From beeb8a793321bc5e95d85a7155b92526b5ecb3f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Dec 2024 12:00:39 +0200 Subject: [PATCH] Remove some "generate" values from various mautrix bridges We do not let bridges update config files, so generation cannot happen. We don't want the bridge to manage the config file anyway. --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 ++ .../matrix-bridge-mautrix-discord/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 2 ++ .../templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 2 ++ .../templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 9 files changed, 13 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index b36cd2dbb..81104c7f4 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -57,6 +57,8 @@ matrix_mautrix_discord_homeserver_token: '' matrix_mautrix_discord_appservice_bot_username: discordbot +matrix_mautrix_discord_provisioning_shared_secret: disable + # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal matrix_mautrix_discord_logging_level: 'warn' diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 index 322bc763a..bed044bcb 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -277,7 +277,7 @@ bridge: prefix: /_matrix/provision # Shared secret for authentication. If set to "generate", a random secret will be generated, # or if set to "disable", the provisioning API will be disabled. - shared_secret: generate + shared_secret: {{ matrix_mautrix_discord_provisioning_shared_secret | to_json }} # Permissions for using the bridge. # Permitted values: diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 0fac573f8..848e86bde 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -156,6 +156,8 @@ matrix_mautrix_meta_instagram_meta_mode: instagram # When in `instagram` mode (see `matrix_mautrix_meta_instagram_meta_mode`), should the bridge connect to WhatsApp servers for encrypted chats? matrix_mautrix_meta_instagram_meta_ig_e2ee: false +matrix_mautrix_meta_instagram_provisioning_shared_secret: disable + # Whether or not metrics endpoint should be enabled. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_meta_instagram_metrics_proxying_enabled`. diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 index 465a861fb..e905b1771 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 @@ -263,7 +263,7 @@ provisioning: prefix: /_matrix/provision # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, # or if set to "disable", the provisioning API will be disabled. - shared_secret: disable + shared_secret: {{ matrix_mautrix_meta_instagram_provisioning_shared_secret | to_json }} # Whether to allow provisioning API requests to be authed using Matrix access tokens. # This follows the same rules as double puppeting to determine which server to contact to check the token, # which means that by default, it only works for users on the same server as the bridge. diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index e7a59c913..ca951a333 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -156,6 +156,8 @@ matrix_mautrix_meta_messenger_meta_mode: messenger # When in `instagram` mode (see `matrix_mautrix_meta_messenger_meta_mode`), should the bridge connect to WhatsApp servers for encrypted chats? matrix_mautrix_meta_messenger_meta_ig_e2ee: false +matrix_mautrix_meta_messenger_provisioning_shared_secret: disable + # Whether or not metrics endpoint should be enabled. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_meta_messenger_metrics_proxying_enabled`. diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 index dbfc69b35..b5f9404b3 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 @@ -263,7 +263,7 @@ provisioning: prefix: /_matrix/provision # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, # or if set to "disable", the provisioning API will be disabled. - shared_secret: disable + shared_secret: {{ matrix_mautrix_meta_messenger_provisioning_shared_secret | to_json }} # Whether to allow provisioning API requests to be authed using Matrix access tokens. # This follows the same rules as double puppeting to determine which server to contact to check the token, # which means that by default, it only works for users on the same server as the bridge. diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 3c5989b44..619dfee86 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -136,6 +136,8 @@ matrix_mautrix_telegram_systemd_wanted_services_list: [] matrix_mautrix_telegram_appservice_token: '' matrix_mautrix_telegram_homeserver_token: '' +matrix_mautrix_telegram_provisioning_shared_secret: disable + # Whether or not metrics endpoint should be enabled. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_telegram_metrics_proxying_enabled`. diff --git a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 5e21b2778..6cbd30130 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -71,7 +71,7 @@ appservice: prefix: /_matrix/provision/v1 # The shared secret to authorize users of the API. # Set to "generate" to generate and save a new token. - shared_secret: generate + shared_secret: {{ matrix_mautrix_telegram_provisioning_shared_secret | to_json }} # The unique ID of this appservice. id: telegram diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index c6224525c..832234832 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -384,7 +384,7 @@ direct_media: allow_proxy: true # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. - server_key: generate + server_key: "" # Settings for backfilling messages. # Note that the exact way settings are applied depends on the network connector.