Marcus Proest
4 years ago
commit
2ca8211184
@ -0,0 +1,38 @@
|
|||||||
|
# Setting up MX Puppet GroupMe (optional)
|
||||||
|
|
||||||
|
The playbook can install and configure
|
||||||
|
[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you.
|
||||||
|
|
||||||
|
See the project page to learn what it does and why it might be useful to you.
|
||||||
|
|
||||||
|
To enable the [GroupMe](https://groupme.com/) bridge just use the following
|
||||||
|
playbook configuration:
|
||||||
|
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_mx_puppet_groupme_enabled: true
|
||||||
|
matrix_mx_puppet_groupme_client_id: ""
|
||||||
|
matrix_mx_puppet_groupme_client_secret: ""
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Once the bot is enabled you need to start a chat with `GroupMe Puppet Bridge` with
|
||||||
|
the handle `@_groupmepuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
|
||||||
|
domain, not the `matrix.` domain).
|
||||||
|
|
||||||
|
One authentication method is available.
|
||||||
|
|
||||||
|
To link your GroupMe account, go to [dev.groupme.com](https://dev.groupme.com/), sign in, and select "Access Token" from the top menu. Copy the token and message the bridge with:
|
||||||
|
|
||||||
|
```
|
||||||
|
link <access token>
|
||||||
|
```
|
||||||
|
|
||||||
|
Once logged in, send `listrooms` to the bot user to list the available rooms.
|
||||||
|
|
||||||
|
Clicking rooms in the list will result in you receiving an invitation to the
|
||||||
|
bridged room.
|
||||||
|
|
||||||
|
Also send `help` to the bot to see the commands available.
|
||||||
@ -0,0 +1,110 @@
|
|||||||
|
# Mx Puppet GroupMe is a Matrix <-> GroupMe bridge
|
||||||
|
# See: https://gitlab.com/robintown/mx-puppet-groupme
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_enabled: true
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_container_image_self_build: false
|
||||||
|
matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme"
|
||||||
|
|
||||||
|
# Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8437"), or empty string to not expose.
|
||||||
|
matrix_mx_puppet_groupme_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:latest"
|
||||||
|
matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'docker.io/' }}"
|
||||||
|
matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme"
|
||||||
|
matrix_mx_puppet_groupme_config_path: "{{ matrix_mx_puppet_groupme_base_path }}/config"
|
||||||
|
matrix_mx_puppet_groupme_data_path: "{{ matrix_mx_puppet_groupme_base_path }}/data"
|
||||||
|
matrix_mx_puppet_groupme_docker_src_files_path: "{{ matrix_mx_puppet_groupme_base_path }}/docker-src"
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_appservice_port: "8437"
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_homeserver_address: 'http://matrix-synapse:8008'
|
||||||
|
matrix_mx_puppet_groupme_homeserver_domain: '{{ matrix_domain }}'
|
||||||
|
matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ matrix_mx_puppet_groupme_appservice_port }}'
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_client_id: ''
|
||||||
|
matrix_mx_puppet_groupme_client_secret: ''
|
||||||
|
|
||||||
|
# "@user:server.com" to allow specific user
|
||||||
|
# "@.*:yourserver.com" to allow users on a specific homeserver
|
||||||
|
# "@.*" to allow anyone
|
||||||
|
matrix_mx_puppet_groupme_provisioning_whitelist:
|
||||||
|
- "@.*:{{ matrix_domain|regex_escape }}"
|
||||||
|
|
||||||
|
# Leave empty to disable blacklist
|
||||||
|
# "@user:server.com" disallow a specific user
|
||||||
|
# "@.*:yourserver.com" disallow users on a specific homeserver
|
||||||
|
matrix_mx_puppet_groupme_provisioning_blacklist: []
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_mx_puppet_groupme_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-puppet-groupme.service depends on.
|
||||||
|
matrix_mx_puppet_groupme_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
# List of systemd services that matrix-puppet-groupme.service wants
|
||||||
|
matrix_mx_puppet_groupme_systemd_wanted_services_list: []
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_appservice_token: ''
|
||||||
|
matrix_mx_puppet_groupme_homeserver_token: ''
|
||||||
|
|
||||||
|
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
|
||||||
|
matrix_mx_puppet_groupme_login_shared_secret: ''
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_database_engine: sqlite
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_sqlite_database_path_local: "{{ matrix_mx_puppet_groupme_data_path }}/database.db"
|
||||||
|
matrix_mx_puppet_groupme_sqlite_database_path_in_container: "/data/database.db"
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_database_username: matrix_mx_puppet_groupme
|
||||||
|
matrix_mx_puppet_groupme_database_password: ~
|
||||||
|
matrix_mx_puppet_groupme_database_hostname: 'matrix-postgres'
|
||||||
|
matrix_mx_puppet_groupme_database_port: 5432
|
||||||
|
matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode=disable'
|
||||||
|
|
||||||
|
# Default configuration template which covers the generic use case.
|
||||||
|
# You can customize it by controlling the various variables inside it.
|
||||||
|
#
|
||||||
|
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_groupme_configuration_extension_yaml`)
|
||||||
|
# or completely replace this variable with your own template.
|
||||||
|
matrix_mx_puppet_groupme_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_configuration_extension_yaml: |
|
||||||
|
# Your custom YAML configuration goes here.
|
||||||
|
# This configuration extends the default starting configuration (`matrix_mx_puppet_groupme_configuration_yaml`).
|
||||||
|
#
|
||||||
|
# You can override individual variables from the default configuration, or introduce new ones.
|
||||||
|
#
|
||||||
|
# If you need something more special, you can take full control by
|
||||||
|
# completely redefining `matrix_mx_puppet_groupme_configuration_yaml`.
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_configuration_extension: "{{ matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml if matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||||
|
|
||||||
|
# Holds the final configuration (a combination of the default and its extension).
|
||||||
|
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_groupme_configuration_yaml`.
