Merge branch 'spantaleev:master' into default_room_version_9

development
Wm Salt Hale 3 years ago committed by GitHub
commit 3001b2d32d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,3 +1,32 @@
# 2021-12-14
## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability
Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable.
One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md).
# 2021-11-11
## Dropped support for Postgres v9.6
Postgres v9.6 reached its end of life today, so the playbook will refuse to run for you if you're still on that version.
Synapse still supports v9.6 (for now), but we're retiring support for it early, to avoid having to maintain support for so many Postgres versions. Users that are still on Postgres v9.6 can easily [upgrade Postgres](docs/maintenance-postgres.md#upgrading-postgresql) via the playbook.
# 2021-10-23
## Hangouts bridge no longer updated, superseded by a Googlechat bridge
The mautrix-hangouts bridge is no longer receiving updates upstream and is likely to stop working in the future.
We still retain support for this bridge in the playbook, but you're encouraged to switch away from it.
There's a new [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge that you can [install using the playbook](docs/configuring-playbook-bridge-mautrix-googlechat.md).
Your **Hangouts bridge data will not be migrated**, however. You need to start fresh with the new bridge.
# 2021-08-23 # 2021-08-23
## LinkedIn bridging support via beeper-linkedin ## LinkedIn bridging support via beeper-linkedin
@ -233,6 +262,8 @@ The fact that we've renamed Synapse's database from `homeserver` to `synapse` (i
## (Breaking Change) The mautrix-facebook bridge now requires a Postgres database ## (Breaking Change) The mautrix-facebook bridge now requires a Postgres database
**Update from 2021-11-15**: SQLite support has been re-added to the mautrix-facebook bridge in [v0.3.2](https://github.com/mautrix/facebook/releases/tag/v0.3.2). You can ignore this changelog entry.
A new version of the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge has been released. It's a full rewrite of its backend and the bridge now requires Postgres. New versions of the bridge can no longer run on SQLite. A new version of the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge has been released. It's a full rewrite of its backend and the bridge now requires Postgres. New versions of the bridge can no longer run on SQLite.
**TLDR**: if you're NOT using an [external Postgres server](docs/configuring-playbook-external-postgres.md) and have NOT forcefully kept the bridge on SQLite during [The big move to all-on-Postgres (potentially dangerous)](#the-big-move-to-all-on-postgres-potentially-dangerous), you will be automatically upgraded without manual intervention. All you need to do is send a `login` message to the Facebook bridge bot again. **TLDR**: if you're NOT using an [external Postgres server](docs/configuring-playbook-external-postgres.md) and have NOT forcefully kept the bridge on SQLite during [The big move to all-on-Postgres (potentially dangerous)](#the-big-move-to-all-on-postgres-potentially-dangerous), you will be automatically upgraded without manual intervention. All you need to do is send a `login` message to the Facebook bridge bot again.

@ -53,6 +53,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) - (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)
- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/) - (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) - (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)

@ -0,0 +1,4 @@
---
collections:
- name: community.general
- name: community.docker

@ -21,6 +21,6 @@ matrix_architecture: "arm32"
## Implementation details ## Implementation details
For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used everywhere, because all images are available for this architecture. For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used for all components (except [Hydrogen](configuring-playbook-client-hydrogen.md), which goes through self-building).
For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.

@ -51,7 +51,7 @@ docker run -it --rm \
-v `pwd`:/work \ -v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \ --entrypoint=/bin/sh \
docker.io/devture/ansible:2.9.14-r0 docker.io/devture/ansible:2.10.7-r0
``` ```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

@ -0,0 +1,58 @@
# Setting up Mautrix Google Chat (optional)
The playbook can install and configure [mautrix-googlechat](https://github.com/mautrix/googlechat) for you.
See the project's [documentation](https://docs.mau.fi/bridges/python/googlechat/index.html) to learn what it does and why it might be useful to you.
To enable the [Google Chat](https://chat.google.com/) bridge just use the following playbook configuration:
```yaml
matrix_mautrix_googlechat_enabled: true
```
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-googlechat` device some time in the future, as that would break the Double Puppeting feature
## Usage
Once the bot is enabled you need to start a chat with `googlechat bridge bot` with handle `@googlechatbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login` to the bridge bot to receive a link to the portal from which you can enable the bridging. Open the link sent by the bot and follow the instructions.
Automatic login may not work. If it does not, reload the page and select the "Manual login" checkbox before starting. Manual login involves logging into your Google account normally and then manually getting the OAuth token from browser cookies with developer tools.
Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages.
You can learn more about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/googlechat/authentication.html).
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

@ -1,3 +1,5 @@
# The [Mautrix Hangouts Bridge](https://mau.dev/mautrix/hangouts) is no longer maintained. It has changed to a [Google Chat Bridge](https://github.com/mautrix/googlechat). Setup instructions for the Google Chat Bridge can be [found here](configuring-playbook-bridge-mautrix-googlechat.md).
# Setting up Mautrix Hangouts (optional) # Setting up Mautrix Hangouts (optional)
The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you. The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you.

@ -8,8 +8,25 @@ Use the following playbook configuration:
```yaml ```yaml
matrix_mautrix_whatsapp_enabled: true matrix_mautrix_whatsapp_enabled: true
``` ```
Whatsapp multidevice beta is required, now it is enough if Whatsapp is connected to the Internet every 2 weeks.
## Enable backfilling history
This requires a server with MSC2716 support, which is currently an experimental feature in synapse.
Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers.
Use the following playbook configuration:
```yaml
matrix_synapse_configuration_extension_yaml: |
experimental_features:
msc2716_enabled: true
```
```yaml
matrix_mautrix_whatsapp_configuration_extension_yaml:
bridge:
history_sync:
backfill: true
```
## Set up Double Puppeting ## Set up Double Puppeting

@ -41,13 +41,23 @@ If you're fine with such an open Jitsi instance, please skip to [Apply changes](
If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms. If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms.
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml ```yaml
matrix_jitsi_enable_auth: true matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true matrix_jitsi_enable_guests: true
matrix_jitsi_prosody_auth_internal_accounts:
- username: "jitsi-moderator"
password: "secret-password"
- username: "another-user"
password: "another-password"
``` ```
**Caution:** Accounts added here and subsquently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
### (Optional) LDAP authentication ### (Optional) LDAP authentication
The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be: The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be:
@ -122,19 +132,6 @@ You may want to **limit the maximum video resolution**, to save up resources on
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
## Required if configuring Jitsi with internal authentication: register new users
Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.
Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:
```bash
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD>
```
Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
## Usage ## Usage

@ -37,6 +37,7 @@ matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-corporal
matrix_corporal_enabled: true matrix_corporal_enabled: true
# See below for an example of how to use a locally-stored static policy
matrix_corporal_policy_provider_config: | matrix_corporal_policy_provider_config: |
{ {
"Type": "http", "Type": "http",
@ -74,10 +75,48 @@ Matrix Corporal operates with a specific Matrix user on your server.
By default, it's `matrix-corporal` (controllable by the `matrix_corporal_reconciliation_user_id_local_part` setting, see above). By default, it's `matrix-corporal` (controllable by the `matrix_corporal_reconciliation_user_id_local_part` setting, see above).
No matter what Matrix user id you configure to run it with, make sure that: No matter what Matrix user id you configure to run it with, make sure that:
- the Matrix Corporal user is created by [registering it](registering-users.md). Use a password you remember, as you'll need to log in from time to time to create or join rooms - the Matrix Corporal user is created by [registering it](registering-users.md) **with administrator privileges**. Use a password you remember, as you'll need to log in from time to time to create or join rooms
- the Matrix Corporal user is joined and has Admin/Moderator-level access to any rooms you want it to manage - the Matrix Corporal user is joined and has Admin/Moderator-level access to any rooms you want it to manage
### Using a locally-stored static policy
If you'd like to use a [static policy file](https://github.com/devture/matrix-corporal/blob/master/docs/policy-providers.md#static-file-pull-style-policy-provider), you can use a configuration like this:
```yaml
matrix_corporal_policy_provider_config: |
{
"Type": "static_file",
"Path": "/etc/matrix-corporal/policy.json"
}
# Modify the policy below as you see fit
matrix_aux_file_definitions:
- dest: "{{ matrix_corporal_config_dir_path }}/policy.json"
content: |
{
"schemaVersion": 1,
"identificationStamp": "stamp-1",
"flags": {
"allowCustomUserDisplayNames": false,
"allowCustomUserAvatars": false,
"forbidRoomCreation": false,
"forbidEncryptedRoomCreation": true,
"forbidUnencryptedRoomCreation": false,
"allowCustomPassthroughUserPasswords": true,
"allowUnauthenticatedPasswordResets": false,
"allow3pidLogin": false
},
"managedCommunityIds": [],
"managedRoomIds": [],
"users": []
}
```
To learn more about what the policy configuration, see the matrix-corporal documentation on [policy](https://github.com/devture/matrix-corporal/blob/master/docs/policy.md).
Each time you update the policy in your `vars.yml` file, you'd need to re-run the playbook and restart matrix-corporal (`--tags=setup-all,start` or `--tags=setup-aux-files,setup-corporal,start`).
## Matrix Corporal files ## Matrix Corporal files

@ -71,7 +71,7 @@ After following the [Preparation](#preparation) guide above, you can take a loo
### Using another external webserver ### Using another external webserver
Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/conf.d/). Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/nginx/conf.d/).
## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy ## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy
@ -111,6 +111,9 @@ matrix_coturn_enabled: false
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true matrix_nginx_proxy_trust_forwarded_proto: true
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
``` ```
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports. With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
@ -136,6 +139,12 @@ matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: '' matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: '' matrix_nginx_proxy_container_federation_host_bind_port: ''
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
# Disable Coturn because it needs SSL certs # Disable Coturn because it needs SSL certs
# (Clients can, though exposing IP address, use Matrix.org TURN) # (Clients can, though exposing IP address, use Matrix.org TURN)
matrix_coturn_enabled: false matrix_coturn_enabled: false

@ -55,9 +55,41 @@ Name | Description
`matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network)
`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics` `matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`) `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable) `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx.
