From 43fd3cc274846a1153a5a238e793cac0d39294e6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 May 2019 09:34:31 +0900 Subject: [PATCH] Move mautrix-facebook into a separate role --- group_vars/matrix-servers | 18 ++++++ .../defaults/main.yml | 25 +++++++++ .../tasks}/init.yml | 2 +- .../tasks/main.yml | 21 +++++++ .../tasks/setup-install.yml} | 55 ++++++------------- .../tasks/setup-uninstall.yml | 6 ++ .../tasks/validate_config.yml | 10 ++++ .../templates}/config.yaml.j2 | 8 +-- .../matrix-mautrix-facebook.service.j2 | 16 ++++-- roles/matrix-synapse/defaults/main.yml | 12 ---- roles/matrix-synapse/tasks/ext/init.yml | 2 - roles/matrix-synapse/tasks/ext/setup.yml | 2 - setup.yml | 1 + 13 files changed, 115 insertions(+), 63 deletions(-) create mode 100644 roles/matrix-bridge-mautrix-facebook/defaults/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-facebook => matrix-bridge-mautrix-facebook/tasks}/init.yml (72%) create mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-facebook/setup.yml => matrix-bridge-mautrix-facebook/tasks/setup-install.yml} (54%) create mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml create mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml rename roles/{matrix-synapse/templates/ext/mautrix-facebook => matrix-bridge-mautrix-facebook/templates}/config.yaml.j2 (94%) rename roles/{matrix-synapse/templates/ext/mautrix-facebook => matrix-bridge-mautrix-facebook/templates}/systemd/matrix-mautrix-facebook.service.j2 (76%) diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 41cd2e02..4902ffc6 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -48,6 +48,24 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_ ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-facebook +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_facebook_enabled: false + +matrix_mautrix_facebook_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] + +###################################################################### +# +# /matrix-bridge-mautrix-facebook +# +###################################################################### + + ###################################################################### # # matrix-bridge-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml new file mode 100644 index 00000000..48740e1e --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -0,0 +1,25 @@ +# mautrix-facebook is a Matrix <-> Facebook bridge +# See: https://github.com/tulir/mautrix-facebook + +matrix_mautrix_facebook_enabled: true + +matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" + +matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" + +# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/ +matrix_mautrix_facebook_api_id: '' +matrix_mautrix_facebook_api_hash: '' + +matrix_mautrix_facebook_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}' +matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' +matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080' + +# A list of extra arguments to pass to the container +matrix_mautrix_facebook_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-facebook.service depends on. +matrix_mautrix_facebook_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-facebook.service wants +matrix_mautrix_facebook_systemd_wanted_services_list: [] diff --git a/roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml similarity index 72% rename from roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml rename to roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 3c23eb99..cafdc4d5 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}" - when: matrix_mautrix_facebook_enabled + when: "matrix_mautrix_facebook_enabled" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml new file mode 100644 index 00000000..b53c6b0b --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup and matrix_mautrix_facebook_enabled" + tags: + - setup-all + - setup-mautrix-facebook + +- import_tasks: "{{ role_path }}/tasks/setup-install.yml" + when: "run_setup and matrix_mautrix_facebook_enabled" + tags: + - setup-all + - setup-mautrix-facebook + +- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" + when: "run_setup and not matrix_mautrix_facebook_enabled" + tags: + - setup-all + - setup-mautrix-facebook diff --git a/roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml similarity index 54% rename from roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml rename to roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml index 2c13886a..f0c29193 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml @@ -1,63 +1,55 @@ --- +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + - name: Ensure Mautrix Facebook image is pulled docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" - when: "matrix_mautrix_facebook_enabled" -- name: Ensure Mautrix Facebook configuration path exists +- name: Ensure Mautrix Facebook base directory exists file: path: "{{ matrix_mautrix_facebook_base_path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_facebook_enabled" - name: Check if a mautrix-facebook configuration file exists stat: path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml" register: mautrix_facebook_config_file_stat - when: "matrix_mautrix_facebook_enabled" - name: Ensure Matrix Mautrix facebook config installed template: - src: "{{ role_path }}/templates/ext/mautrix-facebook/config.yaml.j2" + src: "{{ role_path }}/templates/config.yaml.j2" dest: "{{ matrix_mautrix_facebook_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_config_file_stat.stat.exists" - -- name: (Migration) Fix up old configuration - lineinfile: - path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - backrefs: yes - with_items: - - {'regexp': '^(\s+)filename: \./mautrix-facebook.log', 'line': '\1filename: /data/mautrix-facebook.log'} - - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-facebook.db'} - when: "matrix_mautrix_facebook_enabled and mautrix_facebook_config_file_stat.stat.exists" + when: "not mautrix_facebook_config_file_stat.stat.exists" - name: Ensure matrix-mautrix-facebook.service installed template: - src: "{{ role_path }}/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2" + src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" dest: "/etc/systemd/system/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result - when: "matrix_mautrix_facebook_enabled" - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation service: daemon_reload: yes - when: "matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_systemd_service_result.changed" + when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Check if a mautrix-facebook registration file exists stat: path: "{{ matrix_mautrix_facebook_base_path }}/registration.yaml" register: mautrix_facebook_registration_file_stat - when: "matrix_mautrix_facebook_enabled" - name: Generate matrix-mautrix-facebook registration.yaml if it doesn't exist shell: @@ -70,32 +62,19 @@ -v {{ matrix_mautrix_facebook_base_path }}:/data:z {{ matrix_mautrix_facebook_docker_image }} python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml - when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_registration_file_stat.stat.exists" + when: "not mautrix_facebook_registration_file_stat.stat.exists" - set_fact: matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml' - when: "matrix_mautrix_facebook_enabled" +# If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} + {{ matrix_synapse_container_additional_volumes|default([]) }} + {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }} - when: "matrix_mautrix_facebook_enabled" -- set_fact: matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files }} + {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json }} - when: "matrix_mautrix_facebook_enabled" - -# -# Tasks related to getting rid of matrix-mautrix-facebook (if it was previously enabled) -# - -- name: Ensure matrix-mautrix-facebook.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mautrix-facebook.service" - state: absent - when: "not matrix_mautrix_facebook_enabled" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml new file mode 100644 index 00000000..b403e6ec --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-mautrix-facebook.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mautrix-facebook.service" + state: absent diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml new file mode 100644 index 00000000..6b2240c8 --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_facebook_api_id" + - "matrix_mautrix_facebook_api_hash" diff --git a/roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 similarity index 94% rename from roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 rename to roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 714449f6..86033c3c 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -2,9 +2,9 @@ # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://{{ matrix_server_fqn_matrix }} + address: {{ matrix_mautrix_facebook_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_domain }} + domain: {{ matrix_mautrix_facebook_homeserver_domain }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -13,7 +13,7 @@ homeserver: # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: http://matrix-mautrix-facebook:8080 + address: {{ matrix_mautrix_facebook_appservice_address }} # The hostname and port where this appservice should listen. hostname: 0.0.0.0 @@ -73,7 +73,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_domain }}': user + '{{ matrix_mautrix_facebook_homeserver_domain }}': user # Python logging configuration. # diff --git a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 similarity index 76% rename from roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 rename to roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index ec5ffadb..18b183d8 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -1,10 +1,13 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mautrix Facebook server -After=docker.service -Requires=docker.service -Requires=matrix-synapse.service -After=matrix-synapse.service +{% for service in matrix_mautrix_facebook_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_facebook_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} [Service] Type=simple @@ -17,14 +20,19 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ {{ matrix_mautrix_facebook_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ + {% for arg in matrix_mautrix_facebook_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook Restart=always diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 749806a2..2a826d2e 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -244,18 +244,6 @@ matrix_s3_media_store_region: "eu-central-1" # Controls whether the self-check feature should validate SSL certificates. matrix_synapse_self_check_validate_certificates: true -# Matrix mautrix is a Matrix <-> Facebook bridge -# Enable facebook bridge -matrix_mautrix_facebook_enabled: false - -matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" - -matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" - -# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/ -matrix_mautrix_facebook_api_id: YOUR_FACEBOOK_APP_ID -matrix_mautrix_facebook_api_hash: YOUR_FACEBOOK_API_HASH - # Matrix Appservice IRC is a Matrix <-> IRC bridge # Enable IRC bridge matrix_appservice_irc_enabled: false diff --git a/roles/matrix-synapse/tasks/ext/init.yml b/roles/matrix-synapse/tasks/ext/init.yml index 05a96758..f6b1e0dd 100644 --- a/roles/matrix-synapse/tasks/ext/init.yml +++ b/roles/matrix-synapse/tasks/ext/init.yml @@ -1,7 +1,5 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml" - - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml" - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index f5bad306..7de0744e 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -6,8 +6,6 @@ - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml" - - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml" diff --git a/setup.yml b/setup.yml index d19ece9c..c342bd2c 100755 --- a/setup.yml +++ b/setup.yml @@ -8,6 +8,7 @@ - matrix-mailer - matrix-postgres - matrix-corporal + - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp - matrix-synapse