|
||||||
|
matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml|from_yaml|combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_registration_yaml: |
|
||||||
|
as_token: "{{ matrix_mx_puppet_groupme_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mx_puppet_groupme_homeserver_token }}"
|
||||||
|
id: groupme-puppet
|
||||||
|
namespaces:
|
||||||
|
users:
|
||||||
|
- exclusive: true
|
||||||
|
regex: '@_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}'
|
||||||
|
rooms: []
|
||||||
|
aliases:
|
||||||
|
- exclusive: true
|
||||||
|
regex: '#_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}'
|
||||||
|
protocols: []
|
||||||
|
rate_limited: false
|
||||||
|
sender_localpart: _groupmepuppet_bot
|
||||||
|
url: {{ matrix_mx_puppet_groupme_appservice_address }}
|
||||||
|
|
||||||
|
matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml|from_yaml }}"
|
||||||
@ -0,0 +1,23 @@
|
|||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}"
|
||||||
|
when: matrix_mx_puppet_groupme_enabled|bool
|
||||||
|
|
||||||
|
# If the matrix-synapse role is not used, these variables may not exist.
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_container_extra_arguments: >
|
||||||
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
+
|
||||||
|
["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
|
||||||
|
|
||||||
|
matrix_synapse_app_service_config_files: >
|
||||||
|
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||||
|
+
|
||||||
|
{{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
|
||||||
|
when: matrix_mx_puppet_groupme_enabled|bool
|
||||||
|
|
||||||
|
# ansible lower than 2.8, does not support docker_image build parameters
|
||||||
|
# for self buildig it is explicitly needed, so we rather fail here
|
||||||
|
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||||
|
fail:
|
||||||
|
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||||
|
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build"
|
||||||
@ -0,0 +1,21 @@
|
|||||||
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-mx-puppet-groupme
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-mx-puppet-groupme
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
when: "run_setup|bool and not matrix_mx_puppet_groupme_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-mx-puppet-groupme
|
||||||
@ -0,0 +1,127 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||||
|
# We don't want to fail in such cases.
|
||||||
|
- name: Fail if matrix-synapse role already executed
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role.
|
||||||
|
when: "matrix_synapse_role_executed|default(False)"
|
||||||
|
|
||||||
|
- name: Ensure MX Puppet Groupme paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- { path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}" }
|
||||||
|
when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool
|
||||||
|
|
||||||
|
- name: Check if an old database file already exists
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_mx_puppet_groupme_base_path }}/database.db"
|
||||||
|
register: matrix_mx_puppet_groupme_stat_database
|
||||||
|
|
||||||
|
- name: (Data relocation) Ensure matrix-mx-puppet-groupme.service is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-mx-puppet-groupme
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
failed_when: false
|
||||||
|
when: "matrix_mx_puppet_groupme_stat_database.stat.exists"
|
||||||
|
|
||||||
|
- name: (Data relocation) Move mx-puppet-groupme database file to ./data directory
|
||||||
|
command: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db"
|
||||||
|
when: "matrix_mx_puppet_groupme_stat_database.stat.exists"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_mx_puppet_groupme_requires_restart: false
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Check if an SQLite database already exists
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
|
||||||
|
register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- set_fact:
|
||||||
|
matrix_postgres_db_migration_request:
|
||||||
|
src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
|
||||||
|
dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
|
||||||
|
caller: "{{ role_path|basename }}"
|
||||||
|
engine_variable_name: 'matrix_mx_puppet_groupme_database_engine'
|
||||||
|
engine_old: 'sqlite'
|
||||||
|
systemd_services_to_stop: ['matrix-mx-puppet-groupme.service']
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_mx_puppet_groupme_requires_restart: true
|
||||||
|
when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists|bool"
|
||||||
|
when: "matrix_mx_puppet_groupme_database_engine == 'postgres'"
|
||||||
|
|
||||||
|
- name: Ensure MX Puppet Groupme image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_mx_puppet_groupme_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}"
|
||||||
|
when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build
|
||||||
|
|
||||||
|
- name: Ensure MX Puppet Groupme repository is present on self build
|
||||||
|
git:
|
||||||
|
repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}"
|
||||||
|
dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}"
|
||||||
|
force: "yes"
|
||||||
|
register: matrix_mx_puppet_groupme_git_pull_results
|
||||||
|
when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build"
|
||||||
|
|
||||||
|
- name: Ensure MX Puppet Groupme Docker image is built
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_mx_puppet_groupme_docker_image }}"
|
||||||
|
source: build
|
||||||
|
force_source: "{{ matrix_mx_puppet_groupme_git_pull_results.changed }}"
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}"
|
||||||
|
pull: yes
|
||||||
|
when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build"
|
||||||
|
|
||||||
|
- name: Ensure mx-puppet-groupme config.yaml installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- name: Ensure mx-puppet-groupme groupme-registration.yaml installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-mx-puppet-groupme.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-groupme.service.j2"
|
||||||
|
dest: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_mx_puppet_groupme_systemd_service_result
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_mx_puppet_groupme_systemd_service_result.changed"
|
||||||
|
|
||||||
|
- name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary
|
||||||
|
service:
|
||||||
|
name: "matrix-mx-puppet-groupme.service"
|
||||||
|
state: restarted
|
||||||
|
when: "matrix_mx_puppet_groupme_requires_restart|bool"
|
||||||
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-mx-puppet-groupme service
|
||||||
|
stat:
|
||||||
|
path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
|
||||||
|
register: matrix_mx_puppet_groupme_service_stat
|
||||||
|
|
||||||
|
- name: Ensure matrix-mx-puppet-groupme is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-mx-puppet-groupme
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-mx-puppet-groupme.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if required settings not defined
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required configuration setting (`{{ item }}`).
|
||||||
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_mx_puppet_groupme_appservice_token"
|
||||||
|
- "matrix_mx_puppet_groupme_homeserver_token"
|
||||||
@ -0,0 +1,86 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Port to host the bridge on
|
||||||
|
# Used for communication between the homeserver and the bridge
|
||||||
|
port: {{ matrix_mx_puppet_groupme_appservice_port }}
|
||||||
|
# The host connections to the bridge's webserver are allowed from
|
||||||
|
bindAddress: 0.0.0.0
|
||||||
|
# Public domain of the homeserver
|
||||||
|
domain: {{ matrix_mx_puppet_groupme_homeserver_domain }}
|
||||||
|
# Reachable URL of the Matrix homeserver
|
||||||
|
homeserverUrl: {{ matrix_mx_puppet_groupme_homeserver_address }}
|
||||||
|
{% if matrix_mx_puppet_groupme_login_shared_secret != '' %}
|
||||||
|
loginSharedSecretMap:
|
||||||
|
{{ matrix_domain }}: {{ matrix_mx_puppet_groupme_login_shared_secret }}
|
||||||
|
{% endif %}
|
||||||
|
# Display name of the bridge bot
|
||||||
|
displayname: GroupMe Puppet Bridge
|
||||||
|
# Optionally specify a different media URL used for the media store
|
||||||
|
#
|
||||||
|
# This is where GroupMe will download user profile pictures and media
|
||||||
|
# from
|
||||||
|
#mediaUrl: https://external-url.org
|
||||||
|
|
||||||
|
presence:
|
||||||
|
# Bridge GroupMe online/offline status
|
||||||
|
enabled: true
|
||||||
|
# How often to send status to the homeserver in milliseconds
|
||||||
|
interval: 5000
|
||||||
|
|
||||||
|
provisioning:
|
||||||
|
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||||
|
whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }}
|
||||||
|
# Allow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Allow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
# Allow anyone
|
||||||
|
#- ".*"
|
||||||
|
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||||
|
#blacklist:
|
||||||
|
# Disallow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Disallow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
relay:
