diff --git a/CHANGELOG.md b/CHANGELOG.md index d2f763c1..85f4a4e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +# 2019-08-21 + +## Google Hangouts support + +Thanks to the [great work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/251) of [Eduardo Beltrame (Munfred)](https://github.com/Munfred) and [Robbie D (microchipster)](https://github.com/microchipster), the playbook now supports bridging to [Google Hangouts](https://hangouts.google.com/) via the [mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts) bridge. + +Additional details are available in [Setting up Mautrix Hangouts bridging](docs/configuring-playbook-bridge-mautrix-hangouts.md). + + +# 2019-08-05 + +## Email2Matrix support + +Support for [Email2Matrix](https://github.com/devture/email2matrix) has been added. + +It's an optional feature that you can enable via the playbook. + +To learn more, see the [playbook's documentation on Email2Matrix](./docs/configuring-playbook-email2matrix.md). + + +# 2019-08-03 + +## Synapse logging level has been reduced to WARNING + +After [some discussion in our support room](https://matrix.to/#/!PukFFdIcHgtaaHZflT:devture.com/$156476852524179TBeKy:matrix.org?via=devture.com&via=matrix.org&via=librem.one), we've decided to change the default logging level for Synapse from `INFO` to `WARNING`. + +This greatly reduces the number of log messages that are being logged, leading to: + +- much less disk space dedicated to Synapse and thus, logs kept for longer +- easier to find some important `WARNING`, `ERROR` and `CRITICAL` messages, as they're not longer buried in thousands of non-important `INFO` messages + +If you'd like to track down an issue, you [can always increase the logging level as described here](./docs/maintenance-and-troubleshooting.md#increasing-synapse-logging). + + + # 2019-07-08 ## Synapse Maintenance docs and synapse-janitor support are available diff --git a/README.md b/README.md index 3f35081d..eb979034 100644 --- a/README.md +++ b/README.md @@ -38,12 +38,16 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [Whatsapp](https://www.whatsapp.com/) -- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [facebook](https://facebook.com/) +- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/) + +- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) - (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) - (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/) +- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms + - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else. @@ -108,6 +112,8 @@ This playbook sets up your server using the following Docker images: - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) +- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional) + - [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional) - [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional) @@ -120,6 +126,8 @@ This playbook sets up your server using the following Docker images: - [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-facebook/) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional) +- [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) + - [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional) - [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional) diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md new file mode 100644 index 00000000..f7f89291 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -0,0 +1,24 @@ +# Setting up Mautrix Hangouts (optional) + +The playbook can install and configure [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) for you. + +See the project's [documentation](https://github.com/tulir/mautrix-hangouts/wiki#usage) to learn what it does and why it might be useful to you. + +To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use the following playbook configuration: + + +```yaml +matrix_mautrix_hangouts_enabled: true +``` + +## Usage + +Once the bot is enabled you need to start a chat with `Hangouts bridge bot` with handle `@hangoutsbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login` to the bridge bot to receive a link to the portal from which you can enable the bridging. Open the link sent by the bot and follow the instructions. + +Automatic login may not work. If it does not, reload the page and select the "Manual login" checkbox before starting. Manual login involves logging into your Google account normally and then manually getting the OAuth token from browser cookies with developer tools. + +Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages. + +You can learn more about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication). diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index eb6d0612..70aeabb2 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -29,7 +29,7 @@ You are required to specify an access token for Dimension to work. To get an access token, follow these steps: 1. In a private browsing session (incognito window), open Riot. -2. It's better to you use dedicated user for getting access token, so log in with this user's username and password. +2. It's preferable to use a dedicated user for the access token, so create and log in with that user's username and password. 3. Set the display name and avatar, if required. 4. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: `. 