matrix-docker-ansible-deploy/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
Slavi Pantaleev 94c1503a60 Add support for experimental encryption in Hookshot
Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042

commit 49932b8f3c
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:21:31 2023 +0200

    Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml

    Also, this task always does work and side-effects, so it should always report changes
    (`changed_when: true`).

commit 6bdf7a9dcb
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:12:41 2023 +0200

    Add Hookshot validation task to ensure queue settings are set when encryption is enabled

commit 8c531b7971
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:10:17 2023 +0200

    Add missing variables rewiring in group_vars/matrix_servers for Hookshot

commit 7d26dabc2f
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:08:19 2023 +0200

    Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port

commit 74f91138c9
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:06:17 2023 +0200

    Fix syntax for connecting to additional networks for Hookshot

commit ca7b41f3f2
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:05:28 2023 +0200

    Fix indentation and remove unnecessary if-statements

commit ac4a918d58
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:04:44 2023 +0200

    Add missing --network for Hookshot

    This seems to have been removed by accident.

commit 6a81fa208f
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:02:47 2023 +0200

    Make automatic Redis enabling safer, when Hookshot encryption enabled

    If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled.

commit 75a8e0f2a6
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:01:10 2023 +0200

    Fix typo

commit 98ad182eac
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:37:40 2023 +0100

    Add defaults for Hookshot's encryption

commit 29fa9fab15
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:35:11 2023 +0100

    Improve wording of Hookshot's encryption section

commit 4f835e0560
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:28:52 2023 +0100

    use safer mount options for the container's files

commit 8c93327e25
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:26:01 2023 +0100

    fix filename

commit 03a7bb6e77
Merge: e55d7694 06047763
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:23:44 2023 +0100

    Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption

commit 06047763bb
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:15:54 2023 +0100

    Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

    change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host

    Co-authored-by: Slavi Pantaleev <slavi@devture.com>

commit e55d769465
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:13:50 2023 +0100

    clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency

commit 66706e4535
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:08:20 2023 +0100

    Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

    fix for a typo

    Co-authored-by: Slavi Pantaleev <slavi@devture.com>

commit f6aaeb9a16
Merge: e5d34002 869dd33f
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 00:22:34 2023 +0100

    Merge branch 'master' into HarHarLinks/hookshot-encryption

commit e5d34002fd
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 00:09:27 2023 +0100

    Add Jinja loop to allow adding multiple networks

commit 69f947782d
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Thu Dec 14 23:52:41 2023 +0100

    split if statements for the message queue and experimental encryption support into seperate statements

commit 4c13be1c89
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Thu Dec 14 23:31:19 2023 +0100

    change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551)

commit 9905309aa9
Author: HarHarLinks <kim.brose@rwth-aachen.de>
Date:   Wed Nov 1 16:14:04 2023 +0100

    amend docs

commit 94abf2d5bd
Author: HarHarLinks <kim.brose@rwth-aachen.de>
Date:   Wed Nov 1 16:05:22 2023 +0100

