one var to control encryption across all bridges (#2629)

* one var to control encryption across all bridges

* move var to matrix-base

docs/configuring-playbook-mautrix-bridges.md

@@ -33,6 +33,13 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
 ```
 
 Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
+
+**for all bridges with encryption support**:
+```yaml
+matrix_bridges_encryption_enabled: true
+```
+
+**Alternatively**, for a specific bridge:
 ```yaml
 matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
   bridge:

roles/custom/matrix-base/defaults/main.yml

@@ -13,6 +13,9 @@ matrix_domain: ~
 # Example value: "@someone:{{ matrix_domain }}"
 matrix_admin: ''
 
+# Global var to enable/disable encryption across all bridges with encryption support
+matrix_bridges_encryption_enabled: false
+
 # matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
 #
 # Unless you're wrapping this playbook in another one

roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml

@@ -120,7 +120,7 @@ matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot
 matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
 
 # End-to-bridge encryption configuration
-matrix_appservice_kakaotalk_bridge_encryption_allow: false
+matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
 
 # Specifies the default log level for all bridge loggers.

roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -83,6 +83,11 @@ matrix_beeper_linkedin_login_shared_secret: ''
 # Specifies the default log level for all bridge loggers.
 matrix_beeper_linkedin_logging_level: WARNING
 
+# Enable End-to-bridge encryption
+matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
+matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
+
 # Default beeper-linkedin configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2

@@ -156,15 +156,15 @@ bridge:
     # application service.
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_beeper_linkedin_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: false
+        default: {{ matrix_beeper_linkedin_bridge_encryption_default|to_json }}
         # Options for automatic key sharing.
         key_sharing:
             # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
             # You must use a client that supports requesting keys from other users to use this feature.
-            allow: false
+            allow: {{ matrix_beeper_linkedin_bridge_encryption_key_sharing_allow|to_json }}
             # Require the requesting device to have a valid cross-signing signature?
             # This doesn't require that the bridge has verified the device, only that the user has verified it.
             # Not yet implemented.

roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml

@@ -86,7 +86,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map:
   "{{ matrix_go_skype_bridge_homeserver_domain :  matrix_go_skype_bridge_homeserver_address }}"
 
 # Enable End-to-bridge encryption
-matrix_go_skype_bridge_bridge_encryption_allow: false
+matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
 
 # Minimum severity of journal log messages.

roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml

@@ -137,7 +137,7 @@ matrix_mautrix_discord_registration_yaml: |
 matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
 
 # Enable End-to-bridge encryption
-matrix_mautrix_discord_bridge_encryption_allow: false
+matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
 matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
 

roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -149,3 +149,8 @@ matrix_mautrix_facebook_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"
+matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -126,15 +126,15 @@ bridge:
     # application service.
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_mautrix_facebook_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: false
+        default: {{ matrix_mautrix_facebook_bridge_encryption_default|to_json }}
         # Options for automatic key sharing.
         key_sharing:
             # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
             # You must use a client that supports requesting keys from other users to use this feature.
-            allow: false
+            allow_key_sharing: {{ matrix_mautrix_facebook_bridge_encryption_key_sharing_allow|to_json }}
             # Require the requesting device to have a valid cross-signing signature?
             # This doesn't require that the bridge has verified the device, only that the user has verified it.
             # Not yet implemented.

roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml

@@ -129,3 +129,7 @@ matrix_mautrix_googlechat_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2

@@ -88,10 +88,10 @@ bridge:
     # application service.
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_mautrix_googlechat_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: false
+        default: {{ matrix_mautrix_googlechat_bridge_encryption_default|to_json }}
 
     # Whether or not created rooms should have federation enabled.
     # If false, created portal rooms will never be federated.

roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -126,3 +126,7 @@ matrix_mautrix_hangouts_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2

@@ -88,10 +88,10 @@ bridge:
     # application service.
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_mautrix_hangouts_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: false
+        default: {{ matrix_mautrix_hangouts_bridge_encryption_default|to_json }}
 
     # Public website and API configs
     web:

roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -129,3 +129,8 @@ matrix_mautrix_instagram_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"
+matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2

@@ -143,15 +143,15 @@ bridge:
   # application service.
   encryption:
     # Allow encryption, work in group chat rooms with e2ee enabled
-    allow: false
+    allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }}
     # Default to encryption, force-enable encryption in all portals the bridge creates
     # This will cause the bridge bot to be in private chats for the encryption to work properly.
-    default: false
+    default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }}
     # Options for automatic key sharing.
     key_sharing:
       # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
       # You must use a client that supports requesting keys from other users to use this feature.
-      allow: false
+      allow: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }}
       # Require the requesting device to have a valid cross-signing signature?
       # This doesn't require that the bridge has verified the device, only that the user has verified it.
       # Not yet implemented.

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -152,7 +152,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml
 
 matrix_mautrix_signal_log_level: 'DEBUG'
 
-matrix_mautrix_signal_bridge_encryption_allow: false
+matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 

roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml

@@ -133,6 +133,6 @@ matrix_mautrix_slack_registration_yaml: |
 matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
 
 # Enable End-to-bridge encryption
-matrix_mautrix_slack_bridge_encryption_allow: false
+matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
 matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -163,6 +163,6 @@ matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
 matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
 
 # Enable End-to-bridge encryption
-matrix_mautrix_telegram_bridge_encryption_allow: false
+matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
 matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -127,3 +127,8 @@ matrix_mautrix_twitter_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
+matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2

@@ -126,15 +126,15 @@ bridge:
     # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_mautrix_twitter_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: false
+        default: {{ matrix_mautrix_twitter_bridge_encryption_default|to_json }}
         # Options for automatic key sharing.
         key_sharing:
             # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
             # You must use a client that supports requesting keys from other users to use this feature.
-            allow: false
+            allow: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow|to_json }}
             # Require the requesting device to have a valid cross-signing signature?
             # This doesn't require that the bridge has verified the device, only that the user has verified it.
             # Not yet implemented.

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -97,7 +97,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
   "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}"
 
 # Enable End-to-bridge encryption
-matrix_mautrix_whatsapp_bridge_encryption_allow: false
+matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
 matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"