/configuring-playbook-bridge-mautrix-discord.md Normal file
View File

@ -0,0 +1,87 @@
# Setting up Mautrix Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend.
The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you.
See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you.
## Prerequisites
For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**.
You can delete the Discord app after the authentication process.
If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible.
## Installing
To enable the bridge, add this to your `vars.yml` file:
```yaml
matrix_mautrix_discord_enabled: true
```
You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
To make use of the bridge, see [Usage](#usage) below.
### Additional configuration
There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable
### Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
#### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
#### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Discord", "initial_device_display_name": "Mautrix-Discord"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-Discord` device some time in the future, as that would break the Double Puppeting feature
## Usage
1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. Send a `login` command
3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app.
4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..."
5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to
6. Some Direct Messages from Discord should start syncing automatically
7. If you'd like to bridge guilds:
- send `guilds status` to see the list of guilds
- for each guild that you'd like bridged, send `guilds bridge GUILD_ID --entire`
8. You may wish to uninstall the Discord app from your phone now. It's not needed for the bridge to function.

18
docs/configuring-playbook-bridge-mautrix-facebook.md
View File

@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can
matrix_mautrix_facebook_configuration_extension_yaml: |
bridge:
permissions:
'@YOUR_USERNAME:YOUR_DOMAIN': admin
'@YOUR_USERNAME:{{ matrix_domain }}': admin
```
You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure.
Using both would look like
```yaml
matrix_mautrix_facebook_configuration_extension_yaml: |
bridge:
permissions:
'@YOUR_USERNAME:{{ matrix_domain }}': admin
encryption:
allow: true
default: true
```
You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
## Set up Double Puppeting
@ -91,3 +103,5 @@ Once connected, you should be able to verify that you're browsing the web throug
Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/).
Once logged in, proceed to [set up bridging](#usage).
If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change

26
docs/configuring-playbook-bridge-mautrix-instagram.md
View File

@ -7,6 +7,32 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i
```yaml
matrix_mautrix_instagram_enabled: true
```
There are some additional things you may wish to configure about the bridge before you continue.
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
```yaml
matrix_mautrix_instagram_configuration_extension_yaml: |
bridge:
encryption:
allow: true
default: true
```
If you would like to be able to administrate the bridge from your account it can be configured like this:
```yaml
# The easy way. The specified Matrix user ID will be made an admin of all bridges
matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}"
# OR:
# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins.
matrix_mautrix_instagram_configuration_extension_yaml: |
bridge:
permissions:
'@YOUR_USERNAME:YOUR_DOMAIN': admin
```
You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
## Usage

4
docs/configuring-playbook-bridge-mx-puppet-discord.md
View File

@ -1,6 +1,8 @@
# Setting up MX Puppet Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook.
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The playbook can install and configure
[mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you.

2
docs/configuring-playbook-bridge-mx-puppet-groupme.md
View File

@ -1,7 +1,7 @@
# Setting up MX Puppet GroupMe (optional)
The playbook can install and configure
[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you.
[mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) for you.
See the project page to learn what it does and why it might be useful to you.

29
docs/configuring-playbook-bridge-mx-puppet-skype.md
View File

@ -1,30 +1,5 @@
# Setting up MX Puppet Skype (optional)
The playbook can install and configure
[mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you.
The playbook used to be able to install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype), but no longer includes this component, because it has been broken and unmaintaned for a long time.
See the project page to learn what it does and why it might be useful to you.
To enable the [Skype](https://www.skype.com/) bridge just use the following
playbook configuration:
```yaml
matrix_mx_puppet_skype_enabled: true
```
## Usage
Once the bot is enabled you need to start a chat with `Skype Puppet Bridge` with
the handle `@_skypepuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Send `link <username> <password>` to the bridge bot to link your skype account.
Once logged in, send `list` to the bot user to list the available rooms.
Clicking rooms in the list will result in you receiving an invitation to the
bridged room.
Also send `help` to the bot to see the commands available.
Bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook.

2
docs/configuring-playbook-matrix-registration.md
View File

@ -2,6 +2,8 @@
The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you.
**WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it.
> matrix-registration is a simple python application to have a token based matrix registration.
Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.

111
docs/configuring-playbook-mautrix-bridges.md Normal file
View File

@ -0,0 +1,111 @@
# Setting up a Generic Mautrix Bridge (optional)
The playbook can install and configure various [mautrix](https://github.com/mautrix) bridges (twitter, facebook, instagram, signal, hangouts, googlechat, etc.), as well as many other (non-mautrix) bridges.
This is a common guide for configuring mautrix bridges.
You can see each bridge's features at in the `ROADMAP.md` file in its corresponding [mautrix](https://github.com/mautrix) repository.
To enable a bridge add:
```yaml
# Replace SERVICENAME with one of: twitter, facebook, instagram, ..
matrix_mautrix_SERVICENAME_enabled: true
```
to your `vars.yml`
There are some additional things you may wish to configure about the bridge before you continue. Each bridge may have additional requirements besides `_enabled: true`. For example, the mautrix-telegram bridge (our documentation page about it is [here](configuring-playbook-bridge-mautrix-telegram.md)) requires the `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash` variables to be defined. Refer to each bridge's individual documentation page for details about enabling bridges.
You can add
```yaml
matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}"
```
to `vars.yml` to **configure a user as an administrator for all bridges**.
**Alternatively** (more verbose, but allows multiple admins to be configured), you can do the same on a per-bridge basis with:
```yaml
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
bridge:
permissions:
'@YOUR_USERNAME:{{ matrix_domain }}': admin
```
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
```yaml
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
bridge:
encryption:
allow: true
default: true
```
You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this:
```yaml
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
bridge:
permissions:
'@YOUR_USERNAME:{{ matrix_domain }}': admin
encryption:
allow: true
default: true
```
## Setting the bot's username
```yaml
matrix_mautrix_SERVICENAME_appservice_bot_username: "BOTNAME"
```
Can be used to set the username for the bridge.
## Discovering additional configuration options
You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure.
## Set up Double Puppeting
To set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html)
please do so automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook by adding
```yaml
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
```
You should generate a strong shared secret with a command like this: pwgen -s 64 1
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
## Controlling the logging level
```yaml
matrix_mautrix_SERVICENAME_logging_level: WARN
```
to `vars.yml` to control the logging level, where you may replace WARN with one of the following to control the verbosity of the logs generated: TRACE, DEBUG, INFO, WARN, ERROR, or FATAL.
If you have issues with a service, and are requesting support, the higher levels of logging will generally be more helpful.
## Usage
You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html .
If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
## Troubleshooting
For troubleshooting information with a specific bridge, please see the playbook documentation about it (some other document in in `docs/`) and the upstream ([mautrix](https://github.com/mautrix)) bridge documentation for that specific bridge.
Reporting bridge bugs should happen upstream, in the corresponding mautrix repository, not to us.

93
docs/configuring-playbook-ntfy.md Normal file
View File

@ -0,0 +1,93 @@
# Setting up ntfy (optional)
The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you.
Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices.
This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features.
**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
```yaml
# Enabling it is the only required setting
matrix_ntfy_enabled: true
# Some other options
matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
matrix_ntfy_configuration_extension_yaml: |
log_level: DEBUG
```
For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`.
For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).
## Installing
Don't forget to add `ntfy.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
To make use of your ntfy installation, on Android for example, you need two things:
* the `ntfy` app
* a UnifiedPush-compatible matrix app
You need to install the `ntfy` app on each device on which you want to receive push notifications through your ntfy server. The `ntfy` app will provide UnifiedPush notifications to any number of UnifiedPush-compatible messaging apps installed on the same device.
### Setting up the `ntfy` Android app
1. Install the [ntfy Android app](https://ntfy.sh/docs/subscribe/phone/) from F-droid or Google Play.
2. In its Settings -> `General: Default server`, enter your ntfy server URL, such as `https://ntfy.DOMAIN`.
3. In its Settings -> `Advanced: Connection protocol`, choose `WebSockets`.
That is all you need to do in the ntfy app. It has many other features, but for our purposes you can ignore them. In particular you do not need to follow any instructions about subscribing to a notification topic as UnifiedPush will do that automatically.
### Setting up a UnifiedPush-compatible matrix app
Install any UnifiedPush-enabled matrix app on that same device. The matrix app will learn from the `ntfy` app that you have configured UnifiedPush on this device, and then it will tell your matrix server to use it.
Steps needed for specific matrix apps:
* FluffyChat-android:
- Should auto-detect and use it. No manual settings.
* SchildiChat-android:
1. enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`.
2. choose `Settings` -> `Notifications` -> `UnifiedPush: Re-register push distributor`. *(For info, a more complex alternative to achieve the same is: delete the relevant unifiedpush registration in `ntfy` app, force-close SchildiChat, re-open it.)*
3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section.
* Element-android v1.4.26+:
- [not yet documented; should auto-detect and use it?]
If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below.
## Troubleshooting
First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app.
Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`.
To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL.
In the "Notification Targets" screen in Element-Android or SchildiChat, two relevant URLs are shown, "push\_key" and "Url", and both should begin with your ntfy server's URL. If "push\_key" shows your server but "Url" shows an external server such as `up.schildi.chat` then push notifications will still work but are being routed through that external server before they reach your ntfy server. To rectify that, in SchildiChat (at least around version 1.4.20.sc55) you must enable the `Force custom push gateway` setting as described in the "Usage" section above.
If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app.
The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device.

8
docs/configuring-playbook-own-webserver.md
View File

@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
```yaml
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose.
matrix_synapse_container_client_api_host_bind_port: ''
matrix_synapse_container_federation_api_plain_host_bind_port: ''
```
### Using your own external Apache webserver

3
docs/configuring-playbook-postgres-backup.md
View File

@ -2,6 +2,9 @@
The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you.
For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead.
## Adjusting the playbook configuration
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:

87
docs/configuring-playbook-prometheus-grafana.md
View File

@ -9,8 +9,12 @@ Remember to add `stats.<your-domain>` to DNS as described in [Configuring DNS](c
```yaml
matrix_prometheus_enabled: true
# You can remove this, if unnecessary.
matrix_prometheus_node_exporter_enabled: true
# You can remove this, if unnecessary.
matrix_prometheus_postgres_exporter_enabled: true
matrix_grafana_enabled: true
matrix_grafana_anonymous_access: false
@ -34,6 +38,7 @@ Name | Description
-----|----------
`matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
`matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
`matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in
`matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
`matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
@ -48,28 +53,55 @@ Most of our docker containers run with limited system access, but the `prometheu
## Collecting metrics to an external Prometheus server
If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation.
**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly".
To do this, you may be interested in the following variables:
When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network.
The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below.
The following variables may be of interest:
Name | Description
-----|----------
`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service.
`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials
`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead
`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with
`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead.
`matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network)
`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx.
`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`)
`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`).
`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network)
`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`
`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below)
### Collecting worker metrics to an external Prometheus server
Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations:
```nginx
matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks:
- 'location /metrics/another-service {
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-another-service:9100/metrics;
}'
```
If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above).
The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable.
### Collecting Synapse worker metrics to an external Prometheus server
If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
It will look a bit like this:
```yaml
scrape_configs:
- job_name: 'synapse'
metrics_path: /_synapse/metrics
metrics_path: /metrics/synapse/main-process
scheme: https
basic_auth:
username: prometheus
@ -80,7 +112,7 @@ scrape_configs:
job: "master"
index: 1
- job_name: 'synapse-generic_worker-1'
metrics_path: /_synapse-worker-generic_worker-18111/metrics
metrics_path: /metrics/synapse/worker/generic_worker-18111
scheme: https
basic_auth:
username: prometheus
@ -92,38 +124,6 @@ scrape_configs:
index: 18111
```
### Collecting system and Postgres metrics to an external Prometheus server (advanced)
When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats.
It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network.
Use the following variables in addition to the ones mentioned above:
Name | Description
-----|----------
`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy
`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain
`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter
`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter
`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below)
```nginx
matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks:
- 'location /node-exporter/ {
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-prometheus-node-exporter:9100/;
auth_basic "protected";
auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
}'
- 'location /postgres-exporter/ {
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-prometheus-postgres-exporter:9187/;
auth_basic "protected";
auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
}'
```
You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187.
## More information
@ -131,4 +131,3 @@ You can customize the `location`s to your liking, just point your Prometheus to
- [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana)
- [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)