|
||||||
|
# Regex of Matrix IDs who are allowed to use the bridge in relay mode.
|
||||||
|
# Relay mode is when a single GroupMe bot account relays messages of
|
||||||
|
# multiple Matrix users
|
||||||
|
#
|
||||||
|
# Same format as in provisioning
|
||||||
|
whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }}
|
||||||
|
blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
selfService:
|
||||||
|
# Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
|
||||||
|
#
|
||||||
|
# Same format as in provisioning
|
||||||
|
whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }}
|
||||||
|
blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
database:
|
||||||
|
{% if matrix_mx_puppet_groupme_database_engine == 'postgres' %}
|
||||||
|
# Use Postgres as a database backend
|
||||||
|
# If set, will be used instead of SQLite3
|
||||||
|
# Connection string to connect to the Postgres instance
|
||||||
|
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||||
|
# Modify each value as necessary
|
||||||
|
connString: {{ matrix_mx_puppet_groupme_database_connection_string|to_json }}
|
||||||
|
{% else %}
|
||||||
|
# Use SQLite3 as a database backend
|
||||||
|
# The name of the database file
|
||||||
|
filename: {{ matrix_mx_puppet_groupme_sqlite_database_path_in_container|to_json }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
logging:
|
||||||
|
# Log level of console output
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
console: info
|
||||||
|
# Date and time formatting
|
||||||
|
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||||
|
# Logging files
|
||||||
|
# Log files are rotated daily by default
|
||||||
|
files: []
|
||||||
@ -0,0 +1,43 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Mx Puppet Groupme bridge
|
||||||
|
{% for service in matrix_mx_puppet_groupme_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for service in matrix_mx_puppet_groupme_systemd_wanted_services_list %}
|
||||||
|
Wants={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||||
|
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null'
|
||||||
|
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null'
|
||||||
|
|
||||||
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
-e CONFIG_PATH=/config/config.yaml \
|
||||||
|
-e REGISTRATION_PATH=/config/registration.yaml \
|
||||||
|
-v {{ matrix_mx_puppet_groupme_config_path }}:/config:z \
|
||||||
|
-v {{ matrix_mx_puppet_groupme_data_path }}:/data:z \
|
||||||
|
{% for arg in matrix_mx_puppet_groupme_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_mx_puppet_groupme_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null'
|
||||||
|
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null'
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-mx-puppet-groupme
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@ -0,0 +1,70 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
|
||||||
|
{% macro render_vhost_directives() %}
|
||||||
|
root /nginx-data/matrix-domain;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_types text/plain application/json;
|
||||||
|
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
||||||
|
{{- configuration_block }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
location /.well-known/matrix {
|
||||||
|
root {{ matrix_static_files_base_path }};
|
||||||
|
{#
|
||||||
|
A somewhat long expires value is used to prevent outages
|
||||||
|
in case this is unreachable due to network failure.
|
||||||
|
#}
|
||||||
|
expires 4h;
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
{% endmacro %}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
|
|
||||||
|
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_https_enabled %}
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-certbot:8080";
|
||||||
|
proxy_pass http://$backend;
|
||||||
|
{% else %}
|
||||||
|
{# Generic configuration for use outside of our container setup #}
|
||||||
|
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$http_host$request_uri;
|
||||||
|
}
|
||||||
|
{% else %}
|
||||||
|
{{ render_vhost_directives() }}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_https_enabled %}
|
||||||
|
server {
|
||||||
|
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||||
|
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||||
|
|
||||||
|
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/fullchain.pem;
|
||||||
|
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/privkey.pem;
|
||||||
|
|
||||||
|
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||||
|
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
|
||||||
|
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||||
|
{% endif %}
|
||||||
|
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||||
|
|
||||||
|
{{ render_vhost_directives() }}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
@ -0,0 +1,21 @@
|
|||||||
|
matrix_redis_enabled: true
|
||||||
|
|
||||||
|
matrix_redis_connection_password: ""
|
||||||
|
|
||||||
|
matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
|
||||||
|
matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
|
||||||
|
|
||||||
|
matrix_redis_docker_image_v6: "docker.io/redis:6.0.10-alpine"
|
||||||
|
matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
|
||||||
|
matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'
|
||||||
|
|
||||||
|
matrix_redis_docker_image_force_pull: "{{ matrix_redis_docker_image_to_use.endswith(':latest') }}"
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_redis_container_extra_arguments: []
|
||||||
|
|
||||||
|
# Controls whether the matrix-redis container exposes a port (tcp/6379 in the container)
|
||||||
|
# that can be used to access redis from outside the container
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6379"), or empty string to not expose.
|
||||||
|
matrix_redis_container_redis_bind_port: ""
|
||||||
@ -0,0 +1,3 @@
|
|||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}"
|
||||||
|
when: matrix_redis_enabled|bool
|
||||||
@ -0,0 +1,9 @@
|
|||||||
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_redis.yml"
|
||||||
|
when: run_setup|bool
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-redis
|
||||||
@ -0,0 +1,99 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to setting up an internal redis server
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure redis Docker image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_redis_docker_image_to_use }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}"
|
||||||
|
when: matrix_redis_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure redis paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0700
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ matrix_redis_base_path }}"
|
||||||
|
- "{{ matrix_redis_data_path }}"
|
||||||
|
when: matrix_redis_enabled|bool
|
||||||
|
|
||||||
|
# We do this as a separate task, because:
|
||||||
|
# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is)
|
||||||
|
# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true
|
||||||
|
- name: Ensure redis data path ownership is correct
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_redis_data_path }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
recurse: yes
|
||||||
|
when: matrix_redis_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure redis environment variables file created
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/{{ item }}.j2"
|
||||||
|
dest: "{{ matrix_redis_base_path }}/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- "redis.conf"
|
||||||
|
when: matrix_redis_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure matrix-redis.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/matrix-redis.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_redis_systemd_service_result
|
||||||
|
when: matrix_redis_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-redis.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_redis_enabled|bool and matrix_redis_systemd_service_result.changed"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to getting rid of the internal redis server (if it was previously enabled)
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Check existence of matrix-redis service
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-redis.service"
|
||||||
|
register: matrix_redis_service_stat
|
||||||
|
when: "not matrix_redis_enabled|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-redis is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-redis
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-redis.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-redis.service"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-redis.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Check existence of matrix-redis local data path
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_redis_data_path }}"
|
||||||
|
register: matrix_redis_data_path_stat
|
||||||
|
when: "not matrix_redis_enabled|bool"
|
||||||
|
|
||||||
|
# We just want to notify the user. Deleting data is too destructive.
|
||||||
|
- name: Notify if matrix-redis local data remains
|
||||||
|
debug:
|
||||||
|
msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it."