5. Copy the highlighted text to your configuration. diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 2da52ddd..0933fb54 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -7,6 +7,8 @@ This may or may not work, depending on your domain configuration (SPF settings, By default, emails are sent from `matrix@` (as specified by the `matrix_mailer_sender_address` playbook variable). +**Note**: If you are using a Google Cloud instance, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so you need to relay email through another SMTP server as described below. + ## Firewall settings @@ -31,6 +33,23 @@ matrix_mailer_relay_auth_password: "some-password" **Note**: only the secure submission protocol (using `STARTTLS`, usually on port `587`) is supported. **SMTPS** (encrypted SMTP, usually on port `465`) **is not supported**. +### Configuations for sending emails using Sendgrid +An easy and free STMP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `matrix_mailer_sender_address`. + +The only other thing you need to change is the `matrix_mailer_relay_auth_password`, which you can generate at https://app.sendgrid.com/settings/api_keys. The API key password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`. + +Note that the `matrix_mailer_relay_auth_username` is literally the string `apikey`, it's always the same for Sendgrid. + +```yaml +matrix_mailer_sender_address: "arbitrary@email.com" +matrix_mailer_relay_use: true +matrix_mailer_relay_host_name: "smtp.sendgrid.net" +matrix_mailer_relay_host_port: 587 +matrix_mailer_relay_auth: true +matrix_mailer_relay_auth_username: "apikey" +matrix_mailer_relay_auth_password: "" +``` + ## Troubleshooting If you're having trouble with email not being delivered, it may be useful to inspect the mailer logs: `journalctl -f -u matrix-mailer`. diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md new file mode 100644 index 00000000..510a9dcc --- /dev/null +++ b/docs/configuring-playbook-email2matrix.md @@ -0,0 +1,80 @@ +# Setting up Email2Matrix (optional) + +The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you. + +See the project's [documentation](https://github.com/devture/email2matrix/blob/master/docs/README.md) to learn what it does and why it might be useful to you. + + +## Preparation + +### Port availability + +Ensure that port 25 is available on your Matrix server and open in your firewall. +If you have `postfix` or some other email server software installed, you may need to manually remove it first (unless you need it, of course). + +If you really need to run an email server on the Matrix machine for other purposes, it may be possible to run Email2Matrix on another port (with a configuration like `matrix_email2matrix_smtp_host_bind_port: "127.0.0.01:2525"`) and have your other email server relay messages there. +For details about using Email2Matrix alongside [Postfix](http://www.postfix.org/), see [here](https://github.com/devture/email2matrix/blob/master/docs/setup_with_postfix.md). + +### Creating a user + +Before enabling Email2Matrix, you'd most likely wish to create a dedicated user (or more) that would be sending messages on the Matrix side. +Refer to [Registering users](registering-users.md) for ways to do that. A regular (non-admin) user works best. + +### Creating a shared room + +After creating a sender user, you should create one or more Matrix rooms that you share with that user. +It doesn't matter who creates and owns the rooms and who joins later (you or the sender user). + +What matters is that both you and the sender user are part of the same room and that the sender user has enough privileges in the room to be able to send messages there. +Inviting additional people to the room is okay too. + +Take note of each room's room id (different clients show the room id in a different place). +You'll need the room id when doing [Configuration](#configuration) below. + + +### Obtaining an access token for the sender user + +In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it. + +To do this, you can execute a command like this: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +Take note of the `access_token` value. You'll need the access token when doing [Configuration](#configuration) below. + + +## Configuration + +After doing the preparation steps above, adjust your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration like this: + +```yaml +matrix_email2matrix_enabled: true + +matrix_email2matrix_matrix_mappings: + - MailboxName: "my-mailbox" + MatrixRoomId: "!someRoom:DOMAIN" + MatrixHomeserverUrl: "https://matrix.DOMAIN" + MatrixUserId: "@email2matrix:DOMAIN" + MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE" + IgnoreSubject: false + IgnoreBody: false + SkipMarkdown: false + + - MailboxName: "my-mailbox2" + MatrixRoomId: "!anotherRoom:DOMAIN" + MatrixHomeserverUrl: "https://matrix.DOMAIN" + MatrixUserId: "@email2matrix:DOMAIN" + MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE" + IgnoreSubject: true + IgnoreBody: false + SkipMarkdown: true +``` + +You can also set `MatrixHomeserverUrl` to `http://matrix-synapse:8008`, instead of the public `https://matrix.DOMAIN`. +However, that's more likely to break in the future if you switch to another server implementation than Synapse. + +Re-run the playbook (`--tags=setup-email2matrix,start`) and try sending an email to `my-mailbox@matrix.DOMAIN`. diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md new file mode 100644 index 00000000..14ae8b1d --- /dev/null +++ b/docs/configuring-playbook-ngnix.md @@ -0,0 +1,25 @@ +# Configure Ngnix (optional, advanced) + +By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443. +If that's alright, you can skip this. + + +## Using Ngnix status + +This will serve a statuspage to the hosting machine only. Useful for monitoring software like [longview](https://www.linode.com/docs/platform/longview/longview-app-for-nginx/) + +```yaml +matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true +``` + +This will serve the status page under the following addresses: +- `http://matrix.DOMAIN/nginx_status` (using HTTP) +- `https://matrix.DOMAIN/nginx_status` (using HTTPS) + +By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list: + +```yaml +matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: +- 8.8.8.8 +- 1.1.1.1 +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 601408b6..9b09efef 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -44,6 +44,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) +- [Configure Ngnix (optional, advanced)](configuring-playbook-ngnix.md) (optional, advanced) + - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced) - [Adjusting TURN server configuration](configuring-playbook-turn.md) (optional, advanced) @@ -77,8 +79,12 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional) +- [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional) + - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) + +- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) diff --git a/docs/maintenance-and-troubleshooting.md b/docs/maintenance-and-troubleshooting.md index bb8730ae..18bfdd83 100644 --- a/docs/maintenance-and-troubleshooting.md +++ b/docs/maintenance-and-troubleshooting.md @@ -16,6 +16,24 @@ You can see the logs by using journalctl. Example: sudo journalctl -fu matrix-synapse ``` + +## Increasing Synapse logging + +Because the [Synapse](https://github.com/matrix-org/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`. + +If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO`. + +Example configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`): + +```yaml +matrix_synapse_log_level: "INFO" +matrix_synapse_storage_sql_log_level: "INFO" +matrix_synapse_root_log_level: "INFO" +``` + +Re-run the playbook after making these configuration changes. + + ## Postgres See the dedicated [PostgreSQL Maintenance](maintenance-postgres.md) documentation page. diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index 4f32c2ed..bfd1abc7 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -15,6 +15,7 @@ Redirect permanent / https://matrix.DOMAIN/ +# Client-Server API ServerName matrix.DOMAIN @@ -34,22 +35,32 @@ # Keep some URIs free for different proxy/location ProxyPassMatch ^/.well-known/matrix/client ! + ProxyPassMatch ^/.well-known/matrix/server ! ProxyPassMatch ^/_matrix/identity ! ProxyPassMatch ^/_matrix/client/r0/user_directory/search ! # Proxy all remaining traffic to Synapse - ProxyPass / http://127.0.0.1:8008/ - ProxyPassReverse / http://127.0.0.1:8008/ + AllowEncodedSlashes NoDecode + ProxyPass /_matrix http://127.0.0.1:8008/_matrix retry=0 nocanon + ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix # Map /.well-known/matrix/client for client discovery Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client Require all granted - + Header always set Content-Type "application/json" Header always set Access-Control-Allow-Origin "*" + # Map /.well-known/matrix/server for server discovery + Alias /.well-known/matrix/server /matrix/static-files/.well-known/matrix/server + + Require all granted + + + Header always set Content-Type "application/json" + AllowOverride All # Apache 2.4: @@ -71,3 +82,40 @@ ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined + +# Server-Server (federation) API +# Use this apache reverse proxy template to enable matrix server-to-server federation traffic +# Be sure that network traffic on port 8448 is possible +# +# You can check your federation config at https://federationtester.matrix.org/ +# Enter there your base DOMAIN address, NOT your matrix.DOMAIN address, ex. https://DOMAIN +# +# In this example we use all services on the same machine (127.0.0.1) but you can do this with different machines. +# If you do so be sure to reach the destinated IPADRESS and the correspondending port. Check this with netstat, nmap or your favourite tool. + + ServerName matrix.DOMAIN + + SSLEngine On + + # If you manage SSL certificates by yourself, these paths will differ. + SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem + SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem + + SSLProxyEngine on + SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3 + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + + ProxyPreserveHost On + ProxyRequests Off + ProxyVia On + + # Proxy all remaining traffic to the Synapse port + # Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1 + # Of course you can use another IPADRESS in case of using other synapse servers in your network + AllowEncodedSlashes NoDecode + ProxyPass /_matrix http://127.0.0.1:8048/_matrix retry=0 nocanon + ProxyPassReverse /_matrix http://127.0.0.1:8048/_matrix + + ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log + CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined + diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 22b9d454..3b31bcaa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -156,6 +156,36 @@ matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-hangouts +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_hangouts_enabled: false + +matrix_mautrix_hangouts_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.as.token') | to_uuid }}" + +matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-hangouts +# +###################################################################### + + + + + ###################################################################### # # matrix-bridge-mautrix-telegram @@ -296,6 +326,21 @@ matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ena ###################################################################### +###################################################################### +# +# matrix-email2matrix +# +###################################################################### + +matrix_email2matrix_enabled: false + +###################################################################### +# +# /matrix-email2matrix +# +###################################################################### + + ###################################################################### # diff --git a/roles/matrix-base/tasks/setup_server_base.yml b/roles/matrix-base/tasks/setup_server_base.yml index 1aadfb12..9d3070e2 100644 --- a/roles/matrix-base/tasks/setup_server_base.yml +++ b/roles/matrix-base/tasks/setup_server_base.yml @@ -49,7 +49,7 @@ - name: Ensure Docker repository is enabled (Debian) apt_repository: - repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" + repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present update_cache: yes when: ansible_os_family == 'Debian' diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 2832167c..5e4644e1 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -69,7 +69,7 @@ matrix_appservice_discord_configuration_yaml: | disableJoinLeaveNotifications: false # Authentication configuration for the discord bot. auth: - clientID: {{ matrix_appservice_discord_client_id|string }} + clientID: {{ matrix_appservice_discord_client_id|string|to_json }} botToken: {{ matrix_appservice_discord_bot_token }} logging: # What level should the logger output to the console at. @@ -86,6 +86,8 @@ matrix_appservice_discord_configuration_yaml: | # enable: # - "DiscordBot" database: + userStorePath: "/data/user-store.db" + roomStorePath: "/data/room-store.db" # You may either use SQLite or Postgresql for the bridge database, which contains # important mappings for events and user puppeting configurations. # Use the filename option for SQLite, or connString for Postgresql. diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 384c1f3b..6f4f5979 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,10 +32,12 @@ failed_when: false when: "matrix_appservice_discord_stat_db.stat.exists" -# In addition to this, there used to be some `user-store-db` and `room-store.db` files. -# They're no longer in use, so we're not relocating them in an effort to point them out as neither `./data`, nor `./config`. - name: (Data relocation) Move AppService Discord discord.db file to ./data directory - command: "mv {{ matrix_appservice_discord_base_path }}/discord.db {{ matrix_appservice_discord_data_path }}/discord.db" + command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}" + with_items: + - discord.db + - user-store.db + - room-store.db when: "matrix_appservice_discord_stat_db.stat.exists" - name: Ensure AppService Discord config.yaml installed diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 9a1214f3..41921d75 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -3,7 +3,8 @@ matrix_mautrix_facebook_enabled: true -matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" +# See: https://mau.dev/tulir/mautrix-facebook/container_registry +matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" @@ -12,7 +13,7 @@ matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data matrix_mautrix_facebook_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080' +matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319' # A list of extra arguments to pass to the container matrix_mautrix_facebook_container_extra_arguments: [] @@ -51,7 +52,7 @@ matrix_mautrix_facebook_configuration_yaml: | # The hostname and port where this appservice should listen. hostname: 0.0.0.0 - port: 8080 + port: 29319 # The maximum body size of appservice API requests (from the homeserver) in mebibytes # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s max_body_size: 1 diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml new file mode 100644 index 00000000..01ada495 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -0,0 +1,196 @@ +# mautrix-hangouts is a Matrix <-> Hangouts bridge +# See: https://github.com/tulir/mautrix-hangouts + +matrix_mautrix_hangouts_enabled: true + +# See: https://mau.dev/tulir/mautrix-hangouts/container_registry +matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest" +matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}" + +matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts" +matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config" +matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data" + +matrix_mautrix_hangouts_public_endpoint: '/mautrix-hangouts' + +matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' +matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' +matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' + +# A list of extra arguments to pass to the container +matrix_mautrix_hangouts_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-hangouts.service depends