`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`) `matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`)
### Collecting worker metrics to an external Prometheus server
If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
It will look a bit like this:
```yaml
scrape_configs:
- job_name: 'synapse'
metrics_path: /_synapse/metrics
scheme: https
basic_auth:
username: prometheus
password_file: /etc/prometheus/password.pwd
static_configs:
- targets: ['matrix.DOMAIN:443']
labels:
job: "master"
index: 1
- job_name: 'synapse-generic_worker-1'
metrics_path: /_synapse-worker-generic_worker-18111/metrics
scheme: https
basic_auth:
username: prometheus
password_file: /etc/prometheus/password.pwd
static_configs:
- targets: ['matrix.DOMAIN:443']
labels:
job: "generic_worker"
index: 18111
```
### Collecting system and Postgres metrics to an external Prometheus server (advanced) ### Collecting system and Postgres metrics to an external Prometheus server (advanced)
When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats. When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats.

@ -98,6 +98,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional) - [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional)
- [Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md) (optional)
- [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional) - [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
- [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional) - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)

@ -48,6 +48,8 @@ These services are not part of our default installation, but can be enabled by [
- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) - [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)
- [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) - the [mautrix-instagram](https://github.com/mautrix/instagram) bridge to [Instagram](https://instagram.com/) (optional) - [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) - the [mautrix-instagram](https://github.com/mautrix/instagram) bridge to [Instagram](https://instagram.com/) (optional)
- [mautrix/signal](https://mau.dev/mautrix/signal/container_registry) - the [mautrix-signal](https://github.com/mautrix/signal) bridge to [Signal](https://www.signal.org/) (optional) - [mautrix/signal](https://mau.dev/mautrix/signal/container_registry) - the [mautrix-signal](https://github.com/mautrix/signal) bridge to [Signal](https://www.signal.org/) (optional)

@ -12,7 +12,8 @@ If your database name differs, be sure to change `matrix_synapse_database_databa
The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`). The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`).
Importing multiple databases (as dumped by `pg_dumpall`) is also supported. Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...)
Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay). Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay).
@ -32,6 +33,7 @@ ansible-playbook -i inventory/hosts setup.yml \
## Troubleshooting ## Troubleshooting
### Table Ownership
A table ownership issue can occur if you are importing from a Synapse installation which was both: A table ownership issue can occur if you are importing from a Synapse installation which was both:
- migrated from SQLite to Postgres, and - migrated from SQLite to Postgres, and
@ -48,7 +50,7 @@ where `synapse_user` is the database username from the previous Synapse installa
This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username: This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username:
```Shell ```Shell
$ grep "ALTER TABLE" homeserver.sql" $ grep "ALTER TABLE" homeserver.sql
ALTER TABLE public.access_tokens OWNER TO synapse_user; ALTER TABLE public.access_tokens OWNER TO synapse_user;
ALTER TABLE public.account_data OWNER TO synapse_user; ALTER TABLE public.account_data OWNER TO synapse_user;
ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user; ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user;
@ -60,10 +62,10 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user;
It can be worked around by changing the username to `synapse`, for example by using `sed`: It can be worked around by changing the username to `synapse`, for example by using `sed`:
```Shell ```Shell
$ sed -i "s/synapse_user/synapse/g" homeserver.sql $ sed -i "s/OWNER TO synapse_user;/OWNER TO synapse;/g" homeserver.sql
``` ```
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse_user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. Expand search/replace statement as shown in example above, in case of old user name like `matrix` - replacing `matrix` only would... well - you can imagine.
Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as: Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as:
@ -71,6 +73,8 @@ Note that if the previous import failed with an error it may have made changes w
ERROR: relation \"access_tokens\" already exists ERROR: relation \"access_tokens\" already exists
``` ```
### Repeat import
In this case you can use the command suggested in the import task to clear the database before retrying the import: In this case you can use the command suggested in the import task to clear the database before retrying the import:
```Shell ```Shell
@ -79,4 +83,20 @@ In this case you can use the command suggested in the import task to clear the d
# systemctl start matrix-postgres # systemctl start matrix-postgres
``` ```
Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed. Now on your local machine run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-postgres` to prepare the database roles etc.
If not, you probably get this error. `synapse` is the correct table owner, but the role is missing in database.
```
"ERROR: role synapse does not exist"
```
Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.
Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
```
/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
```
### Hints
To open psql terminal run `/usr/local/bin/matrix-postgres-cli`

@ -1,25 +1,25 @@
# Installing # Installing
## 1. Installing the Matrix services
If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure. If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.
Run this as-is to set up a server: Run this command to install the Matrix services:
```bash ```bash
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
``` ```
**Note**: if you don't use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands. The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration.
**Note**: if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.
The above command **doesn't start any services just yet** (another step does this later - below). **Notes**:
- if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
- if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.
Feel free to **re-run this setup command any time** you think something is off with the server configuration.
## 2. Things you might want to do after installing
## Things you might want to do after installing **Before starting the services**, you may want to do additional things like:
After installing, but before starting the services, you may want to do additional things like:
- [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional) - [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)
@ -28,20 +28,22 @@ After installing, but before starting the services, you may want to do additiona
- [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional) - [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)
## Starting the services ## 3. Starting the services
When you're ready to start the Matrix services (and set them up to auto-start in the future): When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command:
```bash ```bash
ansible-playbook -i inventory/hosts setup.yml --tags=start ansible-playbook -i inventory/hosts setup.yml --tags=start
``` ```
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md) ## 4. Finalize the installation
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md).
## Things to do next ## 5. Things to do next
If you have started services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can: After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:
- [check if services work](maintenance-checking-services.md) - [check if services work](maintenance-checking-services.md)
- or [create your first Matrix user account](registering-users.md) - or [create your first Matrix user account](registering-users.md)

@ -18,6 +18,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-registration` - `matrix-registration`
- `matrix-coturn` - `matrix-coturn`
- `matrix-corporal` - `matrix-corporal`
- `matrix-dimension`
- `matrix-ma1sd` - `matrix-ma1sd`
- `matrix-mailer` - `matrix-mailer`
- `matrix-bridge-appservice-irc` - `matrix-bridge-appservice-irc`
@ -25,6 +26,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-appservice-webhooks` - `matrix-bridge-appservice-webhooks`
- `matrix-bridge-mautrix-facebook` - `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts` - `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mautrix-googlechat`
- `matrix-bridge-mautrix-telegram` - `matrix-bridge-mautrix-telegram`
- `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-signal`
- `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mautrix-whatsapp`

@ -5,7 +5,7 @@ https://matrix.DOMAIN {
root /matrix/static-files root /matrix/static-files
header { header / {
Access-Control-Allow-Origin * Access-Control-Allow-Origin *
Strict-Transport-Security "mag=age=31536000;" Strict-Transport-Security "mag=age=31536000;"
X-Frame-Options "DENY" X-Frame-Options "DENY"
@ -13,10 +13,10 @@ https://matrix.DOMAIN {
} }
# Identity server traffic # Identity server traffic
proxy /_matrix/identity matrix-msisd:8090 { proxy /_matrix/identity matrix-ma1sd:8090 {
transparent transparent
} }
proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 { proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
transparent transparent
} }

@ -19,9 +19,9 @@ matrix_container_global_registry_prefix: "docker.io/"
matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:8008'. # If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'.
# This is because we explicitly disable them for the main Synapse process. # This is because we explicitly disable them for the main Synapse process.
matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:8008' }}" matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string }}"
###################################################################### ######################################################################
# #
@ -79,14 +79,14 @@ matrix_appservice_discord_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_appservice_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.as.token') | to_uuid }}" matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'discord.as.token') | to_uuid }}"
matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.hs.token') | to_uuid }}" matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'discord.hs.token') | to_uuid }}"
# We only make this use Postgres if our own Postgres server is enabled. # We only make this use Postgres if our own Postgres server is enabled.
# It's only then (for now) that we can automatically create the necessary database and user for this service. # It's only then (for now) that we can automatically create the necessary database and user for this service.
matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_appservice_discord_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'as.discord.db') | to_uuid }}" matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'as.discord.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -111,11 +111,12 @@ matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture !
# matrix-appservice-webhooks' client-server port to the local host. # matrix-appservice-webhooks' client-server port to the local host.
matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}" matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}"
matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}" matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}" matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}" matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
matrix_appservice_webhooks_systemd_required_services_list: | matrix_appservice_webhooks_systemd_required_services_list: |
{{ {{
@ -149,11 +150,12 @@ matrix_appservice_slack_container_self_build: "{{ matrix_architecture != 'amd64'
# matrix-appservice-slack's client-server port to the local host. # matrix-appservice-slack's client-server port to the local host.
matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}" matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}"
matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}" matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}"
matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}" matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}" matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}"
matrix_appservice_slack_systemd_required_services_list: | matrix_appservice_slack_systemd_required_services_list: |
{{ {{
@ -166,7 +168,7 @@ matrix_appservice_slack_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}" matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
matrix_appservice_slack_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'as.slack.db') | to_uuid }}" matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'as.slack.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -203,12 +205,12 @@ matrix_appservice_irc_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.as.token') | to_uuid }}" matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'irc.as.token') | to_uuid }}"
matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.hs.token') | to_uuid }}" matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'irc.hs.token') | to_uuid }}"
matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}" matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'as.irc.db') | to_uuid }}" matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'as.irc.db') | to_uuid }}"
###################################################################### ######################################################################
@ -238,15 +240,15 @@ matrix_beeper_linkedin_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'linked.as.token') | to_uuid }}"
matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'linked.hs.token') | to_uuid }}"
matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -276,9 +278,9 @@ matrix_mautrix_facebook_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.as.token') | to_uuid }}" matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'fb.as.token') | to_uuid }}"
matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.hs.token') | to_uuid }}" matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}"
matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
@ -287,7 +289,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path. # and point them to a migration path.