8
docs/configuring-playbook-prometheus-postgres.md
View File

@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv
```yaml
matrix_prometheus_postgres_exporter_enabled: true
# the role creates a postgres user as credential. You can configure these if required:
matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter'
matrix_prometheus_postgres_exporter_database_password: 'some-password'
```
## What does it do?
@ -20,7 +15,8 @@ Name | Description
-----|----------
`matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false'
`matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter'
`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database.
`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook
`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
## More information

1
docs/configuring-playbook-ssl-certificates.md
View File

@ -74,6 +74,7 @@ By default, it obtains certificates for:
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
- possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
- possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
- possibly for `ntfy.<your-domain>`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md).
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.

12
docs/configuring-playbook-synapse-admin.md
View File

@ -62,3 +62,15 @@ matrix_synapse_admin_container_extra_arguments:
# The Synapse Admin container uses port 80 by default
- '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
```
### Sample configuration for running behind Caddy v2
Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`).
```caddy
# This is a basic configuration that will function the same as the default nginx proxy - exposing the synapse-admin panel to matrix.YOURSERVER.com/synapse-admin/
handle_path /synapse-admin* {
reverse_proxy localhost:8766 {
}
}
```

32
docs/configuring-playbook-telemetry.md
View File

@ -3,8 +3,7 @@
By default, this playbook configures your Matrix homeserver to not send any telemetry data anywhere.
The [matrix.org](https://matrix.org) team would really appreciate it if you could help the project out by reporting
anonymized usage statistics from your homeserver. Only very [basic aggregate
data](#usage-statistics-being-submitted) (e.g. number of users) will be reported, but it helps track the
usage statistics from your homeserver. Enabling usage statistics helps track the
growth of the Matrix community, and helps to make Matrix a success.
@ -19,28 +18,9 @@ matrix_synapse_report_stats: true
## Usage statistics being submitted
If statistics reporting is enabled, the information that gets submitted to the matrix.org team [according to the source code](https://github.com/matrix-org/synapse/blob/master/synapse/app/homeserver.py) is:
When enabled, Synapse will regularly upload a few dozen statistics about your server.
This data includes your homeserver's domain, the total number of users, the number of active
users, the total number of rooms, and the number of messages sent per day on your homeserver.
- your homeserver's domain name
- uptime of the homeserver program
- [Python](https://www.python.org/) version powering your homeserver
- total number of users on your home server (including bridged users)
- total number of native Matrix users on your home server
- total number of rooms on your homeserver
- total number of daily active users on your homeserver
- total number of daily active rooms on your homeserver
- total number of messages sent per day
- cache setting information
- CPU and memory statistics for the homeserver program
- database engine type and version
See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics)
for the full list of statistics that are reported.

30
docs/configuring-playbook.md
View File

@ -18,6 +18,7 @@ You can then follow these steps inside the playbook directory:
1. edit the inventory hosts file (`inventory/hosts`) to your liking
1. (optional, advanced) to run Ansible against multiple servers with different `sudo` credentials, you can copy the sample inventory hosts yaml file for each of your hosts: (`cp examples/host.yml inventory/my_host1.yml` …) and use the [`ansible-all-hosts.sh`](../inventory/scripts/ansible-all-hosts.sh) script [in the installation step](installing.md).
For a basic Matrix installation, that's all you need.
For a more custom setup, see the [Other configuration options](#other-configuration-options) below.
@ -51,7 +52,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional)
- [Configure Nginx (optional, advanced)](configuring-playbook-nginx.md) (optional, advanced)
- [Configure Nginx](configuring-playbook-nginx.md) (optional, advanced)
- [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced)
@ -92,6 +93,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
### Bridging other networks
- [Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md) (optional)
- [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)
- [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
@ -110,17 +113,19 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
- [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional)
- [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md) (optional)
- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional)
- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional)
- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
@ -134,6 +139,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (optional)
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
- [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional)
@ -145,13 +152,28 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional)
- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional)
- [Setting up maubot](configuring-playbook-bot-maubot.md) - a plugin-based Matrix bot system (optional)
- [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional)
- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional)
- [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional)
- [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional)
### Backups
- [Setting up borg backup](configuring-playbook-backup-borg.md) - a full Matrix server backup solution, including the Postgres database (optional)
- [Setting up postgres backup](configuring-playbook-postgres-backup.md) - a Postgres-database backup solution (note: does not include other files) (optional)
### Other specialized services
- [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)
- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional)

74
docs/configuring-well-known.md
View File

@ -15,7 +15,7 @@ All services created by this playbook are meant to be installed on their own ser
As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@<username>:<your-domain>` while hosting services on a subdomain like `matrix.<your-domain>`, the Matrix network needs to be instructed of such delegation/redirection.
Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (`<your-domain.com>`).
Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (`<your-domain>`).
Both methods have their place and will continue to do so. You only need to use just one of these delegation methods.
For simplicity reasons, our setup advocates for the `/.well-known/matrix/server` method and guides you into using that.
@ -36,6 +36,37 @@ However, this playbook installs your Matrix server on another domain (e.g. `matr
To learn how to set it up, read the Installing section below.
## (Optional) Introduction to Homeserver Admin Contact and Support page
[MSC 1929](https://github.com/matrix-org/matrix-spec-proposals/pull/1929) specifies a way to add contact details of admins, as well as a link to a support page for users who are having issues with the service.
This MSC did not get accepted yet, but we think it might already be useful to Homeserver admins who wish to provide this information to end-users.
The two playbook variables that you could look for, if you're interested in being an early adopter, are: `matrix_homeserver_admin_contacts` and `matrix_homeserver_support_url`.
Example snippet for `vars.yml`:
```
# Enable generation of `/.well-known/matrix/support`.
# This needs to be enabled explicitly for now, because MSC 1929 is not yet accepted.
matrix_well_known_matrix_support_enabled: true
# Homeserver admin contacts as per MSC 1929 https://github.com/matrix-org/matrix-spec-proposals/pull/1929
matrix_homeserver_admin_contacts:
- matrix_id: "@admin1:{{ matrix_domain }}"
email_address: admin@domain.tld
role: admin
- matrix_id: "@admin2:{{ matrix_domain }}"
email_address: admin2@domain.tld
role: admin
- email_address: security@domain.tld
role: security
matrix_homeserver_support_url: "https://example.domain.tld/support"
```
To learn how to set up `/.well-known/matrix/support` for the base domain, read the Installing section below.
## Installing well-known files on the base domain's server
To implement the two service discovery mechanisms, your base domain's server (e.g. `example.com`) needs to run an HTTPS-capable webserver.
@ -46,7 +77,7 @@ If you decide to go this route, you don't need to read ahead in this document. W
If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS.
To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them.
You have 3 options when it comes to installing the files on the base domain's server:
@ -85,12 +116,12 @@ With this method, you **don't need** to add special HTTP headers for [CORS](http
**For nginx**, it would be something like this:
```nginx
# This is your HTTPS-enabled server for DOMAIN.
# This is your HTTPS-enabled server for example.com.
server {
server_name DOMAIN;
server_name example.com;
location /.well-known/matrix {
proxy_pass https://matrix.DOMAIN/.well-known/matrix;
proxy_pass https://matrix.example.com/.well-known/matrix;
proxy_set_header X-Forwarded-For $remote_addr;
}
@ -98,16 +129,15 @@ server {
}
```
**For Apache**, it would be something like this:
**For Apache2**, it would be something like this:
```apache
<VirtualHost *:443>
ServerName DOMAIN
ServerName example.com
SSLProxyEngine on
<Location /.well-known/matrix>
ProxyPass "https://matrix.DOMAIN/.well-known/matrix"
</Location>
ProxyPass /.well-known/matrix https://matrix.example.com/.well-known/matrix nocanon
ProxyPassReverse /.well-known/matrix https://matrix.example.com/.well-known/matrix nocanon
# other configuration
</VirtualHost>
@ -116,16 +146,10 @@ server {
**For Caddy 2**, it would be something like this:
```caddy
reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN {
header_up Host {http.reverse_proxy.upstream.hostport}
}
```
**For Caddy 1**, it would be something like this:
```caddy
proxy /.well-known/matrix/ https://matrix.DOMAIN {
header_upstream Host {http.reverse_proxy.upstream.hostport}
example.com {
reverse_proxy /.well-known/matrix/* https://matrix.example.com {
header_up Host {upstream_hostport}
}
}
```
@ -152,12 +176,17 @@ backend matrix-backend
```
# In the _redirects file in the website's root
/.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200!
/.well-known/matrix/* https://matrix.example.com/.well-known/matrix/:splat 200!
```
**For AWS CloudFront**
1. Add a custom origin with matrix.<your-domain> to your distribution
1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin.
Make sure to:
- **replace `DOMAIN`** in the server configuration with your actual domain name
- **replace `example.com`** in the server configuration with your actual domain name
- and: to **do this for the HTTPS-enabled server block**, as that's where Matrix expects the file to be
@ -167,5 +196,6 @@ No matter which method you've used to set up the well-known files, if you've don
- `https://<domain>/.well-known/matrix/server`
- `https://<domain>/.well-known/matrix/client`
- `https://<domain>/.well-known/matrix/support`
You can also check if everything is configured correctly, by [checking if services work](maintenance-checking-services.md).