    draft encryption support for hookshot
2023-12-16 09:23:35 +02:00

171 lines
6.4 KiB
Django/Jinja

#jinja2: lstrip_blocks: "True"
bridge:
# Basic homeserver configuration
#
domain: {{ matrix_domain }}
url: {{ matrix_hookshot_homeserver_address }}
mediaUrl: {{ matrix_hookshot_homeserver_address }}
port: {{ matrix_hookshot_appservice_port }}
bindAddress: 0.0.0.0
{% if matrix_hookshot_github_enabled %}
github:
# (Optional) Configure this to enable GitHub support
#
auth:
# Authentication for the GitHub App.
#
id: {{ matrix_hookshot_github_auth_id | to_json }}
privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }}
webhook:
# Webhook settings for the GitHub app.
#
secret: {{ matrix_hookshot_github_webhook_secret | to_json }}
{% if matrix_hookshot_github_oauth_enabled %}
oauth:
# (Optional) Settings for allowing users to sign in via OAuth.
#
client_id: {{ matrix_hookshot_github_oauth_client_id | to_json }}
client_secret: {{ matrix_hookshot_github_oauth_client_secret | to_json }}
redirect_uri: {{ matrix_hookshot_github_oauth_redirect_uri | to_json }}
{% endif %}
defaultOptions:
# (Optional) Default options for GitHub connections.
#
ignoreHooks: {{ matrix_hookshot_github_defaultOptions_ignoreHooks | to_json }}
commandPrefix: {{ matrix_hookshot_github_defaultOptions_commandPrefix | to_json }}
showIssueRoomLink: {{ matrix_hookshot_github_defaultOptions_showIssueRoomLink | to_json }}
prDiff: {{ matrix_hookshot_github_defaultOptions_prDiff | to_json }}
includingLabels: {{ matrix_hookshot_github_defaultOptions_includingLabels | to_json }}
excludingLabels: {{ matrix_hookshot_github_defaultOptions_excludingLabels | to_json }}
hotlinkIssues:
prefix: {{ matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix | to_json }}
{% endif %}
{% if matrix_hookshot_gitlab_enabled %}
gitlab:
# (Optional) Configure this to enable GitLab support
#
instances: {{ matrix_hookshot_gitlab_instances | to_json }}
webhook:
secret: {{ matrix_hookshot_gitlab_webhook_secret | to_json }}
{% endif %}
{% if matrix_hookshot_figma_enabled %}
figma:
# (Optional) Configure this to enable Figma support
#
publicUrl: {{ matrix_hookshot_figma_publicUrl | to_json }}
instances: {{ matrix_hookshot_figma_instances | to_json }}
{% endif %}
{% if matrix_hookshot_jira_enabled %}
jira:
# (Optional) Configure this to enable Jira support
#
webhook:
secret: {{ matrix_hookshot_jira_webhook_secret | to_json }}
{% if matrix_hookshot_jira_oauth_enabled %}
oauth:
client_id: {{ matrix_hookshot_jira_oauth_client_id | to_json }}
client_secret: {{ matrix_hookshot_jira_oauth_client_secret | to_json }}
redirect_uri: {{ matrix_hookshot_jira_oauth_redirect_uri | to_json }}
{% endif %}
{% endif %}
{% if matrix_hookshot_generic_enabled %}
generic:
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
#
enabled: {{ matrix_hookshot_generic_enabled | to_json }}
enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}
allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }}
{% endif %}
{% if matrix_hookshot_feeds_enabled %}
feeds:
# (Optional) Configure this to enable RSS/Atom feed support
#
enabled: {{ matrix_hookshot_feeds_enabled | to_json }}
pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
provisioning:
# (Optional) Provisioning API for integration managers
#
secret: {{ matrix_hookshot_provisioning_secret | to_json }}
{% endif %}
passFile:
# A passkey used to encrypt tokens stored inside the bridge.
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
#
/data/passkey.pem
bot:
# (Optional) Define profile information for the bot user
#
displayname: {{ matrix_hookshot_bot_displayname | to_json }}
avatar: {{ matrix_hookshot_bot_avatar | to_json }}
metrics:
# (Optional) Prometheus metrics support
#
enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
{% if matrix_hookshot_queue_host != '' %}
queue:
monolithic: true
port: {{ matrix_hookshot_queue_port }}
host: {{ matrix_hookshot_queue_host | to_json }}
{% endif %}
{% if matrix_hookshot_experimental_encryption_enabled %}
experimentalEncryption:
storagePath: /data/encryption
{% endif %}
logging:
# (Optional) Logging settings. You can have a severity debug,info,warn,error
#
level: {{ matrix_hookshot_logging_level | to_json }}
{% if matrix_hookshot_widgets_enabled %}
widgets:
# (Optional) EXPERIMENTAL support for complimentary widgets
#
addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms | to_json }}
{% if matrix_hookshot_widgets_roomSetupWidget_enabled %}
roomSetupWidget:
addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite | to_json }}
{% endif %}
{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %}
disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges | to_json }}
{% endif %}
publicUrl: {{ matrix_hookshot_widgets_publicUrl | to_json }}
branding:
widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle | to_json }}
{% endif %}
{% if matrix_hookshot_permissions %}
permissions: {{ matrix_hookshot_permissions | to_json }}
{% endif %}
listeners:
# (Optional) HTTP Listener configuration.
# Bind resource endpoints to ports and addresses.
# 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice
#
{# always enabled since all services need it #}
- port: {{ matrix_hookshot_webhook_port }}
bindAddress: 0.0.0.0
resources:
- webhooks
{% if matrix_hookshot_metrics_enabled %}
- port: {{ matrix_hookshot_metrics_port }}
bindAddress: 0.0.0.0
resources:
- metrics
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
- port: {{ matrix_hookshot_provisioning_port }}
bindAddress: 0.0.0.0
resources:
- provisioning
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
- port: {{ matrix_hookshot_widgets_port }}
bindAddress: 0.0.0.0
resources:
- widgets
{% endif %}