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_facebook_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.fb.db') | to_uuid }}" matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.fb.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -318,9 +320,9 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.as.token') | to_uuid }}" matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ho.as.token') | to_uuid }}"
matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
@ -328,7 +330,7 @@ matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_hangouts_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}" matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -337,6 +339,47 @@ matrix_mautrix_hangouts_database_password: "{{ matrix_synapse_macaroon_secret_ke
###################################################################### ######################################################################
######################################################################
#
# matrix-bridge-mautrix-googlechat
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_googlechat_enabled: false
matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_googlechat_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'gc.as.token') | to_uuid }}"
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'gc.hs.token') | to_uuid }}"
matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.gc.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-googlechat
#
######################################################################
###################################################################### ######################################################################
# #
# matrix-bridge-mautrix-instagram # matrix-bridge-mautrix-instagram
@ -359,9 +402,9 @@ matrix_mautrix_instagram_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mautrix_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.as.token') | to_uuid }}" matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ig.as.token') | to_uuid }}"
matrix_mautrix_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.hs.token') | to_uuid }}" matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ig.hs.token') | to_uuid }}"
matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
@ -370,7 +413,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path. # and point them to a migration path.
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_instagram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.ig.db') | to_uuid }}" matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.ig.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -405,14 +448,14 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signal_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'si.hs.token') | to_uuid }}" matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'si.hs.token') | to_uuid }}"
matrix_mautrix_signal_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'si.as.token') | to_uuid }}" matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'si.as.token') | to_uuid }}"
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_engine: 'postgres'
matrix_mautrix_signal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_signal_daemon_container_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mautrix_signal_daemon_container_self_build: "{{ matrix_architecture != 'amd64' }}"
@ -448,11 +491,11 @@ matrix_mautrix_telegram_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.as.token') | to_uuid }}" matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.hs.token') | to_uuid }}" matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'telegr.hs.token') | to_uuid }}"
matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'telegram') | to_uuid }}"
matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}" matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}"
@ -460,7 +503,7 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_telegram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.telegram.db') | to_uuid }}" matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.telegram.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -490,15 +533,15 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.as.token') | to_uuid }}" matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'whats.as.token') | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.hs.token') | to_uuid }}" matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'whats.hs.token') | to_uuid }}"
matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_whatsapp_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}" matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -524,9 +567,10 @@ matrix_sms_bridge_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}" matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'sms.as.token') | to_uuid }}"
matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}" matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'sms.hs.token') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -543,9 +587,9 @@ matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | pas
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_heisenbridge_enabled: false matrix_heisenbridge_enabled: false
matrix_heisenbridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'heisen.as.tok') | to_uuid }}" matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'heisen.as.tok') | to_uuid }}"
matrix_heisenbridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}" matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}"
matrix_heisenbridge_systemd_wanted_services_list: | matrix_heisenbridge_systemd_wanted_services_list: |
{{ {{
@ -582,15 +626,15 @@ matrix_mx_puppet_skype_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_skype_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'skype.as.tok') | to_uuid }}" matrix_mx_puppet_skype_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'skype.as.tok') | to_uuid }}"
matrix_mx_puppet_skype_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'skype.hs.tok') | to_uuid }}" matrix_mx_puppet_skype_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'skype.hs.tok') | to_uuid }}"
matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_skype_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}" matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -621,15 +665,15 @@ matrix_mx_puppet_slack_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
matrix_mx_puppet_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}"
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_slack_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}" matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -659,9 +703,9 @@ matrix_mx_puppet_twitter_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
@ -669,7 +713,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_twitter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}" matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -700,15 +744,15 @@ matrix_mx_puppet_instagram_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_instagram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}" matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -738,15 +782,15 @@ matrix_mx_puppet_discord_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}" matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}" matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_discord_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -776,15 +820,15 @@ matrix_mx_puppet_steam_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}" matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}" matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_steam_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}" matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -814,15 +858,15 @@ matrix_mx_puppet_groupme_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}} }}
matrix_mx_puppet_groupme_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}" matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}"
matrix_mx_puppet_groupme_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}" matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}"
matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_groupme_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}" matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -852,7 +896,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'reminder.bot.db') | to_uuid }}" matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'reminder.bot.db') | to_uuid }}"
matrix_bot_matrix_reminder_bot_container_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_bot_matrix_reminder_bot_container_self_build: "{{ matrix_architecture != 'amd64' }}"
###################################################################### ######################################################################
@ -1001,11 +1045,15 @@ matrix_coturn_container_additional_volumes: |
matrix_dimension_enabled: false matrix_dimension_enabled: false
matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Dimension HTTP port to the local host. # the Dimension HTTP port to the local host.
matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}" matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}"
matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}" matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}" matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"
@ -1022,7 +1070,7 @@ matrix_dimension_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_dimension_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db') | to_uuid }}" matrix_dimension_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'dimension.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -1047,7 +1095,7 @@ matrix_etherpad_systemd_required_services_list: |
(['matrix-postgres.service'] if matrix_postgres_enabled else []) (['matrix-postgres.service'] if matrix_postgres_enabled else [])
}} }}
matrix_etherpad_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'etherpad.db') | to_uuid }}" matrix_etherpad_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'etherpad.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -1106,9 +1154,9 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_pro
matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}" matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}"
matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}" matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'jibri') | to_uuid }}"
matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'jicofo') | to_uuid }}"
matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'jvb') | to_uuid }}"
matrix_jitsi_web_stun_servers: | matrix_jitsi_web_stun_servers: |
{{ {{
@ -1171,7 +1219,8 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# ma1sd's web-server port. # ma1sd's web-server port.
matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8090' }}" matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_container_port|string }}"
# We enable Synapse integration via its Postgres database by default. # We enable Synapse integration via its Postgres database by default.
# When using another Identity store, you might wish to disable this and define # When using another Identity store, you might wish to disable this and define
@ -1210,7 +1259,7 @@ matrix_ma1sd_systemd_wanted_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_ma1sd_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ma1sd.db') | to_uuid }}" matrix_ma1sd_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ma1sd.db') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -1253,8 +1302,8 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corpor
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}"
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}"
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}"
# By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy. # By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy.
# Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy. # Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy.
@ -1265,6 +1314,12 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
# Settings controlling matrix-synapse-proxy.conf # Settings controlling matrix-synapse-proxy.conf
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"
# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"
@ -1298,6 +1353,8 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers
matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}"
matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}"
matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_nginx_proxy_systemd_wanted_services_list: | matrix_nginx_proxy_systemd_wanted_services_list: |
{{ {{
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
@ -1430,6 +1487,12 @@ matrix_postgres_additional_databases: |
'password': matrix_mautrix_hangouts_database_password, 'password': matrix_mautrix_hangouts_database_password,
}] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == 'matrix-postgres') else []) }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == 'matrix-postgres') else [])
+ +
([{
'name': matrix_mautrix_googlechat_database_name,
'username': matrix_mautrix_googlechat_database_username,
'password': matrix_mautrix_googlechat_database_password,
}] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == 'matrix-postgres') else [])
+
([{ ([{
'name': matrix_mautrix_instagram_database_name, 'name': matrix_mautrix_instagram_database_name,
'username': matrix_mautrix_instagram_database_username, 'username': matrix_mautrix_instagram_database_username,
@ -1660,18 +1723,18 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6
# When ma1sd is enabled, we can use it to validate email addresses and phone numbers. # When ma1sd is enabled, we can use it to validate email addresses and phone numbers.
# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. # Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server.
matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}"
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
# you can expose Synapse's ports to the host. # you can expose Synapse's ports to the host.
# #
# For exposing the Matrix Client API's port (plain HTTP) to the local host. # For exposing the Matrix Client API's port (plain HTTP) to the local host.
matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port|string }}"
# #
# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}"
# #
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
@ -1685,7 +1748,7 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat
# For exposing the Synapse worker (and metrics) ports to the local host. # For exposing the Synapse worker (and metrics) ports to the local host.
matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}" matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
matrix_synapse_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'synapse.db') | to_uuid }}" matrix_synapse_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'synapse.db') | to_uuid }}"