|
||||||
|
when: "not matrix_redis_enabled|bool and matrix_redis_data_path_stat.stat.exists"
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
{% if matrix_redis_connection_password %}
|
||||||
|
requirepass {{ matrix_redis_connection_password }}
|
||||||
|
{% endif %}
|
||||||
@ -0,0 +1,36 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Redis server
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-/usr/bin/docker stop matrix-redis
|
||||||
|
ExecStartPre=-/usr/bin/docker rm matrix-redis
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name matrix-redis \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--read-only \
|
||||||
|
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_redis_container_redis_bind_port %}
|
||||||
|
-p {{ matrix_redis_container_redis_bind_port }}:6379 \
|
||||||
|
{% endif %}
|
||||||
|
-v {{ matrix_redis_base_path }}/redis.conf:/usr/local/etc/redis/redis.conf \
|
||||||
|
{% for arg in matrix_redis_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_redis_docker_image_to_use }} \
|
||||||
|
redis-server /usr/local/etc/redis/redis.conf
|
||||||
|
|
||||||
|
ExecStop=-/usr/bin/docker stop matrix-redis
|
||||||
|
ExecStop=-/usr/bin/docker rm matrix-redis
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-redis
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@ -0,0 +1,146 @@
|
|||||||
|
#!/usr/bin/awk
|
||||||
|
# Hackish approach to get a machine-readable list of current matrix
|
||||||
|
# synapse REST API endpoints from the official documentation at
|
||||||
|
# https://github.com/matrix-org/synapse/raw/master/docs/workers.md
|
||||||
|
#
|
||||||
|
# invoke in shell with:
|
||||||
|
# URL=https://github.com/matrix-org/synapse/raw/master/docs/workers.md
|
||||||
|
# curl -L ${URL} | awk -f workers-doc-to-yaml.awk -
|
||||||
|
|
||||||
|
function worker_stanza_append(string) {
|
||||||
|
worker_stanza = worker_stanza string
|
||||||
|
}
|
||||||
|
|
||||||
|
function line_is_endpoint_url(line) {
|
||||||
|
# probably API endpoint if it starts with white-space and ^ or /
|
||||||
|
return (line ~ /^ +[\^\/].*\//)
|
||||||
|
}
|
||||||
|
|
||||||
|
# Put YAML marker at beginning of file.
|
||||||
|
BEGIN {
|
||||||
|
print "---"
|
||||||
|
endpoint_conditional_comment = " # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Enable further processing after the introductory text.
|
||||||
|
# Read each synapse worker section as record and its lines as fields.
|
||||||
|
/Available worker applications/ {
|
||||||
|
enable_parsing = 1
|
||||||
|
# set record separator to markdown section header
|
||||||
|
RS = "\n### "
|
||||||
|
# set field separator to newline
|
||||||
|
FS = "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Once parsing is active, this will process each section as record.
|
||||||
|
enable_parsing {
|
||||||
|
# Each worker section starts with a synapse.app.X headline
|
||||||
|
if ($1 ~ /synapse\.app\./) {
|
||||||
|
|
||||||
|
# get rid of the backticks and extract worker type from headline
|
||||||
|
gsub("`", "", $1)
|
||||||
|
gsub("synapse.app.", "", $1)
|
||||||
|
worker_type = $1
|
||||||
|
|
||||||
|
# initialize empty worker stanza
|
||||||
|
worker_stanza = ""
|
||||||
|
|
||||||
|
# track if any endpoints are mentioned in a specific section
|
||||||
|
worker_has_urls = 0
|
||||||
|
|
||||||
|
# some endpoint descriptions contain flag terms
|
||||||
|
endpoints_seem_conditional = 0
|
||||||
|
|
||||||
|
# also, collect a list of available workers
|
||||||
|
workers = (workers ? workers "\n" : "") " - " worker_type
|
||||||
|
|
||||||
|
# loop through the lines (2 - number of fields in record)
|
||||||
|
for (i = 2; i < NF + 1; i++) {
|
||||||
|
# copy line for gsub replacements
|
||||||
|
line = $i
|
||||||
|
|
||||||
|
# end all lines but the last with a linefeed
|
||||||
|
linefeed = (i < NF - 1) ? "\n" : ""
|
||||||
|
|
||||||
|
# line starts with white-space and a hash: endpoint block headline
|
||||||
|
if (line ~ /^ +#/) {
|
||||||
|
|
||||||
|
# copy to output verbatim, normalizing white-space
|
||||||
|
gsub(/^ +/, "", line)
|
||||||
|
worker_stanza_append(" " line linefeed)
|
||||||
|
|
||||||
|
} else if (line_is_endpoint_url(line)) {
|
||||||
|
|
||||||
|
# mark section for special output formatting
|
||||||
|
worker_has_urls = 1
|
||||||
|
|
||||||
|
# remove leading white-space
|
||||||
|
gsub(/^ +/, "", line)
|
||||||
|
api_endpoint_regex = line
|
||||||
|
|
||||||
|
# FIXME: https://github.com/matrix-org/synapse/issues/new
|
||||||
|
# munge inconsistent media_repository endpoint notation
|
||||||
|
if (api_endpoint_regex == "/_matrix/media/") {
|
||||||
|
api_endpoint_regex = "^" line
|
||||||
|
}
|
||||||
|
|
||||||
|
# FIXME: https://github.com/matrix-org/synapse/issues/7530
|
||||||
|
# https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456#issuecomment-719015911
|
||||||
|
if (api_endpoint_regex == "^/_matrix/client/(r0|unstable)/auth/.*/fallback/web$") {
|
||||||
|
worker_stanza_append(" # FIXME: possible bug with SSO and multiple generic workers\n")
|
||||||
|
worker_stanza_append(" # see https://github.com/matrix-org/synapse/issues/7530\n")
|
||||||
|
worker_stanza_append(" # " api_endpoint_regex linefeed)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
# disable endpoints which specify complications
|
||||||
|
if (endpoints_seem_conditional) {
|
||||||
|
# only add notice if previous line didn't match
|
||||||
|
if (!line_is_endpoint_url($(i - 1))) {
|
||||||
|
worker_stanza_append(endpoint_conditional_comment)
|
||||||
|
}
|
||||||
|
worker_stanza_append(" # " api_endpoint_regex linefeed)
|
||||||
|
} else {
|
||||||
|
# output endpoint regex
|
||||||
|
worker_stanza_append(" - " api_endpoint_regex linefeed)