10
docs/container-images.md
View File

@ -68,8 +68,6 @@ These services are not part of our default installation, but can be enabled by [
- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) (optional)
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional)
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional)
- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
@ -78,7 +76,7 @@ These services are not part of our default installation, but can be enabled by [
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional)
- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional)
- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
@ -94,6 +92,10 @@ These services are not part of our default installation, but can be enabled by [
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
- [moanos/matrix-registration-bot/](https://hub.docker.com/r/moanos/matrix-registration-bot/) - the [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) bot (manage registration tokens for invitations to the server) (optional)
- [dock.mau.dev/maubot/maubot](https://mau.dev/maubot/maubot/container_registry) - the [maubot](https://github.com/maubot/maubot) bot (a plugin-based Matrix bot system) (optional)
- [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional)
- [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional)
@ -109,3 +111,5 @@ These services are not part of our default installation, but can be enabled by [
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
- [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix
- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server

2
docs/faq.md
View File

@ -55,7 +55,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee
- **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting.
- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login.
- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://joinmatrix.org/servers/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login.
- **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server).

2
docs/prerequisites.md
View File

@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).

2
docs/self-building.md
View File

@ -33,11 +33,11 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-mautrix-telegram`
- `matrix-bridge-mautrix-signal`
- `matrix-bridge-mautrix-whatsapp`
- `matrix-bridge-mx-puppet-skype`
- `matrix-bridge-mx-puppet-steam`
- `matrix-bot-mjolnir`
- `matrix-bot-honoroit`
- `matrix-bot-matrix-reminder-bot`
- `matrix-bot-maubot`
- `matrix-email2matrix`
Adding self-building support to other roles is welcome. Feel free to contribute!

18
examples/caddy2/Caddyfile
View File

@ -214,3 +214,21 @@ element.DOMAIN.tld {
# }
# }
#}
#DOMAIN.com {
# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
# @wellknown {
# path /.well-known/matrix/*
# }
#
# handle @wellknown {
# reverse_proxy https://matrix.DOMAIN.com {
# header_up Host {http.reverse_proxy.upstream.hostport}
# }
# }
# # Configration for the base domain goes here
# # handle {
# # header -Server
# # encode zstd gzip
# # reverse_proxy localhost:4020
# # }
#}

11
examples/host.yml Normal file
View File

@ -0,0 +1,11 @@
---
# This is a host file for usage with the `ansible-all-hosts.sh` script,
# which runs Ansible against a bunch of hosts, each with its own `sudo` password.
matrix_servers:
hosts:
matrix.<your domain>:
ansible_host: <your server's external ip address>
ansible_ssh_user: <your ssh user>
become: true
become_user: root

389
group_vars/matrix_servers
View File

@ -215,6 +215,43 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_gen
#
######################################################################
######################################################################
#
# matrix-bridge-appservice-kakaotalk
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_kakaotalk_enabled: false
matrix_appservice_kakaotalk_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-appservice-kakaotalk-node.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-appservice-kakaotalk
#
######################################################################
######################################################################
#
@ -254,6 +291,44 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge
#
######################################################################
######################################################################
#
# matrix-bridge-go-skype-bridge
#
######################################################################
# We don't enable bridges by default.
matrix_go_skype_bridge_enabled: false
matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_go_skype_bridge_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}"
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}"
matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-go-skype-bridge
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-facebook
@ -460,7 +535,7 @@ matrix_mautrix_signal_database_engine: 'postgres'
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
#
@ -535,14 +610,14 @@ matrix_mautrix_twitter_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_twitter_appservice_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}"
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
######################################################################
#
@ -588,6 +663,44 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_discord_enabled: false
matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_discord_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}"
matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-discord
#
######################################################################
######################################################################
#
# matrix-sms-bridge
@ -675,8 +788,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena
matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}"
matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}"
# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled.
#
# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
# - `matrix_hookshot_metrics_enabled`
# - `matrix_hookshot_metrics_proxying_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}"
matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}"
@ -688,44 +806,6 @@ matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-skype
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_skype_enabled: false
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_mx_puppet_skype_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_skype_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.tok') | to_uuid }}"
matrix_mx_puppet_skype_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.tok') | to_uuid }}"
matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mx-puppet-skype
#
######################################################################
######################################################################
#
@ -989,6 +1069,77 @@ matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architectu
#
######################################################################
######################################################################
#
# matrix-bot-matrix-registration-bot
#
######################################################################
# We don't enable bots by default.
matrix_bot_matrix_registration_bot_enabled: false
matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_bot_matrix_registration_bot_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
######################################################################
#
# /matrix-bot-matrix-registration-bot
#
######################################################################
######################################################################
#
# matrix-bot-maubot
#
######################################################################
# We don't enable bots by default.
matrix_bot_maubot_enabled: false
matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_bot_maubot_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_bot_maubot_registration_shared_secret: |-
{{
{
'synapse': matrix_synapse_registration_shared_secret,
'dendrite': matrix_dendrite_registration_shared_secret,
}[matrix_homeserver_implementation]
}}
matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
######################################################################
#
# /matrix-bot-maubot
#
######################################################################
######################################################################
#
# matrix-bot-honoroit
@ -1020,6 +1171,37 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [
#
######################################################################
######################################################################
#
# matrix-bot-buscarron
#
######################################################################
# We don't enable bots by default.
matrix_bot_buscarron_enabled: false
matrix_bot_buscarron_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}"
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
######################################################################
#
# /matrix-bot-buscarron
#
######################################################################
######################################################################
#
@ -1095,7 +1277,7 @@ matrix_backup_borg_postgresql_databases: |
'name': matrix_synapse_database_database
}] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+
matrix_postgres_additional_databases)|map(attribute='name')|list
matrix_postgres_additional_databases)|map(attribute='name') | list
}}
matrix_backup_borg_location_source_directories:
- "{{ matrix_base_data_path }}"
@ -1164,7 +1346,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
@ -1368,7 +1550,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# ma1sd's web-server port.
matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_container_port|string }}"
matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_container_port | string }}"
# We enable Synapse integration via its Postgres database by default.
@ -1438,7 +1620,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
}[matrix_homeserver_implementation]|int
}}
matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}"
matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}"
@ -1446,11 +1628,13 @@ matrix_nginx_proxy_proxy_matrix_enabled: true
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}"
matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}"
matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -1477,14 +1661,14 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port | string}}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port | string}}"
matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}"
matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port|string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port|string }}"
matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_conduit_enabled: "{{ matrix_conduit_enabled }}"
matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}"
@ -1497,13 +1681,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore.
# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public.
# A local Prometheus can consume them over the container network.
matrix_nginx_proxy_proxy_synapse_metrics: false
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
@ -1525,8 +1702,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers
matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}"
matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}"
matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_nginx_proxy_systemd_wanted_services_list: |
{{
['matrix-' + matrix_homeserver_implementation + '.service']
@ -1537,6 +1712,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+
(['matrix-client-cinny.service'] if matrix_client_cinny_enabled else [])
+
(['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else [])
+
(['matrix-client-element.service'] if matrix_client_element_enabled else [])
+
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else [])
@ -1547,6 +1724,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+
(['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
+
(['matrix-ntfy.service'] if matrix_ntfy_enabled else [])
+
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
+
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
@ -1568,6 +1747,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else [])
+
([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else [])
+
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
+
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
@ -1578,6 +1759,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
+
([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else [])
+
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
+
matrix_ssl_additional_domains_to_obtain_certificates_for
@ -1679,6 +1862,18 @@ matrix_postgres_additional_databases: |
'password': matrix_bot_honoroit_database_password,
}] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_bot_maubot_database_name,
'username': matrix_bot_maubot_database_username,
'password': matrix_bot_maubot_database_password,
}] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_bot_buscarron_database_name,
'username': matrix_bot_buscarron_database_username,
'password': matrix_bot_buscarron_database_password,
}] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_registration_database_name,
'username': matrix_registration_database_username,
@ -1703,12 +1898,24 @@ matrix_postgres_additional_databases: |
'password': matrix_appservice_irc_database_password,
}] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_appservice_kakaotalk_database_name,
'username': matrix_appservice_kakaotalk_database_username,
'password': matrix_appservice_kakaotalk_database_password,
}] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_beeper_linkedin_database_name,
'username': matrix_beeper_linkedin_database_username,
'password': matrix_beeper_linkedin_database_password,
}] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_go_skype_bridge_database_name,
'username': matrix_go_skype_bridge_database_username,
'password': matrix_go_skype_bridge_database_password,
}] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_facebook_database_name,
'username': matrix_mautrix_facebook_database_username,
@ -1758,10 +1965,10 @@ matrix_postgres_additional_databases: |
}] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mx_puppet_skype_database_name,
'username': matrix_mx_puppet_skype_database_username,
'password': matrix_mx_puppet_skype_database_password,
}] if (matrix_mx_puppet_skype_enabled and matrix_mx_puppet_skype_database_engine == 'postgres' and matrix_mx_puppet_skype_database_hostname == 'matrix-postgres') else [])
'name': matrix_mautrix_discord_database_name,
'username': matrix_mautrix_discord_database_username,
'password': matrix_mautrix_discord_database_password,
}] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mx_puppet_slack_database_name,
@ -1823,14 +2030,14 @@ matrix_postgres_import_roles_to_ignore: |
{{
[matrix_postgres_connection_username]
+
matrix_postgres_additional_databases|map(attribute='username')|list
matrix_postgres_additional_databases|map(attribute='username') | list
}}
matrix_postgres_import_databases_to_ignore: |
{{
[matrix_postgres_db_name]
+
matrix_postgres_additional_databases|map(attribute='name')|list
matrix_postgres_additional_databases|map(attribute='name') | list
}}
######################################################################
@ -1859,6 +2066,22 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable
#
######################################################################
######################################################################
#
# matrix-ntfy
#
######################################################################
matrix_ntfy_enabled: false
matrix_ntfy_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:2586' }}"
######################################################################
#
# /matrix-ntfy
#
######################################################################
######################################################################
#
# matrix-redis
@ -1883,7 +2106,7 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}"
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -1951,7 +2174,7 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl
matrix_client_cinny_enabled: false
matrix_client_cinny_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Cinny over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -1980,18 +2203,18 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6
# When ma1sd is enabled, we can use it to validate email addresses and phone numbers.
# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server.
matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}"
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}"
matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
# you can expose Synapse's ports to the host.
#
# For exposing the Matrix Client API's port (plain HTTP) to the local host.
matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port|string }}"
matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port | string }}"
#
# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}"
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port | string }}"
#
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
@ -2091,7 +2314,7 @@ matrix_synapse_admin_enabled: false
# Synapse Admin's HTTP port to the local host.
matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
######################################################################
#
@ -2135,10 +2358,10 @@ matrix_prometheus_scraper_node_enabled: "{{ matrix_prometheus_node_exporter_enab
matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:9100'] if matrix_prometheus_node_exporter_enabled else [] }}"
matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}"
matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}"
matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port | string] if matrix_prometheus_scraper_postgres_enabled else [] }}"
matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}"
matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}"
matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}"
######################################################################
#
@ -2268,7 +2491,7 @@ matrix_postgres_backup_databases: |
'name': matrix_synapse_database_database
}] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+
matrix_postgres_additional_databases)|map(attribute='name')|list
matrix_postgres_additional_databases)|map(attribute='name') | list
}}
######################################################################
@ -2290,16 +2513,16 @@ matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}"
# you can expose Dendrite's ports to the host.
#
# For exposing Dendrite's plain HTTP server to the local host.
matrix_dendrite_container_http_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_dendrite_http_bind_port|string) }}"
matrix_dendrite_container_http_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_dendrite_http_bind_port | string) }}"
#
# For exposing Dendrite's HTTPS server to the local host.
matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled or not matrix_dendrite_https_bind_port else ('127.0.0.1:' + matrix_dendrite_https_bind_port|string) }}"
matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled or not matrix_dendrite_https_bind_port else ('127.0.0.1:' + matrix_dendrite_https_bind_port | string) }}"
matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}"
matrix_dendrite_registration_shared_secret: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
matrix_dendrite_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.db') | to_uuid }}"
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}"
# Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway.