# We do not enable TLS in Synapse by default. # We do not enable TLS in Synapse by default.
# TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse. # TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse.
@ -1836,7 +1899,7 @@ matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exp
###################################################################### ######################################################################
matrix_prometheus_postgres_exporter_enabled: false matrix_prometheus_postgres_exporter_enabled: false
matrix_prometheus_postgres_exporter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}" matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}"
matrix_prometheus_postgres_exporter_systemd_required_services_list: | matrix_prometheus_postgres_exporter_systemd_required_services_list: |
{{ {{
@ -1912,7 +1975,7 @@ matrix_registration_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres) # Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_registration_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx.registr.db') | to_uuid }}" matrix_registration_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mx.registr.db') | to_uuid }}"
###################################################################### ######################################################################
# #

@ -5,10 +5,11 @@ import json
janitor_token = sys.argv[1] janitor_token = sys.argv[1]
synapse_container_ip = sys.argv[2] synapse_container_ip = sys.argv[2]
synapse_container_port = sys.argv[3]
# collect total amount of rooms # collect total amount of rooms
rooms_raw_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms' rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms'
rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token}
rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header)
rooms_raw_python = json.loads(rooms_raw.text) rooms_raw_python = json.loads(rooms_raw.text)
@ -19,7 +20,7 @@ total_rooms = rooms_raw_python["total_rooms"]
room_list_file = open("/tmp/room_list_complete.json", "w") room_list_file = open("/tmp/room_list_complete.json", "w")
for i in range(0, total_rooms, 100): for i in range(0, total_rooms, 100):
rooms_inc_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms?from=' + str(i) rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i)
rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header)
room_list_file.write(rooms_inc.text) room_list_file.write(rooms_inc.text)

@ -0,0 +1,66 @@
{
"name": "Bridge Discord Appservice",
"description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
"spec": [
{
"question_name": "Enable Discord AppService Bridge",
"question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_appservice_discord_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_appservice_discord_enabled",
"type": "multiplechoice"
},
{
"question_name": "Discord OAuth2 Client ID",
"question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications",
"required": true,
"min": 0,
"max": 128,
"default": "{{ matrix_appservice_discord_client_id | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_appservice_discord_client_id",
"type": "text"
},
{
"question_name": "Discord Bot Token",
"question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications",
"required": true,
"min": 0,
"max": 256,
"default": "{{ matrix_appservice_discord_bot_token | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_appservice_discord_bot_token",
"type": "password"
},
{
"question_name": "Auto-Admin Matrix User",
"question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.",
"required": false,
"min": 0,
"max": 1024,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_appservice_discord_admin_user",
"type": "text"
},
{
"question_name": "Auto-Admin Rooms",
"question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.",
"required": false,
"min": 0,
"max": 4096,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_appservice_discord_admin_rooms",
"type": "textarea"
}
]
}

@ -66,10 +66,10 @@
"required": false, "required": false,
"min": 0, "min": 0,
"max": 256, "max": 256,
"default": "{{ awx_corporal_http_api_auth_token }}", "default": "{{ matrix_corporal_http_api_auth_token }}",
"choices": "", "choices": "",
"new_question": true, "new_question": true,
"variable": "awx_corporal_http_api_auth_token", "variable": "matrix_corporal_http_api_auth_token",
"type": "password" "type": "password"
}, },
{ {
@ -81,7 +81,7 @@
"default": "{{ awx_corporal_raise_ratelimits }}", "default": "{{ awx_corporal_raise_ratelimits }}",
"choices": "Normal\nRaised", "choices": "Normal\nRaised",
"new_question": true, "new_question": true,
"variable": "matrix_corporal_raise_ratelimits", "variable": "awx_corporal_raise_ratelimits",
"type": "multiplechoice" "type": "multiplechoice"
} }
] ]

@ -0,0 +1,57 @@
- name: Record Bridge Discord AppService variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Bridge Discord AppService Start'
with_dict:
'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}'
'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}'
'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}'
- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list
set_fact:
awx_appservice_discord_admin_rooms_array: |-
{{ awx_appservice_discord_admin_rooms.splitlines() | to_json }}
when: awx_appservice_discord_admin_rooms | trim | length > 0
- name: Promote user to administer (PL100) of each room
command: |
docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100'
with_indexed_items:
- "{{ awx_appservice_discord_admin_rooms_array }}"
when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined )
- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json'
- name: Copy new 'Bridge Discord Appservice' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json'
dest: '/matrix/awx/bridge_discord_appservice.json'
mode: '0660'
- name: Recreate 'Bridge Discord Appservice' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 3 - Bridge Discord AppService"
description: "Enables a private bridge you can use to connect Matrix rooms to Discord."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,bridge-discord-appservice"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes

@ -197,6 +197,15 @@
tags: tags:
- setup-synapse-admin - setup-synapse-admin
# Additional playbook to set the variable file during Discord Appservice Bridge configuration
- include_tasks:
file: "bridge_discord_appservice.yml"
apply:
tags: bridge-discord-appservice
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- bridge-discord-appservice
# Delete AWX session token # Delete AWX session token
- include_tasks: - include_tasks:
file: "delete_session_token.yml" file: "delete_session_token.yml"

@ -1,11 +0,0 @@
---
- name: Collect entire room list into stdout
shell: |
curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}'
register: awx_rooms_output
- name: Print stdout to file
delegate_to: 127.0.0.1
shell: |
echo '{{ awx_rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json

@ -2,11 +2,11 @@
- name: Purge all rooms with more then N events - name: Purge all rooms with more then N events
shell: | shell: |
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: awx_purge_command register: awx_purge_command
- name: Print output of purge command - name: Print output of purge command
debug: debug:
msg: "{{ awx_purge_command.stdout }}" msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe - name: Pause for 5 seconds to let Synapse breathe

@ -29,9 +29,9 @@
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_synapse_container_ip register: awx_synapse_container_ip
- name: Collect access token for janitor user - name: Collect access token for @_janitor user
shell: | shell: |
curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' curl -X POST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token register: awx_janitors_token
no_log: True no_log: True
@ -47,7 +47,7 @@
- name: Run build_room_list.py script - name: Run build_room_list.py script
shell: | shell: |
runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }}
register: awx_rooms_total register: awx_rooms_total
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
@ -69,7 +69,7 @@
shell: | shell: |
jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Count number of rooms with no local users - name: Count number of rooms with no local users
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
shell: | shell: |
@ -84,7 +84,7 @@
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Purge all rooms with no local users - name: Purge all rooms with no local users
include_tasks: awx_purge_database_no_local.yml include_tasks: purge_database_no_local.yml
loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}"
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
@ -116,7 +116,7 @@
no_log: True no_log: True
- name: Purge all rooms with more then N users - name: Purge all rooms with more then N users
include_tasks: awx_purge_database_users.yml include_tasks: purge_database_users.yml
loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}"
when: awx_purge_mode.find("Number of users [slower]") != -1 when: awx_purge_mode.find("Number of users [slower]") != -1
@ -141,7 +141,7 @@
no_log: True no_log: True
- name: Purge all rooms with more then N events - name: Purge all rooms with more then N events
include_tasks: awx_purge_database_events.yml include_tasks: purge_database_events.yml
loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}"
when: awx_purge_mode.find("Number of events [slower]") != -1 when: awx_purge_mode.find("Number of events [slower]") != -1
@ -171,7 +171,7 @@
wait: yes wait: yes
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: yes
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Revert 'Deploy/Update a Server' job template - name: Revert 'Deploy/Update a Server' job template
@ -237,7 +237,7 @@
wait: yes wait: yes
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: yes
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Revert 'Deploy/Update a Server' job template - name: Revert 'Deploy/Update a Server' job template
@ -272,7 +272,7 @@
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: True no_log: True
- name: Print total number of rooms processed - name: Print total number of rooms processed
debug: debug:
msg: '{{ awx_rooms_total.stdout }}' msg: '{{ awx_rooms_total.stdout }}'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

@ -2,11 +2,11 @@
- name: Purge all rooms with no local users - name: Purge all rooms with no local users
shell: | shell: |
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room' curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room'
register: awx_purge_command register: awx_purge_command
- name: Print output of purge command - name: Print output of purge command
debug: debug:
msg: "{{ awx_purge_command.stdout }}" msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe - name: Pause for 5 seconds to let Synapse breathe

@ -2,11 +2,11 @@
- name: Purge all rooms with more then N users - name: Purge all rooms with more then N users
shell: | shell: |
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: awx_purge_command register: awx_purge_command
- name: Print output of purge command - name: Print output of purge command
debug: debug:
msg: "{{ awx_purge_command.stdout }}" msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe - name: Pause for 5 seconds to let Synapse breathe

@ -7,11 +7,11 @@
- name: Purge local media to specific date - name: Purge local media to specific date
shell: | shell: |
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
register: awx_purge_command register: awx_purge_command
- name: Print output of purge command - name: Print output of purge command
debug: debug:
msg: "{{ awx_purge_command.stdout }}" msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe - name: Pause for 5 seconds to let Synapse breathe

@ -9,7 +9,7 @@
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True no_log: True
- name: Ensure curl and jq intalled on target machine - name: Ensure curl and jq intalled on target machine
apt: apt:
pkg: pkg:
@ -21,21 +21,22 @@
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: awx_synapse_container_ip register: awx_synapse_container_ip
- name: Collect access token for janitor user - name: Collect access token for @_janitor user
shell: | shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' curl -XPOST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token register: awx_janitors_token
no_log: True no_log: True
- name: Generate list of dates to purge to - name: Generate list of dates to purge to
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}"
register: awx_purge_dates register: awx_purge_dates
- name: Calculate initial size of local media repository - name: Calculate initial size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local* shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_before register: awx_local_media_size_before
when: awx_purge_media_type == "Local Media" when: awx_purge_media_type == "Local Media"
async: 600
ignore_errors: yes ignore_errors: yes
no_log: True no_log: True
@ -43,16 +44,17 @@
shell: du -sh /matrix/synapse/storage/media-store/remote* shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_before register: awx_remote_media_size_before
when: awx_purge_media_type == "Remote Media" when: awx_purge_media_type == "Remote Media"
async: 600
ignore_errors: yes ignore_errors: yes
no_log: True no_log: True
- name: Purge local media with loop - name: Purge local media with loop
include_tasks: purge_media_local.yml include_tasks: purge_media_local.yml
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
when: awx_purge_media_type == "Local Media" when: awx_purge_media_type == "Local Media"
- name: Purge remote media with loop - name: Purge remote media with loop
include_tasks: purge_media_remote.yml include_tasks: purge_media_remote.yml
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
when: awx_purge_media_type == "Remote Media" when: awx_purge_media_type == "Remote Media"

@ -7,11 +7,11 @@
- name: Purge remote media to specific date - name: Purge remote media to specific date
shell: | shell: |
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
register: awx_purge_command register: awx_purge_command
- name: Print output of purge command - name: Print output of purge command
debug: debug:
msg: "{{ awx_purge_command.stdout }}" msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe - name: Pause for 5 seconds to let Synapse breathe

@ -84,14 +84,16 @@
line: "{{ item.key }}: {{ item.value }}" line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start' insertafter: '# Corporal Settings Start'
with_dict: with_dict:
'awx_corporal_http_api_auth_token': '{{ awx_corporal_http_api_auth_token }}' 'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
when: awx_corporal_http_api_auth_token|length > 0 when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml - name: Record 'Simple Static File' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
blockinfile: blockinfile:
path: '{{ awx_cached_matrix_vars }}' path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start" insertbefore: "# Corporal Policy Provider Settings End"
marker_begin: "Corporal"
marker_end: "Corporal"
block: | block: |
matrix_corporal_policy_provider_config: | matrix_corporal_policy_provider_config: |
{ {

@ -12,9 +12,9 @@
- curl - curl
state: present state: present
- name: Collect access token of Dimension user - name: Collect access token of @_dimension user
shell: | shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "_dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: awx_dimension_user_access_token register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX - name: Record Synapse variables locally on AWX

@ -30,7 +30,7 @@
insertafter: '# Synapse Extension Start' insertafter: '# Synapse Extension Start'
with_dict: with_dict:
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"' 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"'
when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' when: awx_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension - name: Remove entire ma1sd configuration extension

@ -38,7 +38,7 @@
set_fact: set_fact:
awx_synapse_auto_join_rooms_array: |- awx_synapse_auto_join_rooms_array: |-
{{ awx_synapse_auto_join_rooms.splitlines() | to_json }} {{ awx_synapse_auto_join_rooms.splitlines() | to_json }}
when: awx_synapse_auto_join_rooms|length > 0 when: awx_synapse_auto_join_rooms | length > 0
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank - name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -49,7 +49,7 @@
insertafter: '# Synapse Settings Start' insertafter: '# Synapse Settings Start'
with_dict: with_dict:
"matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}" "matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}"
when: awx_synapse_auto_join_rooms|length > 0 when: awx_synapse_auto_join_rooms | length > 0
- name: Record Synapse Shared Secret if it's defined - name: Record Synapse Shared Secret if it's defined
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1

@ -83,15 +83,15 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh" matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else 'ntp' }}" matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
# Specifies where the homeserver is on the container network. # Specifies where the homeserver is on the container network.