|
||||||
|
}
|
||||||
|
|
||||||
|
# white-space only line?
|
||||||
|
} else if (line ~ /^ *$/) {
|
||||||
|
|
||||||
|
if (i > 3 && i < NF) {
|
||||||
|
# print white-space lines unless 1st or last line in section
|
||||||
|
worker_stanza_append(line linefeed)
|
||||||
|
}
|
||||||
|
|
||||||
|
# nothing of the above: the line is regular documentation text
|
||||||
|
} else {
|
||||||
|
|
||||||
|
# include this text line as comment
|
||||||
|
worker_stanza_append(" # " line linefeed)
|
||||||
|
|
||||||
|
# and take note of words hinting at additional conditions to be met
|
||||||
|
if (line ~ /(^| )[Ii]f |(^| )[Ff]or /) {
|
||||||
|
endpoints_seem_conditional = 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (worker_has_urls) {
|
||||||
|
print "\nmatrix_synapse_workers_" worker_type "_endpoints:"
|
||||||
|
print worker_stanza
|
||||||
|
} else {
|
||||||
|
# include workers without endpoints as well for reference
|
||||||
|
print "\n# " worker_type " worker (no API endpoints) ["
|
||||||
|
print worker_stanza
|
||||||
|
print "# ]"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
END {
|
||||||
|
print "\nmatrix_synapse_workers_avail_list:"
|
||||||
|
print workers | "sort"
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim: tabstop=4 shiftwidth=4 expandtab autoindent
|
||||||
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Fetch the synapse worker documentation and extract endpoint URLs
|
||||||
|
# matrix-org/synapse master branch points to current stable release
|
||||||
|
|
||||||
|
URL=https://github.com/matrix-org/synapse/raw/master/docs/workers.md
|
||||||
|
curl -L ${URL} | awk -f workers-doc-to-yaml.awk > ../vars/workers.yml
|
||||||
@ -0,0 +1,86 @@
|
|||||||
|
# Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`.
|
||||||
|
#
|
||||||
|
# set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason),
|
||||||
|
# so we're forced to do something much uglier.
|
||||||
|
|
||||||
|
- name: Build generic workers
|
||||||
|
set_fact:
|
||||||
|
worker:
|
||||||
|
type: 'generic_worker'
|
||||||
|
instanceId: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}"
|
||||||
|
port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}"
|
||||||
|
metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}"
|
||||||
|
register: "matrix_synapse_workers_list_results_generic_workers"
|
||||||
|
loop: "{{ range(0, matrix_synapse_workers_generic_workers_count|int)|list }}"
|
||||||
|
|
||||||
|
- name: Build federation sender workers
|
||||||
|
set_fact:
|
||||||
|
worker:
|
||||||
|
type: 'federation_sender'
|
||||||
|
instanceId: "{{ item }}"
|
||||||
|
port: 0
|
||||||
|
metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}"
|
||||||
|
register: "matrix_synapse_workers_list_results_federation_sender_workers"
|
||||||
|
loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list }}"
|
||||||
|
|
||||||
|
# This type of worker can only have a count of 1, at most
|
||||||
|
- name: Build pusher workers
|
||||||
|
set_fact:
|
||||||
|
worker:
|
||||||
|
type: 'pusher'
|
||||||
|
instanceId: "{{ item }}"
|
||||||
|
port: 0
|
||||||
|
metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}"
|
||||||
|
register: "matrix_synapse_workers_list_results_pusher_workers"
|
||||||
|
loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count|int)|list }}"
|
||||||
|
|
||||||
|
# This type of worker can only have a count of 1, at most
|
||||||
|
- name: Build appservice workers
|
||||||
|
set_fact:
|
||||||
|
worker:
|
||||||
|
type: 'appservice'
|
||||||
|
instanceId: "{{ item }}"
|
||||||
|
port: 0
|
||||||
|
metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}"
|
||||||
|
register: "matrix_synapse_workers_list_results_appservice_workers"
|
||||||
|
loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count|int)|list }}"
|
||||||
|
|
||||||
|
- name: Build media_repository workers
|
||||||
|
set_fact:
|
||||||
|
worker:
|
||||||
|
type: 'media_repository'
|
||||||
|
instanceId: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}"
|
||||||
|
port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}"
|
||||||
|
metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}"
|
||||||
|
register: "matrix_synapse_workers_list_results_media_repository_workers"
|
||||||
|
loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count|int)|list }}"
|
||||||
|
|
||||||
|
- name: Build frontend_proxy workers
|
||||||
|
set_fact:
|
||||||
|
worker:
|
||||||
|
type: 'frontend_proxy'
|
||||||
|
instanceId: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}"
|
||||||
|
port: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}"
|
||||||
|
metrics_port: "{{ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start + item }}"
|
||||||
|
register: "matrix_synapse_workers_list_results_frontend_proxy_workers"
|
||||||
|
loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count|int)|list }}"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list|default([]) + [item.ansible_facts.worker] }}"
|
||||||
|
with_items: |
|
||||||
|
{{
|
||||||
|
matrix_synapse_workers_list_results_generic_workers.results
|
||||||
|
+
|
||||||
|
matrix_synapse_workers_list_results_federation_sender_workers.results
|
||||||
|
+
|
||||||
|
matrix_synapse_workers_list_results_pusher_workers.results
|
||||||
|
+
|
||||||
|
matrix_synapse_workers_list_results_appservice_workers.results
|
||||||
|
+
|
||||||
|
matrix_synapse_workers_list_results_media_repository_workers.results
|
||||||
|
+
|
||||||
|
matrix_synapse_workers_list_results_frontend_proxy_workers.results
|
||||||
|
}}
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}"
|
||||||
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# A previous version of the worker setup used this.
|
||||||
|
# This is a temporary cleanup for people who ran that version.
|
||||||
|
- name: Ensure old matrix-synapse.service.wants directory is gone
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-synapse.service.wants"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
# Same. This was part of a previous version of the worker setup.
|
||||||
|
# No longer necessary.
|
||||||
|
- name: Ensure matrix-synapse-worker-write-pid script is removed
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml"
|
||||||
|
when: "matrix_synapse_enabled|bool and matrix_synapse_workers_enabled|bool"
|
||||||
|
|
||||||
|
- include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml"
|
||||||
|
when: "not matrix_synapse_workers_enabled|bool"
|
||||||
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Determine current worker configs
|
||||||
|
find:
|
||||||
|
path: "{{ matrix_synapse_config_dir_path }}"
|
||||||
|
patterns: "worker.*.yaml"