32
inventory/scripts/ansible-all-hosts.sh Executable file
View File

@ -0,0 +1,32 @@
#!/usr/bin/env bash
#
# Run the playbook on multiple hosts with different credentials with this script
# It defaults to ansible tags "setup-all,start". You can pass alternative tags
# to this script as arguments, e.g.
#
# ./inventory/scripts/ansible-all-hosts.sh self-check
#
# set playbook root path
root=$(dirname "$(readlink -f "$0")")/../..
# set default tags or get from first argument if any
tags="${1:-setup-all,start}"
# init password array
declare -A pws
# capture passwords for all hosts
for host in "$root"/inventory/*.yml; do
read -rp "sudo password for $(basename "$host"): " -s pw
pws[$host]="$pw"
echo
done
# run ansible on all captured passwords/hosts
for host in "${!pws[@]}"; do
ansible-playbook "$root"/setup.yml \
--inventory-file "$host" \
--extra-vars "ansible_become_pass=${pws[$host]}" \
--tags="$tags"
done

8
inventory/scripts/jitsi-generate-passwords.sh
View File

@ -18,7 +18,7 @@ JIBRI_XMPP_PASSWORD=$(generatePassword)
echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
echo ""
echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD
echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD
echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD
echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD
echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD"
echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD"
echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD"
echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD"

4
roles/matrix-aux/tasks/main.yml
View File

@ -1,7 +1,7 @@
---
- import_tasks: "{{ role_path }}/tasks/setup.yml"
when: run_stop|bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
when: run_stop | bool
tags:
- setup-all
- setup-aux-files

16
roles/matrix-aux/tasks/setup.yml
View File

@ -1,19 +1,19 @@
---
- name: Ensure AUX directories are created
file:
ansible.builtin.file:
dest: "{{ item.dest }}"
state: directory
owner: "{{ item.owner|default(matrix_user_username) }}"
group: "{{ item.group|default(matrix_user_groupname) }}"
mode: "{{ item.mode|default(matrix_aux_directory_default_mode) }}"
owner: "{{ item.owner | default(matrix_user_username) }}"
group: "{{ item.group | default(matrix_user_groupname) }}"
mode: "{{ item.mode | default(matrix_aux_directory_default_mode) }}"
with_items: "{{ matrix_aux_directory_definitions }}"
- name: Ensure AUX files are created
copy:
ansible.builtin.copy:
dest: "{{ item.dest }}"
content: "{{ item.content }}"
owner: "{{ item.owner|default(matrix_user_username) }}"
group: "{{ item.group|default(matrix_user_groupname) }}"
mode: "{{ item.mode|default(matrix_aux_file_default_mode) }}"
owner: "{{ item.owner | default(matrix_user_username) }}"
group: "{{ item.group | default(matrix_user_groupname) }}"
mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}"
with_items: "{{ matrix_aux_file_definitions }}"

9
roles/matrix-backup-borg/defaults/main.yml
View File

@ -1,4 +1,6 @@
---
# Project source code URL: https://gitlab.com/etke.cc/borgmatic
matrix_backup_borg_enabled: true
matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
@ -6,13 +8,14 @@ matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
matrix_backup_borg_container_image_self_build: false
matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
matrix_backup_borg_docker_repo_version: main
matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
# version determined automatically, based on postgres server version (if enabled), otherwise latest is used
matrix_backup_borg_version: ""
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version|default('') == '' }}"
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"
# A list of extra arguments to pass to the container
matrix_backup_borg_container_extra_arguments: []
@ -91,8 +94,8 @@ matrix_backup_borg_configuration_extension_yaml: |
# If you need something more special, you can take full control by
# completely redefining `matrix_backup_borg_configuration_yaml`.
matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml|from_yaml if matrix_backup_borg_configuration_extension_yaml|from_yaml is mapping else {} }}"
matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml | from_yaml if matrix_backup_borg_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final borgmatic configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`.
matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml|from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}"
matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml | from_yaml | combine(matrix_backup_borg_configuration_extension, recursive=True) }}"

6
roles/matrix-backup-borg/tasks/init.yml
View File

@ -1,4 +1,4 @@
---
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}"
when: matrix_backup_borg_enabled|bool
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}"
when: matrix_backup_borg_enabled | bool

14
roles/matrix-backup-borg/tasks/main.yml
View File

@ -1,23 +1,23 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_backup_borg_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
tags:
- setup-all
- setup-backup-borg
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_backup_borg_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
tags:
- setup-all
- setup-backup-borg
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_backup_borg_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
tags:
- setup-all
- setup-backup-borg