# Where this is depends on whether there's a reverse-proxy in front of it, etc. # Where this is depends on whether there's a reverse-proxy in front of it, etc.
# This likely gets overriden elsewhere. # This likely gets overriden elsewhere.
matrix_homeserver_container_url: "http://matrix-synapse:8008" matrix_homeserver_container_url: ""
matrix_identity_server_url: ~ matrix_identity_server_url: ~
@ -118,6 +118,72 @@ matrix_client_element_e2ee_secure_backup_required: false
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
matrix_client_element_e2ee_secure_backup_setup_methods: [] matrix_client_element_e2ee_secure_backup_setup_methods: []
# Default `/.well-known/matrix/client` configuration - it covers the generic use case.
# You can customize it by controlling the various variables inside the template file that it references.
#
# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_client_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-client.j2') }}"
# Your custom JSON configuration for `/.well-known/matrix/client` should go to `matrix_well_known_matrix_client_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_well_known_matrix_client_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_well_known_matrix_client_configuration`.
#
# Example configuration extension follows:
#
# matrix_well_known_matrix_client_configuration_extension_json: |
# {
# "io.element.call_behaviour": {
# "widget_build_url": "https://dimension.example.com/api/v1/dimension/bigbluebutton/widget_state"
# }
# }
matrix_well_known_matrix_client_configuration_extension_json: '{}'
matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json|from_json if matrix_well_known_matrix_client_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`.
matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default|combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}"
# Default `/.well-known/matrix/server` configuration - it covers the generic use case.
# You can customize it by controlling the various variables inside the template file that it references.
#
# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_server_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-server.j2') }}"
# Your custom JSON configuration for `/.well-known/matrix/server` should go to `matrix_well_known_matrix_server_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_well_known_matrix_server_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_well_known_matrix_server_configuration`.
#
# Example configuration extension follows:
#
# matrix_well_known_matrix_server_configuration_extension_json: |
# {
# "something": "another"
# }
matrix_well_known_matrix_server_configuration_extension_json: '{}'
matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json|from_json if matrix_well_known_matrix_server_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`.
matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}"
# The Docker network that all services would be put into # The Docker network that all services would be put into
matrix_docker_network: "matrix" matrix_docker_network: "matrix"

@ -13,16 +13,16 @@
- "{{ matrix_static_files_base_path }}/.well-known/matrix" - "{{ matrix_static_files_base_path }}/.well-known/matrix"
- name: Ensure Matrix /.well-known/matrix/client file configured - name: Ensure Matrix /.well-known/matrix/client file configured
template: copy:
src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2" content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
- name: Ensure Matrix /.well-known/matrix/server file configured - name: Ensure Matrix /.well-known/matrix/server file configured
template: copy:
src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2" content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"

@ -0,0 +1,9 @@
---
- name: Fail if required Matrix Base settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using this playbook.
when: "vars[item] == ''"
with_items:
- "matrix_homeserver_container_url"

@ -9,6 +9,7 @@
service: service:
name: matrix-bot-go-neb name: matrix-bot-go-neb
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
register: stopping_result register: stopping_result
when: "matrix_bot_go_neb_service_stat.stat.exists|bool" when: "matrix_bot_go_neb_service_stat.stat.exists|bool"

@ -9,6 +9,7 @@
service: service:
name: matrix-bot-matrix-reminder-bot name: matrix-bot-matrix-reminder-bot
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
register: stopping_result register: stopping_result
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"

@ -3,14 +3,13 @@
matrix_bot_mjolnir_enabled: true matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.1.20" matrix_bot_mjolnir_version: "v1.2.1"
matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}" matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir" matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"

@ -9,6 +9,7 @@
service: service:
name: matrix-bot-mjolnir name: matrix-bot-mjolnir
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
register: stopping_result register: stopping_result
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"

@ -48,7 +48,7 @@ matrix_appservice_discord_bridge_enableSelfServiceBridging: false
# #
# To use Postgres: # To use Postgres:
# - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`) # - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables # - adjust your database credentials via the `matrix_appservice_discord_database_*` variables
matrix_appservice_discord_database_engine: 'sqlite' matrix_appservice_discord_database_engine: 'sqlite'
matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db" matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db"

@ -54,6 +54,7 @@
service: service:
name: matrix-appservice-discord name: matrix-appservice-discord
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_appservice_discord_stat_db.stat.exists" when: "matrix_appservice_discord_stat_db.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-appservice-discord name: matrix-appservice-discord
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_appservice_discord_service_stat.stat.exists" when: "matrix_appservice_discord_service_stat.stat.exists"

@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_version: release-0.31.0 matrix_appservice_irc_version: release-0.32.1
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

@ -9,6 +9,7 @@
service: service:
name: matrix-appservice-irc name: matrix-appservice-irc
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_appservice_irc_service_stat.stat.exists" when: "matrix_appservice_irc_service_stat.stat.exists"

@ -33,7 +33,7 @@ matrix_appservice_slack_slack_port: 9003
matrix_appservice_slack_container_http_host_bind_port: '' matrix_appservice_slack_container_http_host_bind_port: ''
matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
matrix_appservice_slack_homeserver_url: "http://matrix-synapse:8008" matrix_appservice_slack_homeserver_url: ""
matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}"
matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack' matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack'
@ -82,7 +82,7 @@ matrix_appservice_slack_configuration_extension_yaml: |
# Optional # Optional
#matrix_admin_room: "!aBcDeF:matrix.org" #matrix_admin_room: "!aBcDeF:matrix.org"
#homeserver: #homeserver:
# url: http://localhost:8008 # url: http://localhost:{{ matrix_synapse_container_client_api_port }}
# server_name: my.server # server_name: my.server
# Optional # Optional
#tls: #tls:

@ -9,6 +9,7 @@
service: service:
name: matrix-appservice-slack name: matrix-appservice-slack
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_appservice_slack_service_stat.stat.exists" when: "matrix_appservice_slack_service_stat.stat.exists"

@ -8,5 +8,6 @@
with_items: with_items:
- "matrix_appservice_slack_control_room_id" - "matrix_appservice_slack_control_room_id"
- "matrix_appservice_slack_appservice_token" - "matrix_appservice_slack_appservice_token"
- "matrix_appservice_slack_homeserver_url"
- "matrix_appservice_slack_homeserver_token" - "matrix_appservice_slack_homeserver_token"
- "matrix_appservice_slack_id_token" - "matrix_appservice_slack_id_token"

@ -22,8 +22,6 @@ matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}" matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
matrix_appservice_webhooks_control_room_id: ''
matrix_appservice_webhooks_bot_name: 'webhookbot' matrix_appservice_webhooks_bot_name: 'webhookbot'
matrix_appservice_webhooks_user_prefix: '_webhook' matrix_appservice_webhooks_user_prefix: '_webhook'
@ -36,7 +34,7 @@ matrix_appservice_webhooks_matrix_port: 6789
matrix_appservice_webhooks_container_http_host_bind_port: '' matrix_appservice_webhooks_container_http_host_bind_port: ''
matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008" matrix_appservice_webhooks_homeserver_url: ""
matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks' matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'

@ -9,6 +9,7 @@
service: service:
name: matrix-appservice-webhooks name: matrix-appservice-webhooks
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_appservice_webhooks_service_stat.stat.exists" when: "matrix_appservice_webhooks_service_stat.stat.exists"

@ -7,6 +7,7 @@
when: "vars[item] == ''" when: "vars[item] == ''"
with_items: with_items:
- "matrix_appservice_webhooks_appservice_token" - "matrix_appservice_webhooks_appservice_token"
- "matrix_appservice_webhooks_homeserver_url"
- "matrix_appservice_webhooks_homeserver_token" - "matrix_appservice_webhooks_homeserver_token"
- "matrix_appservice_webhooks_id_token" - "matrix_appservice_webhooks_id_token"
- "matrix_appservice_webhooks_api_secret" - "matrix_appservice_webhooks_api_secret"

@ -9,6 +9,7 @@
service: service:
name: matrix-beeper-linkedin name: matrix-beeper-linkedin
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_beeper_linkedin_service_stat.stat.exists" when: "matrix_beeper_linkedin_service_stat.stat.exists"

@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.2.1 matrix_heisenbridge_version: 1.7.1
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

@ -9,6 +9,7 @@
service: service:
name: matrix-heisenbridge name: matrix-heisenbridge
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_heisenbridge_service_stat.stat.exists" when: "matrix_heisenbridge_service_stat.stat.exists"

@ -6,7 +6,7 @@ matrix_mautrix_facebook_enabled: true
matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build: false
matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
matrix_mautrix_facebook_version: v0.3.1 matrix_mautrix_facebook_version: v0.3.2
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
@ -42,7 +42,7 @@ matrix_mautrix_facebook_homeserver_token: ''
# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future). # - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
# #
# To use Postgres: # To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables # - adjust your database credentials via the `matrix_mautrix_facebook_database_*` variables
matrix_mautrix_facebook_database_engine: 'postgres' matrix_mautrix_facebook_database_engine: 'postgres'
matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db" matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"

@ -86,6 +86,7 @@
service: service:
name: matrix-mautrix-facebook name: matrix-mautrix-facebook
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mautrix_facebook_stat_database.stat.exists" when: "matrix_mautrix_facebook_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mautrix-facebook name: matrix-mautrix-facebook
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_facebook_service_stat.stat.exists" when: "matrix_mautrix_facebook_service_stat.stat.exists"

@ -10,22 +10,14 @@
- "matrix_mautrix_facebook_homeserver_token" - "matrix_mautrix_facebook_homeserver_token"
- block: - block:
- name: Fail if on SQLite, unless on the last version supporting SQLite - name: Inject warning if on an old SQLite-supporting version
fail:
msg: >-
You're trying to use the mautrix-facebook bridge with an SQLite database.