|
||||||
|
use_regex: true
|
||||||
|
register: matrix_synapse_workers_current_config_files
|
||||||
|
|
||||||
|
# This also deletes some things which we need. They will be recreated below.
|
||||||
|
- name: Ensure previous worker configs are cleaned
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ matrix_synapse_workers_current_config_files.files }}"
|
||||||
|
|
||||||
|
- name: Determine current worker systemd services
|
||||||
|
find:
|
||||||
|
path: "{{ matrix_systemd_path }}"
|
||||||
|
patterns: "matrix-synapse-worker.*.service"
|
||||||
|
use_regex: true
|
||||||
|
register: matrix_synapse_workers_current_systemd_services
|
||||||
|
|
||||||
|
- name: Ensure unnecessary worker systemd services are stopped and disabled
|
||||||
|
service:
|
||||||
|
name: "{{ item.path|basename }}"
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
|
||||||
|
when: "not ansible_check_mode and item.path|basename not in matrix_systemd_services_list"
|
||||||
|
|
||||||
|
- name: Ensure unnecessary worker systemd services are cleaned
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
|
||||||
|
|
||||||
|
- name: Ensure creation of worker systemd service files and configuration files
|
||||||
|
include_tasks: "{{ role_path }}/tasks/synapse/workers/util/setup_files_for_worker.yml"
|
||||||
|
with_items: "{{ matrix_synapse_workers_enabled_list }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: matrix_synapse_worker_details
|
||||||
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Populate service facts
|
||||||
|
service_facts:
|
||||||
|
|
||||||
|
- name: Ensure any worker services are stopped
|
||||||
|
service:
|
||||||
|
name: "{{ item.key }}"
|
||||||
|
state: stopped
|
||||||
|
with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}"
|
||||||
|
|
||||||
|
- name: Find worker configs to be cleaned
|
||||||
|
find:
|
||||||
|
path: "{{ matrix_synapse_config_dir_path }}"
|
||||||
|
patterns: "worker.*.yaml"
|
||||||
|
use_regex: true
|
||||||
|
register: matrix_synapse_workers_current_config_files
|
||||||
|
|
||||||
|
- name: Ensure previous worker configs are cleaned
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ matrix_synapse_workers_current_config_files.files }}"
|
||||||
|
|
||||||
|
- name: Find worker systemd services to be cleaned
|
||||||
|
find:
|
||||||
|
path: "{{ matrix_systemd_path }}"
|
||||||
|
patterns: "matrix-synapse-worker.*.service"
|
||||||
|
use_regex: true
|
||||||
|
register: matrix_synapse_workers_current_systemd_services
|
||||||
|
|
||||||
|
- name: Ensure previous worker systemd services are cleaned
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
|
||||||
@ -0,0 +1,18 @@
|
|||||||
|
# The tasks below run before `validate_config.yml`.
|
||||||
|
# To avoid failing with a cryptic error message, we'll do validation here.
|
||||||
|
#
|
||||||
|
# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list`
|
||||||
|
# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456).
|
||||||
|
#
|
||||||
|
# In the future, it should be possible to remove this check.
|
||||||
|
# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right.
|
||||||
|
- name: Fail if instanceId not defined for worker
|
||||||
|
fail:
|
||||||
|
msg: "Synapse workers (like {{ matrix_synapse_worker_details|to_json }}) need to define an instanceId property (type + instanceId must be unique)"
|
||||||
|
when: "'instanceId' not in matrix_synapse_worker_details"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}.service"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_systemd_service_name] }}"
|
||||||
@ -0,0 +1,19 @@
|
|||||||
|
- set_fact:
|
||||||
|
matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_systemd_service_name }}"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.type }}_{{ matrix_synapse_worker_details.instanceId }}.yaml"
|
||||||
|
|
||||||
|
- name: Ensure configuration exists for {{ matrix_synapse_worker_systemd_service_name }}
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/synapse/worker.yaml.j2"
|
||||||
|
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}"
|
||||||
|
|
||||||
|
- name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }}
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse-worker.service.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service"
|
||||||
|
mode: 0644
|
||||||
@ -0,0 +1,45 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
worker_app: synapse.app.{{ matrix_synapse_worker_details.type }}
|
||||||
|
worker_name: {{ matrix_synapse_worker_details.type ~ ':' ~ matrix_synapse_worker_details.port }}
|
||||||
|
|
||||||
|
{% if matrix_synapse_replication_listener_enabled %}
|
||||||
|
worker_replication_host: matrix-synapse
|
||||||
|
worker_replication_http_port: {{ matrix_synapse_replication_http_port }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% set has_listeners = (matrix_synapse_worker_details.type not in [ 'appservice', 'federation_sender', 'pusher' ] or matrix_synapse_metrics_enabled) %}
|
||||||
|
|
||||||
|
{% set http_resources = [] %}
|
||||||
|
|
||||||
|
{% if matrix_synapse_worker_details.type in ['generic_worker', 'frontend_proxy', 'user_dir'] %}
|
||||||
|
{% set http_resources = http_resources + ['client'] %}
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_synapse_worker_details.type in ['generic_worker'] %}
|
||||||
|
{% set http_resources = http_resources+ ['federation'] %}
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_synapse_worker_details.type in ['media_repository'] %}
|
||||||
|
{% set http_resources = http_resources + ['media'] %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if http_resources|length > 0 or matrix_synapse_metrics_enabled %}
|
||||||
|
worker_listeners:
|
||||||
|
{% if http_resources|length > 0 %}
|
||||||
|
- type: http
|
||||||
|
bind_addresses: ['::']
|
||||||
|
port: {{ matrix_synapse_worker_details.port }}
|
||||||
|
resources:
|
||||||
|
- names: {{ http_resources|to_json }}
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_synapse_metrics_enabled %}
|
||||||
|
- type: metrics
|
||||||
|
bind_addresses: ['0.0.0.0']
|
||||||
|
port: {{ matrix_synapse_worker_details.metrics_port }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if matrix_synapse_worker_details.type == 'frontend_proxy' %}
|
||||||
|
worker_main_http_uri: http://matrix-synapse:8008
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
worker_daemonize: false
|
||||||
|
worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config
|
||||||
@ -0,0 +1,313 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
matrix_synapse_workers_generic_worker_endpoints:
|
||||||
|
# This worker can handle API requests matching the following regular
|
||||||
|
# expressions:
|
||||||
|
|
||||||
|
# Sync requests
|
||||||
|
- ^/_matrix/client/(v2_alpha|r0)/sync$
|
||||||
|
- ^/_matrix/client/(api/v1|v2_alpha|r0)/events$
|
||||||
|
- ^/_matrix/client/(api/v1|r0)/initialSync$
|
||||||
|
- ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$
|
||||||
|
|
||||||
|
# Federation requests
|
||||||
|
- ^/_matrix/federation/v1/event/
|
||||||
|
- ^/_matrix/federation/v1/state/
|
||||||
|
- ^/_matrix/federation/v1/state_ids/
|
||||||
|
- ^/_matrix/federation/v1/backfill/
|
||||||
|
- ^/_matrix/federation/v1/get_missing_events/
|
||||||
|
- ^/_matrix/federation/v1/publicRooms
|
||||||
|
- ^/_matrix/federation/v1/query/
|
||||||
|
- ^/_matrix/federation/v1/make_join/
|
||||||
|
- ^/_matrix/federation/v1/make_leave/
|
||||||
|
- ^/_matrix/federation/v1/send_join/
|
||||||
|
- ^/_matrix/federation/v2/send_join/
|
||||||
|
- ^/_matrix/federation/v1/send_leave/
|
||||||
|
- ^/_matrix/federation/v2/send_leave/
|
||||||
|
- ^/_matrix/federation/v1/invite/
|
||||||
|
- ^/_matrix/federation/v2/invite/
|
||||||
|
- ^/_matrix/federation/v1/query_auth/
|
||||||
|
- ^/_matrix/federation/v1/event_auth/
|
||||||
|
- ^/_matrix/federation/v1/exchange_third_party_invite/
|
||||||
|
- ^/_matrix/federation/v1/user/devices/
|
||||||
|
- ^/_matrix/federation/v1/get_groups_publicised$
|
||||||
|
- ^/_matrix/key/v2/query
|
||||||
|
|
||||||
|
# Inbound federation transaction request
|
||||||
|
- ^/_matrix/federation/v1/send/
|
||||||
|
|
||||||
|
# Client API requests
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/devices$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/keys/query$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/keys/changes$
|
||||||
|
- ^/_matrix/client/versions$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
||||||
|
|
||||||
|
# Registration/login requests
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/login$
|
||||||
|
- ^/_matrix/client/(r0|unstable)/register$
|
||||||
|
# FIXME: possible bug with SSO and multiple generic workers
|
||||||
|
# see https://github.com/matrix-org/synapse/issues/7530
|
||||||
|
# ^/_matrix/client/(r0|unstable)/auth/.*/fallback/web$
|
||||||
|
|
||||||
|
# Event sending requests
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/join/
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/profile/
|
||||||
|
|
||||||
|
|
||||||
|
# Additionally, the following REST endpoints can be handled for GET requests:
|
||||||
|
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_matrix/federation/v1/groups/
|
||||||
|
|
||||||
|
# Pagination requests can also be handled, but all requests for a given
|
||||||
|
# room must be routed to the same instance. Additionally, care must be taken to
|
||||||
|
# ensure that the purge history admin API is not used while pagination requests
|
||||||
|
# for the room are in flight:
|
||||||
|
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/messages$
|
||||||
|
|
||||||
|
# Additionally, the following endpoints should be included if Synapse is configured
|
||||||
|
# to use SSO (you only need to include the ones for whichever SSO provider you're
|
||||||
|
# using):
|
||||||
|
|
||||||
|
# for all SSO providers
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect
|
||||||
|
# ^/_synapse/client/pick_idp$
|
||||||
|
# ^/_synapse/client/pick_username
|
||||||
|
# ^/_synapse/client/new_user_consent$
|
||||||
|
# ^/_synapse/client/sso_register$
|
||||||
|
|
||||||
|
# OpenID Connect requests.
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_synapse/client/oidc/callback$
|
||||||
|
|
||||||
|
# SAML requests.
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_synapse/client/saml2/authn_response$
|
||||||
|
|
||||||
|
# CAS requests.
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_matrix/client/(api/v1|r0|unstable)/login/cas/ticket$