51
roles/matrix-backup-borg/tasks/setup_install.yml
View File

@ -1,19 +1,29 @@
---
- block:
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml"
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not matrix_postgres_enabled
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: detect_existing_postgres_version
- name: Fail if detected Postgres version is unsupported
fail:
ansible.builtin.fail:
msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
- name: Set the correct borg backup version to use
set_fact:
ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}"
when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == ''
when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
- name: Ensure borg paths exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
@ -22,18 +32,18 @@
with_items:
- {path: "{{ matrix_backup_borg_config_path }}", when: true}
- {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
when: "item.when|bool"
when: "item.when | bool"
- name: Ensure borgmatic config is created
copy:
content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}"
ansible.builtin.copy:
content: "{{ matrix_backup_borg_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure borg passwd is created
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/passwd.j2"
dest: "{{ matrix_backup_borg_config_path }}/passwd"
owner: "{{ matrix_user_username }}"
@ -41,7 +51,7 @@
mode: 0640
- name: Ensure borg ssh key is created
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/sshkey.j2"
dest: "{{ matrix_backup_borg_config_path }}/sshkey"
owner: "{{ matrix_user_username }}"
@ -54,21 +64,22 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
when: "not matrix_backup_borg_container_image_self_build|bool"
when: "not matrix_backup_borg_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure borg repository is present on self-build
git:
ansible.builtin.git:
repo: "{{ matrix_backup_borg_docker_repo }}"
version: "{{ matrix_backup_borg_docker_repo_version }}"
dest: "{{ matrix_backup_borg_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_backup_borg_git_pull_results
when: "matrix_backup_borg_container_image_self_build|bool"
when: "matrix_backup_borg_container_image_self_build | bool"
- name: Ensure borg image is built
docker_image:
@ -80,33 +91,33 @@
dockerfile: Dockerfile
path: "{{ matrix_backup_borg_docker_src_files_path }}"
pull: true
when: "matrix_backup_borg_container_image_self_build|bool"
when: "matrix_backup_borg_container_image_self_build | bool"
- name: Ensure matrix-backup-borg.service installed
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
mode: 0644
register: matrix_backup_borg_systemd_service_result
- name: Ensure matrix-backup-borg.timer installed
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
mode: 0644
register: matrix_backup_borg_systemd_timer_result
- name: Ensure systemd reloaded after matrix-backup-borg.service installation
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_backup_borg_systemd_service_result.changed|bool"
when: "matrix_backup_borg_systemd_service_result.changed | bool"
- name: Ensure matrix-backup-borg.service enabled
service:
ansible.builtin.service:
enabled: true
name: matrix-backup-borg.service
- name: Ensure matrix-backup-borg.timer enabled
service:
ansible.builtin.service:
enabled: true
name: matrix-backup-borg.timer

20
roles/matrix-backup-borg/tasks/setup_uninstall.yml
View File

@ -1,37 +1,37 @@
---
- name: Check existence of matrix-backup-borg service
stat:
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
register: matrix_backup_borg_service_stat
- name: Ensure matrix-backup-borg is stopped
service:
ansible.builtin.service:
name: matrix-backup-borg
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_backup_borg_service_stat.stat.exists|bool"
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure matrix-backup-borg.service doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists|bool"
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure matrix-backup-borg.timer doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists|bool"
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-backup-borg.service removal
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_backup_borg_service_stat.stat.exists|bool"
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure Matrix borg paths don't exist
file:
ansible.builtin.file:
path: "{{ matrix_backup_borg_base_path }}"
state: absent

4
roles/matrix-backup-borg/tasks/validate_config.yml
View File

@ -1,6 +1,6 @@
---
- name: Fail if required settings not defined
fail:
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
@ -9,7 +9,7 @@
- "matrix_backup_borg_location_repositories"
- name: Fail if encryption passphrase is undefined unless repository is unencrypted
fail:
ansible.builtin.fail:
msg: >-
You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"

62
roles/matrix-base/defaults/main.yml
View File

@ -8,6 +8,25 @@
# Example value: example.com
matrix_domain: ~
# The optional matrix admin MXID, used in bridges' configs to set bridge admin user
# Example value: "@someone:{{ matrix_domain }}"
matrix_admin: ''
# Homeserver admin contacts and support page as per MSC 1929
# See: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
# Users in form:
# matrix_homeserver_admin_contacts:
# - matrix_id: @admin:domain.tld
# email_address: admin@domain.tld
# role: admin
# - email_address: security@domain.tld
# role: security
# Also see: `matrix_well_known_matrix_support_enabled`
matrix_homeserver_admin_contacts: []
# Url string like https://domain.tld/support.html
# Also see: `matrix_well_known_matrix_support_enabled`
matrix_homeserver_support_url: ''
# This will contain the homeserver implementation that is in use.
# Valid values: synapse, dendrite, conduit
#
@ -37,6 +56,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
# This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default).
matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
# This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default).
matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
@ -52,6 +74,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
# This is where you access the Sygnal push gateway.
matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
# This is where you access the ntfy push notification service.
matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
matrix_federation_public_port: 8448
# The architecture that your server runs.
@ -71,6 +96,10 @@ matrix_container_global_registry_prefix: "docker.io/"
matrix_container_retries_count: 10
matrix_container_retries_delay: 10
# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
matrix_geturl_retries_count: 10
matrix_geturl_retries_delay: 10
matrix_user_username: "matrix"
matrix_user_groupname: "matrix"
@ -105,8 +134,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
@ -128,7 +157,7 @@ matrix_integration_manager_ui_url: ~
# The domain name where a Jitsi server is self-hosted.
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
matrix_client_element_jitsi_preferredDomain: ''
matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming
# Controls whether Element should use End-to-End Encryption by default.
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
@ -173,11 +202,11 @@ matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 't
# }
matrix_well_known_matrix_client_configuration_extension_json: '{}'
matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json|from_json if matrix_well_known_matrix_client_configuration_extension_json|from_json is mapping else {} }}"
matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json | from_json if matrix_well_known_matrix_client_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`.
matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default|combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}"
matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default | combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}"
# Default `/.well-known/matrix/server` configuration - it covers the generic use case.
# You can customize it by controlling the various variables inside the template file that it references.
@ -205,11 +234,23 @@ matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 't
# }
matrix_well_known_matrix_server_configuration_extension_json: '{}'
matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json|from_json if matrix_well_known_matrix_server_configuration_extension_json|from_json is mapping else {} }}"
matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json | from_json if matrix_well_known_matrix_server_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`.
matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}"
matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default | combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}"
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_well_known_matrix_support_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-support.j2') }}"
matrix_well_known_matrix_support_configuration_extension_json: '{}'
matrix_well_known_matrix_support_configuration_extension: "{{ matrix_well_known_matrix_support_configuration_extension_json | from_json if matrix_well_known_matrix_support_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/support` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_support_configuration_default` and `matrix_well_known_matrix_support_configuration_extension_json`.
matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_support_configuration_default | combine(matrix_well_known_matrix_support_configuration_extension, recursive=True) }}"
# The Docker network that all services would be put into
matrix_docker_network: "matrix"
@ -228,6 +269,13 @@ matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_ho
# matrix domain (`matrix_server_fqn_matrix`).
matrix_well_known_matrix_server_enabled: true
# Controls whether a `/.well-known/matrix/support` file is generated and used at all.
#
# This is not enabled by default, until the MSC gets accepted: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
#
# See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
matrix_well_known_matrix_support_enabled: false
# Controls whether Docker is automatically installed.
# If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package.
matrix_docker_installation_enabled: true

2
roles/matrix-base/tasks/clean_up_old_files.yml
View File

@ -1,7 +1,7 @@
---
- name: Get rid of old files and directories
file:
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:

22
roles/matrix-base/tasks/main.yml
View File

@ -1,34 +1,34 @@
---
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
when: run_setup|bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
when: run_setup | bool
tags:
- setup-all
- import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
when: run_setup|bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
when: run_setup | bool
tags:
- setup-all
# This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
# which are required by many other roles.
- import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
when: run_setup|bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
when: run_setup | bool
tags:
- always
- setup-system-user
- import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
when: run_setup|bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
when: run_setup | bool
tags:
- setup-all
- import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
when: run_setup|bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
when: run_setup | bool
tags:
- setup-all
- setup-ma1sd

40
roles/matrix-base/tasks/sanity_check.yml
View File

@ -1,27 +1,27 @@
---
- name: Fail if invalid homeserver implementation
fail:
ansible.builtin.fail:
msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
# We generally support Ansible 2.7.1 and above.
- name: Fail if running on Ansible < 2.7.1
fail:
ansible.builtin.fail:
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
when:
- "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
# Though we do not support Ansible 2.9.6 which is buggy
- name: Fail if running on Ansible 2.9.6 on Ubuntu
fail:
ansible.builtin.fail:
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
when:
- ansible_distribution == 'Ubuntu'
- "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
- name: (Deprecation) Catch and report renamed settings
fail:
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
@ -35,7 +35,7 @@
# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
- name: Fail if matrix_homeserver_generic_secret_key is undefined
fail:
ansible.builtin.fail:
msg: |
The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
@ -47,35 +47,45 @@
when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''"
- name: Fail if required variables are undefined
fail:
ansible.builtin.fail:
msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value"
with_items:
- {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"}
- {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix|default('') }}"}
- {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element|default('') }}"}
- {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url|default('') }}"}
- {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url|default('') }}"}
- {'var': matrix_domain, 'value': "{{ matrix_domain | default('') }}"}
- {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix | default('') }}"}
- {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element | default('') }}"}
- {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url | default('') }}"}
- {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url | default('') }}"}
when: "item.value is none or item.value == ''"
- name: Fail if uppercase domain used
fail:
ansible.builtin.fail:
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
with_items:
- "{{ matrix_domain }}"
- "{{ matrix_server_fqn_matrix }}"
- "{{ matrix_server_fqn_element }}"
when: "item != item|lower"
when: "item != item | lower"
- name: Fail if using python2 on Archlinux
fail:
ansible.builtin.fail:
msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
when:
- ansible_distribution == 'Archlinux'
- ansible_python.version.major != 3
- name: Fail if architecture is set incorrectly
fail:
ansible.builtin.fail:
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
(ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
(ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
- name: Fail if encountering usage of removed role (mx-puppet-skype)
ansible.builtin.fail:
msg: >-
Your configuration seems to include a reference to `matrix_mx_puppet_skype_enabled`. Are you trying to install the mx-puppet-skype bridge?
The playbook no longer includes a role for installing mx-puppet-skype, because the mx-puppet-bridge is unmaintained and has been reported as broken for a long time.
To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration.
To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal.
If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`.
when: "'matrix_mx_puppet_skype_enabled' in vars"