Going forward, this bridge only supports Postgres.
To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database
when: "not matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
- name: Inject warning if still on SQLite
set_fact: set_fact:
matrix_playbook_runtime_results: | matrix_playbook_runtime_results: |
{{ {{
matrix_playbook_runtime_results|default([]) matrix_playbook_runtime_results|default([])
+ +
[ [
"NOTE: Your mautrix-facebook bridge setup is still on SQLite. Your bridge is not getting any updates and will likely stop working at some point. To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database" "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)"
] ]
}} }}
when: "matrix_mautrix_facebook_database_engine == 'sqlite'" when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"

@ -0,0 +1,115 @@
# mautrix-googlechat is a Matrix <-> googlechat bridge
# See: https://github.com/mautrix/googlechat
matrix_mautrix_googlechat_enabled: true
matrix_mautrix_googlechat_container_image_self_build: false
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
matrix_mautrix_googlechat_version: latest
# See: https://mau.dev/mautrix/googlechat/container_registry
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_googlechat_docker_image_force_pull: "{{ matrix_mautrix_googlechat_docker_image.endswith(':latest') }}"
matrix_mautrix_googlechat_base_path: "{{ matrix_base_data_path }}/mautrix-googlechat"
matrix_mautrix_googlechat_config_path: "{{ matrix_mautrix_googlechat_base_path }}/config"
matrix_mautrix_googlechat_data_path: "{{ matrix_mautrix_googlechat_base_path }}/data"
matrix_mautrix_googlechat_docker_src_files_path: "{{ matrix_mautrix_googlechat_base_path }}/docker-src"
matrix_mautrix_googlechat_public_endpoint: '/mautrix-googlechat'
matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080'
# Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
matrix_mautrix_googlechat_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_mautrix_googlechat_container_extra_arguments: []
# List of systemd services that matrix-mautrix-googlechat.service depends on.
matrix_mautrix_googlechat_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-googlechat.service wants
matrix_mautrix_googlechat_systemd_wanted_services_list: []
matrix_mautrix_googlechat_appservice_token: ''
matrix_mautrix_googlechat_homeserver_token: ''
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_googlechat_database_*` variables
matrix_mautrix_googlechat_database_engine: 'sqlite'
matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
matrix_mautrix_googlechat_sqlite_database_path_in_container: "/data/mautrix-googlechat.db"
matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat'
matrix_mautrix_googlechat_database_password: 'some-password'
matrix_mautrix_googlechat_database_hostname: 'matrix-postgres'
matrix_mautrix_googlechat_database_port: 5432
matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat'
matrix_mautrix_googlechat_database_connection_string: 'postgres://{{ matrix_mautrix_googlechat_database_username }}:{{ matrix_mautrix_googlechat_database_password }}@{{ matrix_mautrix_googlechat_database_hostname }}:{{ matrix_mautrix_googlechat_database_port }}/{{ matrix_mautrix_googlechat_database_name }}'
matrix_mautrix_googlechat_appservice_database: "{{
{
'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container),
'postgres': matrix_mautrix_googlechat_database_connection_string,
}[matrix_mautrix_googlechat_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_googlechat_login_shared_secret: ''
matrix_mautrix_googlechat_appservice_bot_username: googlechatbot
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_googlechat_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_googlechat_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_googlechat_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_googlechat_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_googlechat_configuration_yaml`.
matrix_mautrix_googlechat_configuration_extension: "{{ matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml if matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_googlechat_configuration_yaml`.
matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml|from_yaml|combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}"
matrix_mautrix_googlechat_registration_yaml: |
id: googlechat
as_token: "{{ matrix_mautrix_googlechat_appservice_token }}"
hs_token: "{{ matrix_mautrix_googlechat_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@googlechat_.+:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_googlechat_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_googlechat_appservice_address }}
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_googlechat_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml|from_yaml }}"

@ -0,0 +1,69 @@
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled"
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}"
when: matrix_mautrix_googlechat_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mautrix-googlechat-registration.yaml"] }}
when: matrix_mautrix_googlechat_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
set_fact:
matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_googlechat_public_endpoint }} {
{% if matrix_nginx_proxy_enabled|default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-googlechat:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mautrix_googlechat_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
URL endpoint to the matrix-mautrix-googlechat container.
You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
when: "matrix_mautrix_googlechat_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)"

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool"
tags:
- setup-all
- setup-mautrix-googlechat
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool"
tags:
- setup-all
- setup-mautrix-googlechat
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mautrix_googlechat_enabled|bool"
tags:
- setup-all
- setup-mautrix-googlechat

@ -0,0 +1,129 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- set_fact:
matrix_mautrix_googlechat_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result
- block:
- set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
caller: "{{ role_path|basename }}"
engine_variable_name: 'matrix_mautrix_googlechat_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-googlechat.service']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- set_fact:
matrix_mautrix_googlechat_requires_restart: true
when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_mautrix_googlechat_database_engine == 'postgres'"
- name: Ensure Mautrix googlechat image is pulled
docker_image:
name: "{{ matrix_mautrix_googlechat_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}"
when: not matrix_mautrix_googlechat_container_image_self_build
- name: Ensure Mautrix googlechat paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mautrix_googlechat_base_path }}", when: true }
- { path: "{{ matrix_mautrix_googlechat_config_path }}", when: true }
- { path: "{{ matrix_mautrix_googlechat_data_path }}", when: true }
- { path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}" }
when: "item.when|bool"
- name: Ensure Mautrix Hangots repository is present on self build
git:
repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_googlechat_git_pull_results
when: "matrix_mautrix_googlechat_container_image_self_build|bool"
- name: Ensure Mautrix googlechat Docker image is built
docker_image:
name: "{{ matrix_mautrix_googlechat_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_googlechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_googlechat_container_image_self_build|bool"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db"
register: matrix_mautrix_googlechat_stat_database
- name: (Data relocation) Ensure matrix-mautrix-googlechat.service is stopped
service:
name: matrix-mautrix-googlechat
state: stopped
enabled: no
daemon_reload: yes
failed_when: false
when: "matrix_mautrix_googlechat_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-googlechat database file to ./data directory
command: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
when: "matrix_mautrix_googlechat_stat_database.stat.exists"
- name: Ensure mautrix-googlechat config.yaml installed
copy:
content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-googlechat registration.yaml installed
copy:
content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-googlechat.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service"
mode: 0644
register: matrix_mautrix_googlechat_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_googlechat_systemd_service_result.changed"
- name: Ensure matrix-mautrix-googlechat.service restarted, if necessary
service:
name: "matrix-mautrix-googlechat.service"
state: restarted
when: "matrix_mautrix_googlechat_requires_restart|bool"

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-mautrix-googlechat service
stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service"
register: matrix_mautrix_googlechat_service_stat
- name: Ensure matrix-mautrix-googlechat is stopped
service:
name: matrix-mautrix-googlechat
state: stopped
enabled: no
daemon_reload: yes
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- name: Ensure matrix-mautrix-googlechat.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service"
state: absent
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal
service:
daemon_reload: yes
when: "matrix_mautrix_googlechat_service_stat.stat.exists"

@ -0,0 +1,14 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_googlechat_public_endpoint"
- "matrix_mautrix_googlechat_appservice_token"
- "matrix_mautrix_googlechat_homeserver_token"
- debug:
msg:
- '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}'

@ -0,0 +1,145 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_googlechat_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_googlechat_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_googlechat_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: {{ matrix_mautrix_googlechat_appservice_database|to_json }}
# The unique ID of this appservice.
id: googlechat
# Username of the appservice bot.
bot_username: {{ matrix_mautrix_googlechat_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: googlechat bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_googlechat_appservice_token }}"
hs_token: "{{ matrix_mautrix_googlechat_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for googlechat users.
