diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 78ea2cd2..22b9d454 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -69,6 +69,11 @@ matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_k # We don't enable bridges by default. matrix_appservice_slack_enabled: false +# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-slack over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# matrix-appservice-slack's client-server port to the local host. +matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_slack_slack_port }}' }}" + matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-appservice-token') | to_uuid }}" matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-homeserver-token') | to_uuid }}" diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index ddcabfc4..f305a732 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -21,6 +21,8 @@ matrix_appservice_slack_user_prefix: 'slack_' matrix_appservice_slack_matrix_port: 9004 matrix_appservice_slack_slack_port: 9003 +# Controls whether the appservice-slack container exposes its HTTP port (tcp/9003 in the container). +# # Takes an ":" or "" value (e.g. "127.0.0.1:9999"), or empty string to not expose. matrix_appservice_slack_container_http_host_bind_port: '' diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 078aa9d2..8b3d1f9d 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -19,14 +19,19 @@ ExecStartPre=/bin/sleep 5 ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \ --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_appservice_slack_container_http_host_bind_port %} + -p {{ matrix_appservice_slack_container_http_host_bind_port }}:{{matrix_appservice_slack_slack_port}} \ + {% endif %} -v {{ matrix_appservice_slack_config_path }}:/config:z \ -v {{ matrix_appservice_slack_data_path }}:/data:z \ {% for arg in matrix_appservice_slack_container_extra_arguments %} {{ arg }} \ {% endfor %} {{ matrix_appservice_slack_docker_image }} \ - node app.js -c /config/config.yaml -f /config/slack-registration.yaml -p {{matrix_appservice_slack_matrix_port}} + node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml ExecStop=-/usr/bin/docker kill matrix-appservice-slack ExecStop=-/usr/bin/docker rm matrix-appservice-slack