From 13186a1ddcdee7db05d01ef8d780f105e9aa6a06 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Mon, 29 Jun 2020 15:28:43 +0300 Subject: [PATCH 1/3] Add mx-puppet-twitter Signed-off-by: Tulir Asokan --- README.md | 2 + ...uring-playbook-bridge-mx-puppet-twitter.md | 34 ++++++ group_vars/matrix_servers | 30 +++++ .../defaults/main.yml | 103 ++++++++++++++++++ .../tasks/init.yml | 70 ++++++++++++ .../tasks/main.yml | 21 ++++ .../tasks/setup_install.yml | 93 ++++++++++++++++ .../tasks/setup_uninstall.yml | 24 ++++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 92 ++++++++++++++++ .../matrix-mx-puppet-twitter.service.j2 | 44 ++++++++ setup.yml | 1 + 12 files changed, 524 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-twitter.md create mode 100644 roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 diff --git a/README.md b/README.md index a5ec78d3b..fcee4d2da 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,8 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional) +- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional) + - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) diff --git a/docs/configuring-playbook-bridge-mx-puppet-twitter.md b/docs/configuring-playbook-bridge-mx-puppet-twitter.md new file mode 100644 index 000000000..dd2c9c120 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-twitter.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Twitter (optional) + +The playbook can install and configure +[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Twitter](https://twitter.com) bridge, make an app on [developer.twitter.com](https://developer.twitter.com/en/apps) +and fill out the following playbook configuration. + +```yaml +matrix_mx_puppet_twitter_enabled: true +matrix_mx_puppet_twitter_consumer_key: '' +matrix_mx_puppet_twitter_consumer_secret: '' +matrix_mx_puppet_twitter_access_token: '' +matrix_mx_puppet_twitter_access_token_secret: '' +matrix_mx_puppet_twitter_environment: '' +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Twitter Puppet Bridge` with +the handle `@_twitterpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +To log in, use `link` and click the link. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 85dab4dd2..275601da3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -393,6 +393,36 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov # ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-twitter +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_twitter_enabled: false + +matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_twitter_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" + +matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" + +matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-twitter +# +###################################################################### + ###################################################################### # diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml new file mode 100644 index 000000000..edf15a6d8 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -0,0 +1,103 @@ +# Mx Puppet Twitter is a Matrix <-> Twitter bridge +# See: https://github.com/Sorunome/mx-puppet-twitter + +matrix_mx_puppet_twitter_enabled: true + +matrix_mx_puppet_twitter_container_image_self_build: false + +# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_twitter_container_http_host_bind_port: '' + +matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest" +matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter" +matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config" +matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data" +matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src" + +matrix_mx_puppet_twitter_appservice_port: "8432" + +matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}' + +matrix_mx_puppet_twitter_consumer_key: '' +matrix_mx_puppet_twitter_consumer_secret: '' +matrix_mx_puppet_twitter_access_token: '' +matrix_mx_puppet_twitter_access_token_secret: '' +matrix_mx_puppet_twitter_environment: '' +matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook' +matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_twitter_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_twitter_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_twitter_container_extra_arguments: [] + +# List of systemd services that mx-puppet-twitter.service depends on. +matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service'] + +# List of systemd services that mx-puppet-twitter.service wants +matrix_mx_puppet_twitter_systemd_wanted_services_list: [] + +matrix_mx_puppet_twitter_appservice_token: '' +matrix_mx_puppet_twitter_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_twitter_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_twitter_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`. + +matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`. +matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" + +# The prefix for user IDs and aliases +matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ + +matrix_mx_puppet_twitter_registration_yaml: | + as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}" + id: twitter-puppet + namespaces: + users: + - exclusive: true + regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _twitterpuppet_bot + url: {{ matrix_mx_puppet_twitter_appservice_address }} + +matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml new file mode 100644 index 000000000..8f4aca6c6 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -0,0 +1,70 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}" + when: matrix_mx_puppet_twitter_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} + when: matrix_mx_puppet_twitter_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your plabook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } + + - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_mx_puppet_twitter_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` + URL endpoint to the matrix-mx-puppet-twitter container. + You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml new file mode 100644 index 000000000..af355df36 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml new file mode 100644 index 000000000..4773055d7 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Twitter image is pulled + docker_image: + name: "{{ matrix_mx_puppet_twitter_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" + when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + +- name: Ensure MX Puppet Twitter paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } + when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Twitter repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-twitter.git + dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + +- name: Ensure MX Puppet Twitter Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_twitter_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db" + register: matrix_mx_puppet_twitter_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped + service: + name: matrix-mx-puppet-twitter + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_twitter_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory + command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db" + when: "matrix_mx_puppet_twitter_stat_database.stat.exists" + +- name: Ensure mx-puppet-twitter config.yaml installed + copy: + content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-twitter twitter-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-twitter.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + mode: 0644 + register: matrix_mx_puppet_twitter_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_twitter_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1d663531b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-twitter service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + register: matrix_mx_puppet_twitter_service_stat + +- name: Ensure matrix-mx-puppet-twitter is stopped + service: + name: matrix-mx-puppet-twitter + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-twitter.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + state: absent + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml new file mode 100644 index 000000000..d13a39e1e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_twitter_appservice_token" + - "matrix_mx_puppet_twitter_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 new file mode 100644 index 000000000..7d3033b39 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 @@ -0,0 +1,92 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_twitter_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_twitter_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }} + {% if matrix_mx_puppet_twitter_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }} + {% endif %} + +twitter: + consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}" + consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}" + accessToken: "{{ matrix_mx_puppet_twitter_access_token }}" + accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}" + environment: "{{ matrix_mx_puppet_twitter_environment }}" + server: + url: "{{ matrix_mx_puppet_twitter_webhook_url }}" + path: "{{ matrix_mx_puppet_twitter_webhook_path }}" + +presence: + # Bridge Twitter online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 new file mode 100644 index 000000000..9245f02b2 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -0,0 +1,44 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Twitter server +{% for service in matrix_mx_puppet_twitter_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_mx_puppet_twitter_container_http_host_bind_port %} + -p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \ + {% endif %} + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_twitter_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_twitter_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-twitter + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 4831873e2..056e76de8 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack + - matrix-bridge-mx-puppet-twitter - matrix-bridge-sms - matrix-synapse - matrix-riot-web From 5b960bcfb53d4a83d01ea774b45736885f1d4f18 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Mon, 29 Jun 2020 18:04:40 +0300 Subject: [PATCH 2/3] Make sender_localpart configurable for mx-puppet-twitter --- roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index edf15a6d8..8299fd81f 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -82,6 +82,7 @@ matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configurati # The prefix for user IDs and aliases matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ +matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot matrix_mx_puppet_twitter_registration_yaml: | as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}" @@ -97,7 +98,7 @@ matrix_mx_puppet_twitter_registration_yaml: | regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' protocols: [] rate_limited: false - sender_localpart: _twitterpuppet_bot + sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}" url: {{ matrix_mx_puppet_twitter_appservice_address }} matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" From 9686a0fc5b4271a7a992354ff301481e1a6c8440 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 30 Jun 2020 17:39:19 +0300 Subject: [PATCH 3/3] Expose mx-puppet-twitter port when matrix-nginx-proxy disabled --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index becbdf672..68e5487be 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -417,6 +417,8 @@ matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_ke matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" +matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}" + ###################################################################### # # /matrix-bridge-mx-puppet-twitter