# {userid} is replaced with the user ID of the googlechat user.
username_template: "googlechat_{userid}"
# Displayname template for googlechat users.
# {displayname} is replaced with the display name of the googlechat user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (googlechat)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the googlechat users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your googlechat account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_googlechat_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_googlechat_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_googlechat_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_googlechat_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_googlechat.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix googlechat bridge
{% for service in matrix_mautrix_googlechat_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_googlechat_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-googlechat \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_mautrix_googlechat_container_http_host_bind_port %}
-p {{ matrix_mautrix_googlechat_container_http_host_bind_port }}:8080 \
{% endif %}
-v {{ matrix_mautrix_googlechat_config_path }}:/config:z \
-v {{ matrix_mautrix_googlechat_data_path }}:/data:z \
{% for arg in matrix_mautrix_googlechat_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_googlechat_docker_image }} \
python3 -m mautrix_googlechat -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-googlechat
[Install]
WantedBy=multi-user.target

@ -47,7 +47,7 @@ matrix_mautrix_hangouts_homeserver_token: ''
# #
# To use Postgres: # To use Postgres:
# - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`) # - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables # - adjust your database credentials via the `matrix_mautrix_hangouts_database_*` variables
matrix_mautrix_hangouts_database_engine: 'sqlite' matrix_mautrix_hangouts_database_engine: 'sqlite'
matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"

@ -85,6 +85,7 @@
service: service:
name: matrix-mautrix-hangouts name: matrix-mautrix-hangouts
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mautrix_hangouts_stat_database.stat.exists" when: "matrix_mautrix_hangouts_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mautrix-hangouts name: matrix-mautrix-hangouts
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_hangouts_service_stat.stat.exists" when: "matrix_mautrix_hangouts_service_stat.stat.exists"

@ -37,7 +37,7 @@ matrix_mautrix_instagram_homeserver_token: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use Postgres: # To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables # - adjust your database credentials via the `matrix_mautrix_instagram_database_*` variables
matrix_mautrix_instagram_database_engine: 'postgres' matrix_mautrix_instagram_database_engine: 'postgres'
matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram' matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'

@ -8,6 +8,7 @@
service: service:
name: matrix-mautrix-instagram name: matrix-mautrix-instagram
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_instagram_service_stat.stat.exists" when: "matrix_mautrix_instagram_service_stat.stat.exists"

@ -17,7 +17,7 @@ matrix_mautrix_signal_daemon_container_self_build: false
matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"

@ -10,6 +10,7 @@
service: service:
name: matrix-mautrix-signal-daemon name: matrix-mautrix-signal-daemon
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" when: "matrix_mautrix_signal_daemon_service_stat.stat.exists"
@ -29,6 +30,7 @@
service: service:
name: matrix-mautrix-signal name: matrix-mautrix-signal
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_signal_service_stat.stat.exists" when: "matrix_mautrix_signal_service_stat.stat.exists"

@ -15,6 +15,8 @@ homeserver:
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests. # The bridge will use the appservice as_token to authorize requests.
status_endpoint: null status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Application service host/registration related details # Application service host/registration related details
# Changing these values requires regeneration of the registration. # Changing these values requires regeneration of the registration.
@ -32,25 +34,19 @@ appservice:
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1 max_body_size: 1
# The full URI to the database. Only Postgres is currently supported. # The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: {{ matrix_mautrix_signal_database_connection_string }} database: {{ matrix_mautrix_signal_database_connection_string }}
# Additional arguments for asyncpg.create_pool() # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
database_opts: database_opts:
min_size: 5 min_size: 5
max_size: 10 max_size: 10
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice. # The unique ID of this appservice.
id: signal id: signal
# Username of the appservice bot. # Username of the appservice bot.
@ -66,7 +62,12 @@ appservice:
# Example: "+signal:example.com". Set to false to disable. # Example: "+signal:example.com". Set to false to disable.
community_id: false community_id: false
# Authentication tokens for AS <-> HS communication. # Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_signal_appservice_token }}" as_token: "{{ matrix_mautrix_signal_appservice_token }}"
hs_token: "{{ matrix_mautrix_signal_homeserver_token }}" hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
@ -75,6 +76,17 @@ metrics:
enabled: false enabled: false
listen_port: 8000 listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal: signal:
# Path to signald unix socket # Path to signald unix socket
socket_path: /signald/signald.sock socket_path: /signald/signald.sock
@ -91,6 +103,8 @@ signal:
delete_unknown_accounts_on_start: false delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged. # Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Bridge config # Bridge config
bridge: bridge:
@ -102,6 +116,7 @@ bridge:
# available variable in displayname_preference. The variables in displayname_preference # available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly. # can also be used here directly.
displayname_template: "{displayname} (Signal)" displayname_template: "{displayname} (Signal)"
# Whether or not contact list displaynames should be used.
# Possible values: disallow, allow, prefer # Possible values: disallow, allow, prefer
# #
# Multi-user instances are recommended to disallow contact list names, as otherwise there can # Multi-user instances are recommended to disallow contact list names, as otherwise there can
@ -140,7 +155,7 @@ bridge:
# If false, created portal rooms will never be federated. # If false, created portal rooms will never be federated.
federate_rooms: true federate_rooms: true
# End-to-bridge encryption support options. You must install the e2be optional dependency for # End-to-bridge encryption support options. You must install the e2be optional dependency for
# this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html # this to work. See https://github.com/tulir/mautrix-telegram/wiki/Endtobridge-encryption
encryption: encryption:
# Allow encryption, work in group chat rooms with e2ee enabled # Allow encryption, work in group chat rooms with e2ee enabled
allow: false allow: false
@ -173,12 +188,38 @@ bridge:
# This field will automatically be changed back to false after it, # This field will automatically be changed back to false after it,
# except if the config file is not writable. # except if the config file is not writable.
resend_bridge_info: false resend_bridge_info: false
# Interval at which to resync contacts. # Interval at which to resync contacts (in seconds).
periodic_sync: 0 periodic_sync: 0
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The prefix for commands. Only required in non-management rooms. # The prefix for commands. Only required in non-management rooms.
command_prefix: "!signal" command_prefix: "!signal"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Signal bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `register` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge. # Permissions for using the bridge.
# Permitted values: # Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands. # relay - Allowed to be relayed through the bridge, no access to commands.

@ -13,7 +13,7 @@ matrix_mautrix_telegram_container_self_build: false
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_version: v0.10.1 matrix_mautrix_telegram_version: v0.10.2
# See: https://mau.dev/mautrix/telegram/container_registry # See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@ -63,7 +63,7 @@ matrix_mautrix_telegram_homeserver_token: ''
# #
# To use Postgres: # To use Postgres:
# - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`) # - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables # - adjust your database credentials via the `matrix_mautrix_telegram_database_*` variables
matrix_mautrix_telegram_database_engine: 'sqlite' matrix_mautrix_telegram_database_engine: 'sqlite'
matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db" matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"

@ -107,6 +107,7 @@
service: service:
name: matrix-mautrix-telegram name: matrix-mautrix-telegram
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mautrix_telegram_stat_database.stat.exists" when: "matrix_mautrix_telegram_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mautrix-telegram name: matrix-mautrix-telegram
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_telegram_service_stat.stat.exists" when: "matrix_mautrix_telegram_service_stat.stat.exists"

@ -36,14 +36,13 @@ matrix_mautrix_whatsapp_homeserver_token: ''
matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
# #
# To use Postgres: # To use Postgres:
# - change the engine (`matrix_mautrix_whatsapp_database_engine: 'postgres'`) # - change the engine (`matrix_mautrix_whatsapp_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_whatsapp_postgres_*` variables # - adjust your database credentials via the `matrix_mautrix_whatsapp_database_*` variables
matrix_mautrix_whatsapp_database_engine: 'sqlite' matrix_mautrix_whatsapp_database_engine: 'sqlite'
matrix_mautrix_whatsapp_sqlite_database_path_local: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" matrix_mautrix_whatsapp_sqlite_database_path_local: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"
@ -71,9 +70,14 @@ matrix_mautrix_whatsapp_appservice_database_uri: "{{
}[matrix_mautrix_whatsapp_database_engine] }[matrix_mautrix_whatsapp_database_engine]
}}" }}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_whatsapp_login_shared_secret: '' matrix_mautrix_whatsapp_login_shared_secret: ''
matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_mautrix_whatsapp_bridge_double_puppet_server_map:
"{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}"
# Default mautrix-whatsapp configuration template which covers the generic use case. # Default mautrix-whatsapp configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.

@ -93,6 +93,7 @@
service: service:
name: matrix-mautrix-whatsapp name: matrix-mautrix-whatsapp
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mautrix_whatsapp_stat_database.stat.exists" when: "matrix_mautrix_whatsapp_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mautrix-whatsapp name: matrix-mautrix-whatsapp
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_whatsapp_service_stat.stat.exists" when: "matrix_mautrix_whatsapp_service_stat.stat.exists"

@ -7,15 +7,17 @@ homeserver:
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details. # Application service host/registration related details.
# Changing these values requires regeneration of the registration. # Changing these values requires regeneration of the registration.
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: "null"
appservice: appservice:
# The address that the homeserver can use to connect to this appservice. # The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }} address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
hostname: 0.0.0.0 hostname: 0.0.0.0
port: 8080 port: 8080
# Database config. # Database config.
database: database:
# The database type. "sqlite3" and "postgres" are supported. # The database type. "sqlite3" and "postgres" are supported.
@ -27,10 +29,6 @@ appservice:
# Maximum number of connections. Mostly relevant for Postgres. # Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20 max_open_conns: 20
max_idle_conns: 2 max_idle_conns: 2
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice. # The unique ID of this appservice.
id: whatsapp id: whatsapp
# Appservice bot details. # Appservice bot details.
@ -41,7 +39,6 @@ appservice:
# to leave display name/avatar as-is. # to leave display name/avatar as-is.
displayname: WhatsApp bridge bot displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
@ -51,79 +48,137 @@ bridge:
# Localpart template of MXIDs for WhatsApp users. # Localpart template of MXIDs for WhatsApp users.
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
username_template: "{{ 'whatsapp_{{.}}' }}" username_template: "{{ 'whatsapp_{{.}}' }}"
# Displayname template for WhatsApp users. displayname_template: "{{ '{{if .PushName}}{{.PushName}}{{else if .BusinessName}}{{.BusinessName}}{{else}}{{.JID}}{{end}} (WA)' }}"
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
# {{ '{{.Jid}}' }} - phone number (international format) delivery_receipts: false
# The following variables are also available, but will cause problems on multi-user instances: # Should incoming calls send a message to the Matrix room?