26
roles/matrix-base/tasks/server_base/setup.yml
View File

@ -1,18 +1,18 @@
---
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7 and ansible_distribution_major_version | int < 30
- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30
- block:
# ansible_lsb is only available if lsb-release is installed.
- name: Ensure lsb-release installed
apt:
ansible.builtin.apt:
name:
- lsb-release
state: present
@ -20,27 +20,27 @@
register: lsb_release_installation_result
- name: Reread ansible_lsb facts if lsb-release got installed
setup: filter=ansible_lsb*
ansible.builtin.setup: filter=ansible_lsb*
when: lsb_release_installation_result.changed
- include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian')
- include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
when: ansible_os_family == 'Debian'
- include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
when: ansible_distribution == 'Archlinux'
- name: Ensure Docker is started and autoruns
service:
ansible.builtin.service:
name: docker
state: started
enabled: true
- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
service:
ansible.builtin.service:
name: "{{ matrix_ntpd_service }}"
state: started
enabled: true

6
roles/matrix-base/tasks/server_base/setup_archlinux.yml
View File

@ -5,12 +5,12 @@
name:
- python-docker
- python-dnspython
state: latest
state: present
update_cache: true
- name: Ensure Docker is installed
pacman:
name:
- docker
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool

26
roles/matrix-base/tasks/server_base/setup_debian.yml
View File

@ -1,7 +1,7 @@
---
- name: Ensure APT usage dependencies are installed
apt:
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
@ -10,32 +10,32 @@
update_cache: true
- name: Ensure Docker's APT key is trusted
apt_key:
url: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
ansible.builtin.apt_key:
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: true
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker repository is enabled
apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
ansible.builtin.apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: true
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure APT packages are installed
apt:
ansible.builtin.apt:
name:
- "{{ matrix_ntpd_package }}"
state: latest
state: present
update_cache: true
- name: Ensure Docker is installed
apt:
ansible.builtin.apt:
name:
- "{{ matrix_docker_package_name }}"
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
state: latest
when: matrix_docker_installation_enabled|bool
- "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
state: present
when: matrix_docker_installation_enabled | bool

24
roles/matrix-base/tasks/server_base/setup_fedora.yml
View File

@ -1,7 +1,7 @@
---
- name: Ensure Docker repository is enabled
template:
ansible.builtin.template:
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
dest: "/etc/yum.repos.d/docker-ce.repo"
owner: "root"
@ -9,31 +9,31 @@
mode: 0644
with_items:
- docker-ce-fedora.repo
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker's RPM key is trusted
rpm_key:
ansible.builtin.rpm_key:
state: present
key: https://download.docker.com/linux/fedora/gpg
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
yum:
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"
state: latest
state: present
update_cache: true
- name: Ensure Docker is installed
yum:
ansible.builtin.yum:
name:
- "{{ matrix_docker_package_name }}"
- python3-pip
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool
- name: Ensure Docker-Py is installed
pip:
ansible.builtin.pip:
name: docker-py
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool

20
roles/matrix-base/tasks/server_base/setup_raspbian.yml
View File

@ -1,7 +1,7 @@
---
- name: Ensure APT usage dependencies are installed
apt:
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
@ -10,32 +10,32 @@
update_cache: true
- name: Ensure Docker's APT key is trusted
apt_key:
ansible.builtin.apt_key:
url: https://download.docker.com/linux/raspbian/gpg
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: true
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker repository is enabled
apt_repository:
ansible.builtin.apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
state: present
update_cache: true
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure APT packages are installed
apt:
ansible.builtin.apt:
name:
- "{{ matrix_ntpd_package }}"
state: latest
state: present
update_cache: true
- name: Ensure Docker is installed
apt:
ansible.builtin.apt:
name:
- "{{ matrix_docker_package_name }}"
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool

18
roles/matrix-base/tasks/server_base/setup_redhat.yml
View File

@ -1,31 +1,31 @@
---
- name: Ensure Docker repository is enabled
template:
ansible.builtin.template:
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
dest: "/etc/yum.repos.d/docker-ce.repo"
owner: "root"
group: "root"
mode: 0644
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker's RPM key is trusted
rpm_key:
ansible.builtin.rpm_key:
state: present
key: https://download.docker.com/linux/centos/gpg
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
yum:
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"
state: latest
state: present
update_cache: true
- name: Ensure Docker is installed
yum:
ansible.builtin.yum:
name:
- "{{ matrix_docker_package_name }}"
- docker-python
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool

28
roles/matrix-base/tasks/server_base/setup_redhat8.yml
View File

@ -1,44 +1,44 @@
---
- name: Ensure Docker repository is enabled
template:
ansible.builtin.template:
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
dest: "/etc/yum.repos.d/docker-ce.repo"
owner: "root"
group: "root"
mode: 0644
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker's RPM key is trusted
rpm_key:
ansible.builtin.rpm_key:
state: present
key: https://download.docker.com/linux/centos/gpg
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure EPEL is installed
yum:
ansible.builtin.yum:
name:
- epel-release
state: latest
state: present
update_cache: true
- name: Ensure yum packages are installed
yum:
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"
state: latest
state: present
update_cache: true
- name: Ensure Docker is installed
yum:
ansible.builtin.yum:
name:
- "{{ matrix_docker_package_name }}"
- python3-pip
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool
- name: Ensure Docker-Py is installed
pip:
ansible.builtin.pip:
name: docker-py
state: latest
when: matrix_docker_installation_enabled|bool
state: present
when: matrix_docker_installation_enabled | bool

8
roles/matrix-base/tasks/setup_matrix_base.yml
View File

@ -1,7 +1,7 @@
---
- name: Ensure Matrix base path exists
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "{{ matrix_base_data_path_mode }}"
@ -11,13 +11,13 @@
- "{{ matrix_base_data_path }}"
- name: Preserve vars.yml on the server for easily restoring if it gets lost later on
copy:
ansible.builtin.copy:
src: "{{ matrix_vars_yml_snapshotting_src }}"
dest: "{{ matrix_base_data_path }}/vars.yml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: '0660'
when: "matrix_vars_yml_snapshotting_enabled|bool"
when: "matrix_vars_yml_snapshotting_enabled | bool"
- name: Ensure Matrix network is created in Docker
docker_network:
@ -25,7 +25,7 @@
driver: bridge
- name: Ensure matrix-remove-all script created
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2"
dest: "{{ matrix_local_bin_path }}/matrix-remove-all"
mode: 0750

8
roles/matrix-base/tasks/setup_matrix_user.yml
View File

@ -1,18 +1,18 @@
---
- name: Ensure Matrix group is created
group:
ansible.builtin.group:
name: "{{ matrix_user_groupname }}"
gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
state: present
register: matrix_group
- name: Set Matrix Group GID Variable
set_fact:
ansible.builtin.set_fact:
matrix_user_gid: "{{ matrix_group.gid }}"
- name: Ensure Matrix user is created
user:
ansible.builtin.user:
name: "{{ matrix_user_username }}"
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
state: present
@ -23,5 +23,5 @@
register: matrix_user
- name: Set Matrix Group UID Variable
set_fact:
ansible.builtin.set_fact:
matrix_user_uid: "{{ matrix_user.uid }}"

31
roles/matrix-base/tasks/setup_well_known.yml
View File

@ -4,7 +4,7 @@
#
# For running with another webserver, we recommend being part of the `matrix` group.
- name: Ensure Matrix static-files path exists
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0755
@ -14,24 +14,39 @@
- "{{ matrix_static_files_base_path }}/.well-known/matrix"
- name: Ensure Matrix /.well-known/matrix/client file configured
copy:
content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}"
ansible.builtin.copy:
content: "{{ matrix_well_known_matrix_client_configuration | to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Matrix /.well-known/matrix/server file configured
copy:
content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}"
ansible.builtin.copy:
content: "{{ matrix_well_known_matrix_server_configuration | to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_well_known_matrix_server_enabled|bool
when: matrix_well_known_matrix_server_enabled | bool
- name: Ensure Matrix /.well-known/matrix/server file deleted
file:
ansible.builtin.file:
path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
state: absent
when: "not matrix_well_known_matrix_server_enabled|bool"
when: "not matrix_well_known_matrix_server_enabled | bool"
- name: Ensure Matrix /.well-known/matrix/support file configured
ansible.builtin.copy:
content: "{{ matrix_well_known_matrix_support_configuration | to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/support"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_well_known_matrix_support_enabled | bool
- name: Ensure Matrix /.well-known/matrix/support file deleted
ansible.builtin.file:
path: "{{ matrix_static_files_base_path }}/.well-known/matrix/support"
state: absent
when: "not matrix_well_known_matrix_support_enabled | bool"

10
roles/matrix-base/tasks/util/ensure_fuse_installed.yml
View File

@ -1,23 +1,23 @@
---
# This is for both RedHat 7 and 8
- name: Ensure fuse installed (RedHat)
yum:
ansible.builtin.yum:
name:
- fuse
state: latest
state: present
when: ansible_os_family == 'RedHat'
# This is for both Debian and Raspbian
- name: Ensure fuse installed (Debian/Raspbian)
apt:
ansible.builtin.apt:
name:
- fuse
state: latest
state: present
when: ansible_os_family == 'Debian'
- name: Ensure fuse installed (Archlinux)
pacman:
name:
- fuse3
state: latest
state: present
when: ansible_distribution == 'Archlinux'

10
roles/matrix-base/tasks/util/ensure_openssl_installed.yml
View File

@ -1,23 +1,23 @@
---
# This is for both RedHat 7 and 8
- name: Ensure openssl installed (RedHat)
yum:
ansible.builtin.yum:
name:
- openssl
state: latest
state: present
when: ansible_os_family == 'RedHat'
# This is for both Debian and Raspbian
- name: Ensure openssl installed (Debian/Raspbian)
apt:
ansible.builtin.apt:
name:
- openssl
state: latest
state: present
when: ansible_os_family == 'Debian'
- name: Ensure openssl installed (Archlinux)
pacman:
name:
- openssl
state: latest
state: present
when: ansible_distribution == 'Archlinux'

7
roles/matrix-base/templates/static-files/well-known/matrix-support.j2 Normal file
View File