|
||||||
|
|
||||||
|
# Ensure that all SSO logins go to a single process.
|
||||||
|
# For multiple workers not handling the SSO endpoints properly, see
|
||||||
|
# [#7530](https://github.com/matrix-org/synapse/issues/7530).
|
||||||
|
|
||||||
|
# Note that a HTTP listener with `client` and `federation` resources must be
|
||||||
|
# configured in the `worker_listeners` option in the worker config.
|
||||||
|
|
||||||
|
# #### Load balancing
|
||||||
|
|
||||||
|
# It is possible to run multiple instances of this worker app, with incoming requests
|
||||||
|
# being load-balanced between them by the reverse-proxy. However, different endpoints
|
||||||
|
# have different characteristics and so admins
|
||||||
|
# may wish to run multiple groups of workers handling different endpoints so that
|
||||||
|
# load balancing can be done in different ways.
|
||||||
|
|
||||||
|
# For `/sync` and `/initialSync` requests it will be more efficient if all
|
||||||
|
# requests from a particular user are routed to a single instance. Extracting a
|
||||||
|
# user ID from the access token or `Authorization` header is currently left as an
|
||||||
|
# exercise for the reader. Admins may additionally wish to separate out `/sync`
|
||||||
|
# requests that have a `since` query parameter from those that don't (and
|
||||||
|
# `/initialSync`), as requests that don't are known as "initial sync" that happens
|
||||||
|
# when a user logs in on a new device and can be *very* resource intensive, so
|
||||||
|
# isolating these requests will stop them from interfering with other users ongoing
|
||||||
|
# syncs.
|
||||||
|
|
||||||
|
# Federation and client requests can be balanced via simple round robin.
|
||||||
|
|
||||||
|
# The inbound federation transaction request `^/_matrix/federation/v1/send/`
|
||||||
|
# should be balanced by source IP so that transactions from the same remote server
|
||||||
|
# go to the same process.
|
||||||
|
|
||||||
|
# Registration/login requests can be handled separately purely to help ensure that
|
||||||
|
# unexpected load doesn't affect new logins and sign ups.
|
||||||
|
|
||||||
|
# Finally, event sending requests can be balanced by the room ID in the URI (or
|
||||||
|
# the full URI, or even just round robin), the room ID is the path component after
|
||||||
|
# `/rooms/`. If there is a large bridge connected that is sending or may send lots
|
||||||
|
# of events, then a dedicated set of workers can be provisioned to limit the
|
||||||
|
# effects of bursts of events from that bridge on events sent by normal users.
|
||||||
|
|
||||||
|
# #### Stream writers
|
||||||
|
|
||||||
|
# Additionally, there is *experimental* support for moving writing of specific
|
||||||
|
# streams (such as events) off of the main process to a particular worker. (This
|
||||||
|
# is only supported with Redis-based replication.)
|
||||||
|
|
||||||
|
# Currently supported streams are `events` and `typing`.
|
||||||
|
|
||||||
|
# To enable this, the worker must have a HTTP replication listener configured,
|
||||||
|
# have a `worker_name` and be listed in the `instance_map` config. For example to
|
||||||
|
# move event persistence off to a dedicated worker, the shared configuration would
|
||||||
|
# include:
|
||||||
|
|
||||||
|
# ```yaml
|
||||||
|
# instance_map:
|
||||||
|
# event_persister1:
|
||||||
|
# host: localhost
|
||||||
|
# port: 8034
|
||||||
|
|
||||||
|
# stream_writers:
|
||||||
|
# events: event_persister1
|
||||||
|
# ```
|
||||||
|
|
||||||
|
# The `events` stream also experimentally supports having multiple writers, where
|
||||||
|
# work is sharded between them by room ID. Note that you *must* restart all worker
|
||||||
|
# instances when adding or removing event persisters. An example `stream_writers`
|
||||||
|
# configuration with multiple writers:
|
||||||
|
|
||||||
|
# ```yaml
|
||||||
|
# stream_writers:
|
||||||
|
# events:
|
||||||
|
# - event_persister1
|
||||||
|
# - event_persister2
|
||||||
|
# ```
|
||||||
|
|
||||||
|
# #### Background tasks
|
||||||
|
|
||||||
|
# There is also *experimental* support for moving background tasks to a separate
|
||||||
|
# worker. Background tasks are run periodically or started via replication. Exactly
|
||||||
|
# which tasks are configured to run depends on your Synapse configuration (e.g. if
|
||||||
|
# stats is enabled).
|
||||||
|
|
||||||
|
# To enable this, the worker must have a `worker_name` and can be configured to run
|
||||||
|
# background tasks. For example, to move background tasks to a dedicated worker,
|
||||||
|
# the shared configuration would include:
|
||||||
|
|
||||||
|
# ```yaml
|
||||||
|
# run_background_tasks_on: background_worker
|
||||||
|
# ```
|
||||||
|
|
||||||
|
# You might also wish to investigate the `update_user_directory` and
|
||||||
|
# `media_instance_running_background_jobs` settings.
|
||||||
|
|
||||||
|
# pusher worker (no API endpoints) [
|
||||||
|
# Handles sending push notifications to sygnal and email. Doesn't handle any
|
||||||
|