# {{ '{{.Name}}' }} - display name from contact list call_start_notices: true
# {{ '{{.Short}}' }} - short display name from contact list # Should another user's cryptographic identity changing send a message to Matrix?
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" identity_change_notices: false
# WhatsApp connection timeout in seconds. # Should a "reactions not yet supported" warning be sent to the Matrix room when a user reacts to a message?
connection_timeout: 20 reaction_notices: true
# Maximum number of times to retry connecting on connection error. portal_message_buffer: 128
max_connection_attempts: 3 # Settings for handling history sync payloads. These settings only apply right after login,
# Number of seconds to wait between connection attempts. # because the phone only sends the history sync data once, and there's no way to re-request it
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts # (other than logging out and back in again).
connection_retry_delay: -1 history_sync:
# Whether or not the bridge should send a notice to the user's management room when it retries connecting. # Should the bridge create portals for chats in the history sync payload?
# If false, it will only report when it stops retrying. create_portals: true
report_connection_retry: true # Maximum age of chats in seconds to create portals for. Set to 0 to create portals for all chats in sync payload.
# Maximum number of seconds to wait for chats to be sent at startup. max_age: 604800
# If this is too low and you have lots of chats, it could cause backfilling to fail. # Enable backfilling history sync payloads from WhatsApp using batch sending?
chat_list_wait: 30 # This requires a server with MSC2716 support, which is currently an experimental feature in synapse.
# Maximum number of seconds to wait to sync portals before force unlocking message processing. # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
# If this is too low and you have lots of chats, it could cause backfilling to fail. # Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers.
portal_sync_wait: 600 backfill: false
# Use double puppets for backfilling?
# Whether or not to send call start/end notices to Matrix. # In order to use this, the double puppets must be in the appservice's user ID namespace
call_notices: # (because the bridge can't use the double puppet access token with batch sending).
start: true # This only affects double puppets on the local server, double puppets on other servers will never be used.
end: true # Doesn't work out of box with this playbook
double_puppet_backfill: false
# Number of chats to sync for new users. # Should the bridge request a full sync from the phone when logging in?
initial_chat_sync_count: 10 # This bumps the size of history syncs from 3 months to 1 year.
# Number of old messages to fill when creating new portal rooms. request_full_sync: false
initial_history_fill_count: 20 user_avatar_sync: true
# Maximum number of chats to sync when recovering from downtime. # Should Matrix users leaving groups be bridged to WhatsApp?
# Set to -1 to sync all new chats during downtime. bridge_matrix_leave: true
recovery_chat_sync_limit: -1 # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth # Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# When double puppeting is enabled, users can use `!wa toggle` to change whether
# presence and read receipts are bridged. These settings set the default values.
# Existing users won't be affected when these are changed.
default_bridge_receipts: true
default_bridge_presence: true
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
# #
# If set, custom puppets will be enabled automatically for local users # If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix` # instead of users having to find an access token and run `login-matrix`
# manually. # manually.
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} login_shared_secret_map: {{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map|to_json }}
# Should the bridge explicitly set the avatar and room name for private chat portal rooms?
# Whether or not to invite own WhatsApp user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: false private_chat_portal_meta: false
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
# Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
archive_tag: null
# Same as above, but for pinned chats. The favorite tag is called m.favourite
pinned_tag: null
# Should mute status and tags only be bridged when the portal room is created?
tag_only_on_create: true
# Should WhatsApp status messages be bridged into a Matrix room?
# Disabling this won't affect already created status broadcast rooms.
enable_status_broadcast: true
# Should the status broadcast room be muted and moved into low priority by default?
# This is only applied when creating the room, the user can unmute/untag it later.
mute_status_broadcast: true
# Should the bridge use thumbnails from WhatsApp?
# They're disabled by default due to very low resolution.
whatsapp_thumbnail: false
# Allow invite permission for user. User can invite any bots to room with whatsapp # Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups) # users (private chat and groups)
allow_user_invite: false allow_user_invite: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# The prefix for commands. Only required in non-management rooms. # The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa" command_prefix: "!wa"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a WhatsApp bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
# It is recommended to also set private_chat_portal_meta to true when using this.
default: false
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Permissions for using the bridge. # Permissions for using the bridge.
# Permitted values: # Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a WhatsApp account. # user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools # admin - User level and some additional administration tools
# Permitted keys: # Permitted keys:
@ -133,15 +188,13 @@ bridge:
permissions: permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
relaybot: # Settings for relay mode
# Whether or not relaybot support is enabled. relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false enabled: false
# The management room for the bot. This is where all status notifications are posted and # Should only admins be allowed to set themselves as relay users?
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting admin_only: true
# the command prefix completely like in user management rooms is not possible.
management: '!foo:example.com'
# List of users to invite to all created rooms that include the relaybot.
invites: []
# The formats to use when sending messages to WhatsApp via the relaybot. # The formats to use when sending messages to WhatsApp via the relaybot.
message_formats: message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}" m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
@ -152,6 +205,7 @@ bridge:
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file" m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video" m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location" m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
# Logging config. # Logging config.
logging: logging:
# The directory for log files. Will be created if not found. # The directory for log files. Will be created if not found.

@ -27,6 +27,8 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}"
# "@user:server.com" to allow specific user # "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver # "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone # "@.*" to allow anyone

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-discord name: matrix-mx-puppet-discord
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_discord_service_stat.stat.exists" when: "matrix_mx_puppet_discord_service_stat.stat.exists"

@ -9,17 +9,17 @@ bridge:
domain: {{ matrix_mx_puppet_discord_homeserver_domain }} domain: {{ matrix_mx_puppet_discord_homeserver_domain }}
# Reachable URL of the Matrix homeserver # Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }} homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }}
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
mediaUrl: {{ matrix_mx_puppet_discord_bridge_mediaUrl }}
{% if matrix_mx_puppet_discord_login_shared_secret != '' %} {% if matrix_mx_puppet_discord_login_shared_secret != '' %}
loginSharedSecretMap: loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }} {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }}
{% endif %} {% endif %}
# Display name of the bridge bot # Display name of the bridge bot
displayname: Discord Puppet Bridge displayname: Discord Puppet Bridge
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
#mediaUrl: https://external-url.org
presence: presence:
# Bridge Discord online/offline status # Bridge Discord online/offline status

@ -31,6 +31,7 @@
service: service:
name: matrix-mx-puppet-groupme name: matrix-mx-puppet-groupme
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mx_puppet_groupme_stat_database.stat.exists" when: "matrix_mx_puppet_groupme_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-groupme name: matrix-mx-puppet-groupme
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_groupme_service_stat.stat.exists" when: "matrix_mx_puppet_groupme_service_stat.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-instagram name: matrix-mx-puppet-instagram
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_instagram_service_stat.stat.exists" when: "matrix_mx_puppet_instagram_service_stat.stat.exists"

@ -31,6 +31,7 @@
service: service:
name: matrix-mx-puppet-skype name: matrix-mx-puppet-skype
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mx_puppet_skype_stat_database.stat.exists" when: "matrix_mx_puppet_skype_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-skype name: matrix-mx-puppet-skype
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_skype_service_stat.stat.exists" when: "matrix_mx_puppet_skype_service_stat.stat.exists"

@ -31,6 +31,7 @@
service: service:
name: matrix-mx-puppet-slack name: matrix-mx-puppet-slack
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mx_puppet_slack_stat_database.stat.exists" when: "matrix_mx_puppet_slack_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-slack name: matrix-mx-puppet-slack
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_slack_service_stat.stat.exists" when: "matrix_mx_puppet_slack_service_stat.stat.exists"

@ -31,6 +31,7 @@
service: service:
name: matrix-mx-puppet-steam name: matrix-mx-puppet-steam
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mx_puppet_steam_stat_database.stat.exists" when: "matrix_mx_puppet_steam_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-steam name: matrix-mx-puppet-steam
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_steam_service_stat.stat.exists" when: "matrix_mx_puppet_steam_service_stat.stat.exists"

@ -31,6 +31,7 @@
service: service:
name: matrix-mx-puppet-twitter name: matrix-mx-puppet-twitter
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
failed_when: false failed_when: false
when: "matrix_mx_puppet_twitter_stat_database.stat.exists" when: "matrix_mx_puppet_twitter_stat_database.stat.exists"

@ -9,6 +9,7 @@
service: service:
name: matrix-mx-puppet-twitter name: matrix-mx-puppet-twitter
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_mx_puppet_twitter_service_stat.stat.exists" when: "matrix_mx_puppet_twitter_service_stat.stat.exists"

@ -26,7 +26,7 @@ matrix_sms_bridge_systemd_wanted_services_list: []
matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080'
matrix_sms_bridge_homeserver_hostname: 'matrix-synapse' matrix_sms_bridge_homeserver_hostname: 'matrix-synapse'
matrix_sms_bridge_homeserver_port: '8008' matrix_sms_bridge_homeserver_port: ""
matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
matrix_sms_bridge_default_room: '' matrix_sms_bridge_default_room: ''

@ -9,6 +9,7 @@
service: service:
name: matrix-sms-bridge name: matrix-sms-bridge
state: stopped state: stopped
enabled: no
daemon_reload: yes daemon_reload: yes
when: "matrix_sms_bridge_service_stat.stat.exists" when: "matrix_sms_bridge_service_stat.stat.exists"
@ -16,4 +17,4 @@
file: file:
path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
state: absent state: absent
when: "matrix_sms_bridge_service_stat.stat.exists" when: "matrix_sms_bridge_service_stat.stat.exists"

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save