on. +matrix_mautrix_hangouts_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-hangouts.service wants +matrix_mautrix_hangouts_systemd_wanted_services_list: [] + +matrix_mautrix_hangouts_appservice_token: '' +matrix_mautrix_hangouts_homeserver_token: '' + +# Default mxisd configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_hangouts_configuration_yaml: | + #jinja2: lstrip_blocks: "True" + # Homeserver details + homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_hangouts_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_hangouts_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + + # Application service host/registration related details + # Changing these values requires regeneration of the registration. + appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_hangouts_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: sqlite:////data/mautrix-hangouts.db + + # The unique ID of this appservice. + id: hangouts + # Username of the appservice bot. + bot_username: hangoutsbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: Hangouts bridge bot + bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy + + # Authentication tokens for AS <-> HS communication. + as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" + hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" + + # Bridge config + bridge: + # Localpart template of MXIDs for Hangouts users. + # {userid} is replaced with the user ID of the Hangouts user. + username_template: "hangouts_{userid}" + # Displayname template for Hangouts users. + # {displayname} is replaced with the display name of the Hangouts user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: '{full_name} (Hangouts)' + # Available keys: + # "name" (full name) + # "first_name" + # "last_name" + # "nickname" + # "own_nickname" (user-specific!) + displayname_preference: + - name + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!HO" + + # Number of chats to sync (and create portals for) on startup/login. + # Maximum 20, set 0 to disable automatic syncing. + initial_chat_sync: 20 + # Whether or not the Hangouts users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications when using + # your own Matrix account as the Matrix puppet for your Hangouts account. + sync_with_custom_puppets: true + + # Whether or not to bridge presence in both directions. Hangouts allows users not to broadcast + # presence, but then it won't send other users' presence to the client. + presence: true + + # Public website and API configs + web: + # Auth server config + auth: + # Publicly accessible base URL for the login endpoints. + # The prefix below is not implicitly added. This URL and all subpaths should be proxied + # or otherwise pointed to the appservice's webserver to the path specified below (prefix). + # This path should usually include a trailing slash. + # Internal prefix in the appservice web server for the login endpoints. + public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" + prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" + + + # Permissions for using the bridge. + # Permitted values: + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + + # Python logging configuration. + # + # See section 16.7.2 of the Python documentation for more info: + # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema + logging: + version: 1 + formatters: + colored: + (): mautrix_hangouts.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + hangups: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [console] + +matrix_mautrix_hangouts_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_hangouts_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_hangouts_configuration_yaml`. + +matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml if matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_hangouts_configuration_yaml`. +matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml|from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" + +matrix_mautrix_hangouts_registration_yaml: | + id: hangouts + as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" + hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" + namespaces: + users: + - exclusive: true + regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' + url: {{ matrix_mautrix_hangouts_appservice_address }} + sender_localpart: hangoutsbot + rate_limited: false + +matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml new file mode 100644 index 00000000..84e33f13 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -0,0 +1,62 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts'] }}" + when: matrix_mautrix_hangouts_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + {{ ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] }} + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} + when: matrix_mautrix_hangouts_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your plabook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_mautrix_hangouts_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` + URL endpoint to the matrix-mautrix-hangouts container. + You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. + when: "matrix_mautrix_hangouts_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml new file mode 100644 index 00000000..0df0d0e3 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" + tags: + - setup-all + - setup-mautrix-hangouts + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" + tags: + - setup-all + - setup-mautrix-hangouts + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mautrix_hangouts_enabled|bool" + tags: + - setup-all + - setup-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml new file mode 100644 index 00000000..7f325165 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure Mautrix Hangouts image is pulled + docker_image: + name: "{{ matrix_mautrix_hangouts_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" + +- name: Ensure Mautrix Hangouts paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_mautrix_hangouts_base_path }}" + - "{{ matrix_mautrix_hangouts_config_path }}" + - "{{ matrix_mautrix_hangouts_data_path }}" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db" + register: matrix_mautrix_hangouts_stat_database + +- name: (Data relocation) Ensure matrix-mautrix-hangouts.service is stopped + service: + name: matrix-mautrix-hangouts + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mautrix_hangouts_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-hangouts database file to ./data directory + command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" + when: "matrix_mautrix_hangouts_stat_database.stat.exists" + +- name: Ensure mautrix-hangouts config.yaml installed + copy: + content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure mautrix-hangouts registration.yaml installed + copy: + content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure matrix-mautrix-hangouts.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" + dest: "/etc/systemd/system/matrix-mautrix-hangouts.service" + mode: 0644 + register: matrix_mautrix_hangouts_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation + service: + daemon_reload: yes + when: "matrix_mautrix_hangouts_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml new file mode 100644 index 00000000..ef33e238 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mautrix-hangouts service + stat: + path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + register: matrix_mautrix_hangouts_service_stat + +- name: Ensure matrix-mautrix-hangouts is stopped + service: + name: matrix-mautrix-hangouts + state: stopped + daemon_reload: yes + when: "matrix_mautrix_hangouts_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-hangouts.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + state: absent + when: "matrix_mautrix_hangouts_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal + service: + daemon_reload: yes + when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml new file mode 100644 index 00000000..8922bef4 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -0,0 +1,14 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_hangouts_public_endpoint" + - "matrix_mautrix_hangouts_appservice_token" + - "matrix_mautrix_hangouts_homeserver_token" +- debug: + msg: + - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 new file mode 100644 index 00000000..e241db3d --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -0,0 +1,48 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix Hangouts server +{% for service in matrix_mautrix_hangouts_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_hangouts_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts +ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts +ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ + -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ + {{ matrix_mautrix_hangouts_docker_image }} \ + alembic -x config=/config/config.yaml upgrade head + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre=/bin/sleep 5 + +ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ + -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ + {% for arg in matrix_mautrix_hangouts_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_hangouts_docker_image }} \ + python3 -m mautrix_hangouts -c /config/config.yaml + +ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts +ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-hangouts + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 7a7e51fd..b178635a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -3,7 +3,8 @@ matrix_mautrix_telegram_enabled: true -matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.6.0" +# See: https://mau.dev/tulir/mautrix-telegram/container_registry +matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.0" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 5ae2d39c..e158e07a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -3,7 +3,8 @@ matrix_mautrix_whatsapp_enabled: true -matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" +# See: https://mau.dev/tulir/mautrix-whatsapp/container_registry +matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/tulir/mautrix-whatsapp" matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index af9d1001..c8694535 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.4.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.5.