@ -0,0 +1,7 @@
#jinja2: lstrip_blocks: "True"
{
"admins": {{ matrix_homeserver_admin_contacts|to_json }}
{% if matrix_homeserver_support_url %},
"support_page": {{ matrix_homeserver_support_url|to_json }}
{% endif %}
}

118
roles/matrix-bot-buscarron/defaults/main.yml Normal file
View File

@ -0,0 +1,118 @@
---
# buscarron is a helpdesk bot
# Project source code URL: https://gitlab.com/etke.cc/buscarron
matrix_bot_buscarron_enabled: true
matrix_bot_buscarron_container_image_self_build: false
matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_version: v1.2.0
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron"
matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config"
matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data"
matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store"
# A list of extra arguments to pass to the container
matrix_bot_buscarron_container_extra_arguments: []
# List of systemd services that matrix-bot-buscarron.service depends on
matrix_bot_buscarron_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-buscarron.service wants
matrix_bot_buscarron_systemd_wanted_services_list: []
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_bot_buscarron_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_bot_buscarron_database_*` variables
matrix_bot_buscarron_database_engine: 'sqlite'
matrix_bot_buscarron_sqlite_database_path_local: "{{ matrix_bot_buscarron_data_path }}/bot.db"
matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_buscarron_database_username: 'buscarron'
matrix_bot_buscarron_database_password: 'some-password'
matrix_bot_buscarron_database_hostname: 'matrix-postgres'
matrix_bot_buscarron_database_port: 5432
matrix_bot_buscarron_database_name: 'buscarron'
matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable'
matrix_bot_buscarron_storage_database: "{{
{
'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container,
'postgres': matrix_bot_buscarron_database_connection_string,
}[matrix_bot_buscarron_database_engine]
}}"
matrix_bot_buscarron_database_dialect: "{{
{
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_bot_buscarron_database_engine]
}}"
# The bot's username. This user needs to be created manually beforehand.
# Also see `matrix_bot_buscarron_password`.
matrix_bot_buscarron_login: "bot.buscarron"
# The password that the bot uses to authenticate.
matrix_bot_buscarron_password: ''
# the homeserver URL, uses internal synapse container address by default
matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}"
# forms configuration
matrix_bot_buscarron_forms: []
# Disable encryption
matrix_bot_buscarron_noencryption:
# Sentry DSN
matrix_bot_buscarron_sentry:
# Log level
matrix_bot_buscarron_loglevel: INFO
# spam hosts/domains
matrix_bot_buscarron_spam_hosts: []
# spam email addresses
matrix_bot_buscarron_spam_emails: []
# spam email localparts
matrix_bot_buscarron_spam_localparts: []
# Ban duration in hours
matrix_bot_buscarron_ban_duration: 24
# Banlist size
matrix_bot_buscarron_ban_size: 10000
# Postmark token (confirmation emails)
matrix_bot_buscarron_pm_token:
# Postmark sender signature
matrix_bot_buscarron_pm_from:
# Postmark confirmation email's reply-to
matrix_bot_buscarron_pm_replyto:
# Additional environment variables to pass to the buscarron container
#
# Example:
# matrix_bot_buscarron_environment_variables_extension: |
# BUSCARRON_LOGLEVEL=DEBUG
matrix_bot_buscarron_environment_variables_extension: ''

5
roles/matrix-bot-buscarron/tasks/init.yml Normal file
View File

@ -0,0 +1,5 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}"
when: matrix_bot_buscarron_enabled | bool

23
roles/matrix-bot-buscarron/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron

103
roles/matrix-bot-buscarron/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,103 @@
---
- ansible.builtin.set_fact:
matrix_bot_buscarron_requires_restart: false
- block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
register: matrix_bot_buscarron_sqlite_database_path_local_stat_result
- block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
dst: "{{ matrix_bot_buscarron_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_bot_buscarron_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-buscarron.service']
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact:
matrix_bot_buscarron_requires_restart: true
when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_buscarron_database_engine == 'postgres'"
- name: Ensure buscarron paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_buscarron_config_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_data_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
when: "item.when | bool"
- name: Ensure buscarron environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_buscarron_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure buscarron image is pulled
docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}"
when: "not matrix_bot_buscarron_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure buscarron repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_buscarron_docker_repo }}"
version: "{{ matrix_bot_buscarron_docker_repo_version }}"
dest: "{{ matrix_bot_buscarron_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_buscarron_git_pull_results
when: "matrix_bot_buscarron_container_image_self_build | bool"
- name: Ensure buscarron image is built
docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
source: build
force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_buscarron_docker_src_files_path }}"
pull: true
when: "matrix_bot_buscarron_container_image_self_build | bool"
- name: Ensure matrix-bot-buscarron.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
mode: 0644
register: matrix_bot_buscarron_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_buscarron_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-buscarron.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-buscarron.service"
state: restarted
when: "matrix_bot_buscarron_requires_restart | bool"

36
roles/matrix-bot-buscarron/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Check existence of matrix-buscarron service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
register: matrix_bot_buscarron_service_stat
- name: Ensure matrix-buscarron is stopped
ansible.builtin.service:
name: matrix-bot-buscarron
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-buscarron.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
state: absent
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
- name: Ensure Matrix buscarron paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_buscarron_base_path }}"
state: absent
- name: Ensure buscarron Docker image doesn't exist
docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
state: absent

5
roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml → roles/matrix-bot-buscarron/tasks/validate_config.yml
View File

@ -1,10 +1,9 @@
---
- name: Fail if required settings not defined
fail:
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_skype_appservice_token"
- "matrix_mx_puppet_skype_homeserver_token"
- "matrix_bot_buscarron_password"

29
roles/matrix-bot-buscarron/templates/env.j2 Normal file
View File

@ -0,0 +1,29 @@
BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }}
BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }}
BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }}
BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }}
BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }}
{% set forms = [] %}
{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }}
BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}
BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }}
{% endfor %}
BUSCARRON_LIST={{ forms|join(" ") }}
{{ matrix_bot_buscarron_environment_variables_extension }}

39
roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 Normal file
View File

@ -0,0 +1,39 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix web forms bot
{% for service in matrix_bot_buscarron_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_bot_buscarron_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_bot_buscarron_config_path }}/env \
--mount type=bind,src={{ matrix_bot_buscarron_data_path }},dst=/data \
{% for arg in matrix_bot_buscarron_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_buscarron_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-buscarron
[Install]
WantedBy=multi-user.target

6
roles/matrix-bot-go-neb/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
# See: https://github.com/matrix-org/go-neb
# Project source code URL: https://github.com/matrix-org/go-neb
matrix_bot_go_neb_enabled: true
matrix_bot_go_neb_version: latest
@ -224,8 +224,8 @@ matrix_bot_go_neb_configuration_extension_yaml: |
# If you need something more special, you can take full control by
# completely redefining `matrix_bot_go_neb_configuration_yaml`.
matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}"
matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml | from_yaml if matrix_bot_go_neb_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml | from_yaml | combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"

4
roles/matrix-bot-go-neb/tasks/init.yml
View File

@ -1,5 +1,5 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
when: matrix_bot_go_neb_enabled|bool
when: matrix_bot_go_neb_enabled | bool

14
roles/matrix-bot-go-neb/tasks/main.yml
View File

@ -1,23 +1,23 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
tags:
- setup-all
- setup-bot-go-neb
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
tags:
- setup-all
- setup-bot-go-neb
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
tags:
- setup-all
- setup-bot-go-neb

20
roles/matrix-bot-go-neb/tasks/setup_install.yml
View File

@ -1,10 +1,10 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_bot_go_neb_requires_restart: false
- name: Ensure go-neb paths exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
@ -14,7 +14,7 @@
- {path: "{{ matrix_bot_go_neb_config_path }}", when: true}
- {path: "{{ matrix_bot_go_neb_data_path }}", when: true}
- {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true}
when: "item.when|bool"
when: "item.when | bool"
- name: Ensure go-neb image is pulled
docker_image:
@ -28,27 +28,27 @@
until: result is not failed
- name: Ensure go-neb config installed
copy:
content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml(indent=2, width=999999) }}"
ansible.builtin.copy:
content: "{{ matrix_bot_go_neb_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-bot-go-neb.service installed
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
mode: 0644
register: matrix_bot_go_neb_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_go_neb_systemd_service_result.changed|bool"
when: "matrix_bot_go_neb_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-go-neb.service restarted, if necessary
service:
ansible.builtin.service:
name: "matrix-bot-go-neb.service"
state: restarted
when: "matrix_bot_go_neb_requires_restart|bool"
when: "matrix_bot_go_neb_requires_restart | bool"

16
roles/matrix-bot-go-neb/tasks/setup_uninstall.yml
View File

@ -1,32 +1,32 @@
---
- name: Check existence of matrix-go-neb service
stat:
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
register: matrix_bot_go_neb_service_stat
- name: Ensure matrix-go-neb is stopped
service:
ansible.builtin.service:
name: matrix-bot-go-neb
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-go-neb.service doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
state: absent
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
- name: Ensure Matrix go-neb paths don't exist
file:
ansible.builtin.file:
path: "{{ matrix_bot_go_neb_base_path }}"
state: absent

4
roles/matrix-bot-go-neb/tasks/validate_config.yml
View File

@ -1,13 +1,13 @@
---
- name: Fail if there's not at least 1 client
fail:
ansible.builtin.fail:
msg: >-
You need at least 1 client in the matrix_bot_go_neb_clients block.
when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined
- name: Fail if there's not at least 1 service
fail:
ansible.builtin.fail:
msg: >-
You need at least 1 service in the matrix_bot_go_neb_services block.
when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined

17
roles/matrix-bot-honoroit/defaults/main.yml
View File

@ -1,14 +1,15 @@
---
# honoroit is a helpdesk bot
# See: https://gitlab.com/etke.cc/honoroit
# Project source code URL: https://gitlab.com/etke.cc/honoroit
matrix_bot_honoroit_enabled: true
matrix_bot_honoroit_container_image_self_build: false
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.7
matrix_bot_honoroit_version: v0.9.12
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@ -84,15 +85,27 @@ matrix_bot_honoroit_sentry: ''
# Log level
matrix_bot_honoroit_loglevel: ''
# Disable encryption
matrix_bot_honoroit_noencryption: false
# Max items in cache
matrix_bot_honoroit_cachesize: ''
# List of ignored room IDs
matrix_bot_honoroit_ignoredrooms: []
# Ignore messages outside of threads
matrix_bot_honoroit_ignorenothread: false
# Text prefix: open
matrix_bot_honoroit_text_prefix_open: ''
# Text prefix: done
matrix_bot_honoroit_text_prefix_done: ''
# Text: no encryption
matrix_bot_honoroit_text_noencryption: ''
# Text: greetings
matrix_bot_honoroit_text_greetings: ''

4
roles/matrix-bot-honoroit/tasks/init.yml
View File

@ -1,5 +1,5 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
when: matrix_bot_honoroit_enabled|bool
when: matrix_bot_honoroit_enabled | bool

14
roles/matrix-bot-honoroit/tasks/main.yml
View File

@ -1,23 +1,23 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_bot_honoroit_enabled|bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit

41
roles/matrix-bot-honoroit/tasks/setup_install.yml
View File

@ -1,32 +1,34 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_bot_honoroit_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
ansible.builtin.stat:
path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
register: matrix_bot_honoroit_sqlite_database_path_local_stat_result
- block:
- set_fact:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
dst: "{{ matrix_bot_honoroit_database_connection_string }}"
caller: "{{ role_path|basename }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_bot_honoroit_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-honoroit.service']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: migrate_db_to_postgres
- set_fact:
- ansible.builtin.set_fact:
matrix_bot_honoroit_requires_restart: true
when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_honoroit_database_engine == 'postgres'"
- name: Ensure honoroit paths exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
@ -37,10 +39,10 @@
- {path: "{{ matrix_bot_honoroit_data_path }}", when: true}
- {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true}
- {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
when: "item.when|bool"
when: "item.when | bool"
- name: Ensure honoroit environment variables file created
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_honoroit_config_path }}/env"
owner: "{{ matrix_user_username }}"
@ -53,21 +55,22 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
when: "not matrix_bot_honoroit_container_image_self_build|bool"
when: "not matrix_bot_honoroit_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure honoroit repository is present on self-build
git:
ansible.builtin.git:
repo: "{{ matrix_bot_honoroit_docker_repo }}"
version: "{{ matrix_bot_honoroit_docker_repo_version }}"
dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_honoroit_git_pull_results
when: "matrix_bot_honoroit_container_image_self_build|bool"
when: "matrix_bot_honoroit_container_image_self_build | bool"
- name: Ensure honoroit image is built
docker_image:
@ -79,22 +82,22 @@
dockerfile: Dockerfile
path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
pull: true
when: "matrix_bot_honoroit_container_image_self_build|bool"
when: "matrix_bot_honoroit_container_image_self_build | bool"
- name: Ensure matrix-bot-honoroit.service installed
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
mode: 0644
register: matrix_bot_honoroit_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
when: "matrix_bot_honoroit_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-honoroit.service restarted, if necessary
service:
ansible.builtin.service:
name: "matrix-bot-honoroit.service"
state: restarted
when: "matrix_bot_honoroit_requires_restart|bool"
when: "matrix_bot_honoroit_requires_restart | bool"

16
roles/matrix-bot-honoroit/tasks/setup_uninstall.yml
View File

@ -1,32 +1,32 @@
---
- name: Check existence of matrix-honoroit service
stat:
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
register: matrix_bot_honoroit_service_stat
- name: Ensure matrix-honoroit is stopped
service:
ansible.builtin.service:
name: matrix-bot-honoroit
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-honoroit.service doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
state: absent
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
- name: Ensure Matrix honoroit paths don't exist
file:
ansible.builtin.file:
path: "{{ matrix_bot_honoroit_base_path }}"
state: absent

2
roles/matrix-bot-honoroit/tasks/validate_config.yml
View File

@ -1,7 +1,7 @@
---
- name: Fail if required settings not defined
fail:
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"

4
roles/matrix-bot-honoroit/templates/env.j2
View File

@ -8,8 +8,12 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }}
HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }}
HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }}
HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }}
HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }}
HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }}

50
roles/matrix-bot-matrix-registration-bot/defaults/main.yml Normal file
View File

@ -0,0 +1,50 @@
---
# matrix-registration-bot creates and manages registration tokens for a matrix server
# Project source code URL: https://github.com/moan0s/matrix-registration-bot
matrix_bot_matrix_registration_bot_enabled: true
matrix_bot_matrix_registration_bot_container_image_self_build: false
matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
matrix_bot_matrix_registration_bot_version: latest
matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}"
matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data"
matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
# The access token that the bot uses to communicate in Matrix chats
# This does not necessarily need to be a privileged (admin) access token.
matrix_bot_matrix_registration_bot_bot_access_token: ''
# The access token that the bot uses to call the Matrix API for creating registration tokens.
# This needs to be a privileged (admin) access token.
# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is.
# If necessary, you can define your own other access token here, which might even be for a different Matrix user.
matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}"
matrix_bot_matrix_registration_bot_logging_level: info
matrix_bot_matrix_registration_environment_variables_extension: ''
# A list of extra arguments to pass to the container
matrix_bot_matrix_registration_bot_container_extra_arguments: []
# List of systemd services that matrix-bot-matrix-registration-bot.service depends on
matrix_bot_matrix_registration_bot_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-matrix-registration-bot.service wants
matrix_bot_matrix_registration_bot_systemd_wanted_services_list: []
# The bot's username. This user needs to be created manually beforehand.
# Also see `matrix_bot_matrix_registration_bot_user_password`.
matrix_bot_matrix_registration_bot_matrix_user_id_localpart: "bot.matrix-registration-bot"
matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}:{{ matrix_domain }}'
matrix_bot_matrix_registration_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}"

5
roles/matrix-bot-matrix-registration-bot/tasks/init.yml Normal file
View File

@ -0,0 +1,5 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}"
when: matrix_bot_matrix_registration_bot_enabled | bool

23
roles/matrix-bot-matrix-registration-bot/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
tags:
- setup-all
- setup-bot-matrix-registration-bot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
tags:
- setup-all
- setup-bot-matrix-registration-bot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_matrix_registration_bot_enabled | bool"
tags:
- setup-all
- setup-bot-matrix-registration-bot

74
roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,74 @@
---
- name: Ensure matrix-registration-bot paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
- - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
- {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
when: "item.when | bool"
- name: Ensure matrix-registration-bot configuration file created
ansible.builtin.template:
src: "{{ role_path }}/templates/config/config.yml.j2"
dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure matrix-registration-bot image is pulled
docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}"
when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-registration-bot repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}"
version: "{{ matrix_bot_matrix_registration_bot_docker_repo_version }}"
dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_matrix_registration_bot_git_pull_results
when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool"
- name: Ensure matrix-registration-bot image is built
docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
source: build
force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
pull: true
when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool"
- name: Ensure matrix-bot-matrix-registration-bot.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service"
mode: 0644
register: matrix_bot_matrix_registration_bot_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-matrix-registration-bot.service"
state: restarted

36
roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Check existence of matrix-matrix-registration-bot service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service"
register: matrix_bot_matrix_registration_bot_service_stat
- name: Ensure matrix-matrix-registration-bot is stopped
ansible.builtin.service:
name: matrix-bot-matrix-registration-bot
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service"
state: absent
when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
- name: Ensure Matrix matrix-registration-bot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_matrix_registration_bot_base_path }}"
state: absent
- name: Ensure matrix-registration-bot Docker image doesn't exist
docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
state: absent

10
roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_bot_matrix_registration_bot_bot_access_token"
- "matrix_bot_matrix_registration_bot_api_token"

12
roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 Normal file
View File

@ -0,0 +1,12 @@
bot:
server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
api:
# API endpoint of the registration tokens
base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
# Access token of an administrator on the server
token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
logging:
level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}

37
roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 Normal file
View File

@ -0,0 +1,37 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix registration bot
{% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_bot_matrix_registration_bot_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \
--log-driver=none \
--cap-drop=ALL \
-e "CONFIG_PATH=/config/config.yml" \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--read-only \
--mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \
--network={{ matrix_docker_network }} \
{{ matrix_bot_matrix_registration_bot_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-matrix-registration-bot
[Install]
WantedBy=multi-user.target

9
roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
View File

@ -1,11 +1,12 @@
---
# matrix-reminder-bot is a bot for one-off and recurring reminders
# See: https://github.com/anoadragon453/matrix-reminder-bot
# Project source code URL: https://github.com/anoadragon453/matrix-reminder-bot
matrix_bot_matrix_reminder_bot_enabled: true
matrix_bot_matrix_reminder_bot_container_image_self_build: false
matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
matrix_bot_matrix_reminder_bot_version: release-v0.2.1
@ -17,6 +18,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b
matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data"
matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store"
matrix_bot_matrix_reminder_bot_command_prefix: "!"
# A list of extra arguments to pass to the container
matrix_bot_matrix_reminder_bot_container_extra_arguments: []
@ -91,8 +94,8 @@ matrix_bot_matrix_reminder_bot_configuration_extension_yaml: |
# matrix:
# device_name: My-Reminder-Bot
matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml is mapping else {} }}"
matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml | from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_bot_matrix_reminder_bot_configuration_yaml`.
matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml|from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}"
matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml | from_yaml | combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}"

4
roles/matrix-bot-matrix-reminder-bot/tasks/init.yml
View File

@ -1,5 +1,5 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
when: matrix_bot_matrix_reminder_bot_enabled|bool
when: matrix_bot_matrix_reminder_bot_enabled | bool

Some files were not shown because too many files have changed in this diff Show More