# REST endpoints itself, but you should set `start_pushers: False` in the
|
||||||
|
# shared configuration file to stop the main synapse sending push notifications.
|
||||||
|
|
||||||
|
# Note this worker cannot be load-balanced: only one instance should be active.
|
||||||
|
# ]
|
||||||
|
|
||||||
|
# appservice worker (no API endpoints) [
|
||||||
|
# Handles sending output traffic to Application Services. Doesn't handle any
|
||||||
|
# REST endpoints itself, but you should set `notify_appservices: False` in the
|
||||||
|
# shared configuration file to stop the main synapse sending appservice notifications.
|
||||||
|
|
||||||
|
# Note this worker cannot be load-balanced: only one instance should be active.
|
||||||
|
|
||||||
|
# ]
|
||||||
|
|
||||||
|
# federation_sender worker (no API endpoints) [
|
||||||
|
# Handles sending federation traffic to other servers. Doesn't handle any
|
||||||
|
# REST endpoints itself, but you should set `send_federation: False` in the
|
||||||
|
# shared configuration file to stop the main synapse sending this traffic.
|
||||||
|
|
||||||
|
# If running multiple federation senders then you must list each
|
||||||
|
# instance in the `federation_sender_instances` option by their `worker_name`.
|
||||||
|
# All instances must be stopped and started when adding or removing instances.
|
||||||
|
# For example:
|
||||||
|
|
||||||
|
# ```yaml
|
||||||
|
# federation_sender_instances:
|
||||||
|
# - federation_sender1
|
||||||
|
# - federation_sender2
|
||||||
|
# ```
|
||||||
|
# ]
|
||||||
|
|
||||||
|
matrix_synapse_workers_media_repository_endpoints:
|
||||||
|
# Handles the media repository. It can handle all endpoints starting with:
|
||||||
|
|
||||||
|
- ^/_matrix/media/
|
||||||
|
|
||||||
|
# ... and the following regular expressions matching media-specific administration APIs:
|
||||||
|
|
||||||
|
- ^/_synapse/admin/v1/purge_media_cache$
|
||||||
|
- ^/_synapse/admin/v1/room/.*/media.*$
|
||||||
|
- ^/_synapse/admin/v1/user/.*/media.*$
|
||||||
|
- ^/_synapse/admin/v1/media/.*$
|
||||||
|
- ^/_synapse/admin/v1/quarantine_media/.*$
|
||||||
|
|
||||||
|
# You should also set `enable_media_repo: False` in the shared configuration
|
||||||
|
# file to stop the main synapse running background jobs related to managing the
|
||||||
|
# media repository.
|
||||||
|
|
||||||
|
# In the `media_repository` worker configuration file, configure the http listener to
|
||||||
|
# expose the `media` resource. For example:
|
||||||
|
|
||||||
|
# ```yaml
|
||||||
|
# worker_listeners:
|
||||||
|
# - type: http
|
||||||
|
# port: 8085
|
||||||
|
# resources:
|
||||||
|
# - names:
|
||||||
|
# - media
|
||||||
|
# ```
|
||||||
|
|
||||||
|
# Note that if running multiple media repositories they must be on the same server
|
||||||
|
# and you must configure a single instance to run the background tasks, e.g.:
|
||||||
|
|
||||||
|
# ```yaml
|
||||||
|
# media_instance_running_background_jobs: "media-repository-1"
|
||||||
|
# ```
|
||||||
|
|
||||||
|
# Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately).
|
||||||
|
|
||||||
|
matrix_synapse_workers_user_dir_endpoints:
|
||||||
|
# Handles searches in the user directory. It can handle REST endpoints matching
|
||||||
|
# the following regular expressions:
|
||||||
|
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$
|
||||||
|
|
||||||
|
# When using this worker you must also set `update_user_directory: False` in the
|
||||||
|
# shared configuration file to stop the main synapse running background
|
||||||
|
# jobs related to updating the user directory.
|
||||||
|
|
||||||
|
matrix_synapse_workers_frontend_proxy_endpoints:
|
||||||
|
# Proxies some frequently-requested client endpoints to add caching and remove
|
||||||
|
# load from the main synapse. It can handle REST endpoints matching the following
|
||||||
|
# regular expressions:
|
||||||
|
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/keys/upload
|
||||||
|
|
||||||
|
# If `use_presence` is False in the homeserver config, it can also handle REST
|
||||||
|
# endpoints matching the following regular expressions:
|
||||||
|
|
||||||
|
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
|
||||||
|
# ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status
|
||||||
|
|
||||||
|
# This "stub" presence handler will pass through `GET` request but make the
|
||||||
|
# `PUT` effectively a no-op.
|
||||||
|
|
||||||
|
# It will proxy any requests it cannot handle to the main synapse instance. It
|
||||||
|
# must therefore be configured with the location of the main instance, via
|
||||||
|
# the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration
|
||||||
|
# file. For example:
|
||||||
|
|
||||||
|
# worker_main_http_uri: http://127.0.0.1:8008
|
||||||
|
|
||||||
|
matrix_synapse_workers_avail_list:
|
||||||
|
- appservice
|
||||||
|
- federation_sender
|
||||||
|
- frontend_proxy
|
||||||
|
- generic_worker
|
||||||
|
- media_repository
|
||||||
|
- pusher
|
||||||
|
- user_dir
|
||||||
Loading…
Reference in new issue