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml new file mode 100644 index 00000000..68ff1990 --- /dev/null +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -0,0 +1,43 @@ +matrix_email2matrix_enabled: true + +matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" +matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config" + +matrix_email2matrix_docker_image: "devture/email2matrix:1.0.1" +matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" + +# A list of extra arguments to pass to the container +matrix_email2matrix_container_extra_arguments: [] + +# List of systemd services that matrix-corporal.service depends on +matrix_email2matrix_systemd_required_services_list: ['docker.service'] + +# Controls where the matrix-email2matrix container exposes the SMTP (tcp/2525 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:2525"). +# +# By default, we listen on port 25 on all of the host's network interfaces. +matrix_email2matrix_smtp_host_bind_port: "25" + +matrix_email2matrix_smtp_hostname: "{{ matrix_server_fqn_matrix }}" + +# A list of mailbox to Matrix mappings. +# +# Example: +# matrix_email2matrix_matrix_mappings: +# - MailboxName: "mailbox1" +# MatrixRoomId: "!bpcwlxIUxVvvgXcbjy:example.com" +# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}" +# MatrixUserId": "@email2matrix:{{ matrix_domain }}" +# MatrixAccessToken": "TOKEN_HERE" +# IgnoreSubject: false +# +# - MailboxName: "mailbox2" +# MatrixRoomId: "!another:example.com" +# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}" +# MatrixUserId": "@email2matrix:{{ matrix_domain }}" +# MatrixAccessToken": "TOKEN_HERE" +# IgnoreSubject: true +matrix_email2matrix_matrix_mappings: [] + +matrix_email2matrix_misc_debug: false diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml new file mode 100644 index 00000000..007a5476 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix'] }}" + when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml new file mode 100644 index 00000000..23114673 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/main.yml @@ -0,0 +1,15 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_email2matrix_enabled|bool" + tags: + - setup-all + - setup-email2matrix + +- import_tasks: "{{ role_path }}/tasks/setup_email2matrix.yml" + when: run_setup|bool + tags: + - setup-all + - setup-email2matrix diff --git a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml new file mode 100644 index 00000000..9d9109e3 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml @@ -0,0 +1,88 @@ +--- + +# +# Tasks related to setting up Email2Matrix +# + +- name: Ensure Email2Matrix paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_email2matrix_base_path }}" + - "{{ matrix_email2matrix_config_dir_path }}" + when: matrix_email2matrix_enabled|bool + +- name: Ensure Email2Matrix configuration file created + template: + src: "{{ role_path }}/templates/config.json.j2" + dest: "{{ matrix_email2matrix_config_dir_path }}/config.json" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + mode: 0640 + when: matrix_email2matrix_enabled|bool + +- name: Ensure Email2Matrix image is pulled + docker_image: + name: "{{ matrix_email2matrix_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" + when: matrix_email2matrix_enabled|bool + +- name: Ensure matrix-email2matrix.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" + dest: "/etc/systemd/system/matrix-email2matrix.service" + mode: 0644 + register: matrix_email2matrix_systemd_service_result + when: matrix_email2matrix_enabled|bool + +- name: Ensure systemd reloaded after matrix-email2matrix.service installation + service: + daemon_reload: yes + when: "matrix_email2matrix_enabled|bool and matrix_email2matrix_systemd_service_result.changed" + +# +# Tasks related to getting rid of the Email2Matrix (if it was previously enabled) +# + +- name: Check existence of matrix-email2matrix service + stat: + path: "/etc/systemd/system/matrix-email2matrix.service" + register: matrix_email2matrix_service_stat + when: "not matrix_email2matrix_enabled|bool" + +- name: Ensure matrix-email2matrix is stopped + service: + name: matrix-email2matrix + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" + +- name: Ensure matrix-email2matrix.service doesn't exist + file: + path: "/etc/systemd/system/matrix-email2matrix.service" + state: absent + when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-email2matrix.service removal + service: + daemon_reload: yes + when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" + +- name: Ensure Email2Matrix data path doesn't exist + file: + path: "{{ matrix_email2matrix_base_path }}" + state: absent + when: "not matrix_email2matrix_enabled|bool" + +- name: Ensure Email2Matrix Docker image doesn't exist + docker_image: + name: "{{ matrix_email2matrix_docker_image }}" + state: absent + when: "not matrix_email2matrix_enabled|bool" diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/matrix-email2matrix/tasks/validate_config.yml new file mode 100644 index 00000000..d8beecf4 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/validate_config.yml @@ -0,0 +1,7 @@ +--- + +- name: Fail if no mappings + fail: + msg: > + You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. + when: "matrix_email2matrix_matrix_mappings|length == 0" diff --git a/roles/matrix-email2matrix/templates/config.json.j2 b/roles/matrix-email2matrix/templates/config.json.j2 new file mode 100644 index 00000000..c1be97fd --- /dev/null +++ b/roles/matrix-email2matrix/templates/config.json.j2 @@ -0,0 +1,14 @@ +#jinja2: lstrip_blocks: "True" +{ + "Smtp": { + "ListenInterface": "0.0.0.0:2525", + "Hostname": {{ matrix_email2matrix_smtp_hostname|to_json }}, + "Workers": 10 + }, + "Matrix": { + "Mappings": {{ matrix_email2matrix_matrix_mappings|to_nice_json }} + }, + "Misc": { + "Debug": {{ matrix_email2matrix_misc_debug|to_json }} + } +} diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 new file mode 100644 index 00000000..eb7e125b --- /dev/null +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Email2Matrix +After=docker.service +Requires=docker.service + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-email2matrix +ExecStartPre=-/usr/bin/docker rm matrix-email2matrix + +ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ + --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ + {% for arg in matrix_email2matrix_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_email2matrix_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-email2matrix +ExecStop=-/usr/bin/docker rm matrix-email2matrix +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-email2matrix + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index f40420ea..f78b4554 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -2,7 +2,7 @@ matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" -matrix_mailer_docker_image: "devture/exim-relay:4.92-r0-0" +matrix_mailer_docker_image: "devture/exim-relay:4.92.1-r0-1" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" # The user/group that the container runs with. diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index e0988c65..40eab830 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -3,7 +3,7 @@ matrix_mxisd_enabled: true -matrix_mxisd_docker_image: "kamax/mxisd:1.4.5" +matrix_mxisd_docker_image: "kamax/mxisd:1.4.6" matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}" matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index d0fc1f98..698d4a6c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.17.2-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.17.3-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" @@ -144,7 +144,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.33.1" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.37.1" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ @@ -152,3 +152,8 @@ matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" + + +# ngnix status page configurations. +matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false +matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index e5b672ed..dc6567ed 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -10,3 +10,8 @@ - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'} - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'} +- name: Fail on unknown matrix_ssl_retrieval_method + fail: + msg: >- + `matrix_ssl_retrieval_method` needs to be set to a known value. + when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index eda0929b..b3efd700 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,4 +1,17 @@ #jinja2: lstrip_blocks: "True" +{% macro render_nginx_status_location_block(addresses) %} + {# Empty first line to make indentation prettier. #} + + location /nginx_status { + stub_status on; + access_log off; + {% for address in addresses %} + allow {{ address }}; + {% endfor %} + deny all; + } +{% endmacro %} + server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; @@ -17,6 +30,10 @@ server { {% endif %} } + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} + location / { return 301 https://$http_host$request_uri; } @@ -52,6 +69,10 @@ server { add_header Access-Control-Allow-Origin *; } + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index d656ab16..10783be0 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -8,9 +8,9 @@ matrix_postgres_db_name: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" -matrix_postgres_docker_image_v9: "postgres:9.6.14-alpine" -matrix_postgres_docker_image_v10: "postgres:10.9-alpine" -matrix_postgres_docker_image_v11: "postgres:11.4-alpine" +matrix_postgres_docker_image_v9: "postgres:9.6.15-alpine" +matrix_postgres_docker_image_v10: "postgres:10.10-alpine" +matrix_postgres_docker_image_v11: "postgres:11.5-alpine" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" # This variable is assigned at runtime. Overriding its value has no effect. diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 4130c8a0..93f322af 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.0" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.3" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 87d34dc3..e290712f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -3,7 +3,7 @@ matrix_synapse_enabled: true -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.2.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.3.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" @@ -61,8 +61,11 @@ matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse. matrix_synapse_macaroon_secret_key: "" matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}" +matrix_synapse_allow_guest_access: false matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" +matrix_synapse_id_servers_public: ['matrix.org', 'vector.im'] + # The list of identity servers to use for Synapse. # We assume this role runs standalone without a local Identity server, so we point Synapse to public ones. # This most likely gets overwritten later, so that a local Identity server is used. @@ -77,9 +80,9 @@ matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 # Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels # warning: setting log level to DEBUG will make synapse log sensitive information such # as access tokens -matrix_synapse_log_level: "INFO" -matrix_synapse_storage_sql_log_level: "INFO" -matrix_synapse_root_log_level: "INFO" +matrix_synapse_log_level: "WARNING" +matrix_synapse_storage_sql_log_level: "WARNING" +matrix_synapse_root_log_level: "WARNING" # Rate limits matrix_synapse_rc_message: @@ -223,6 +226,7 @@ matrix_synapse_database_database: "" matrix_synapse_turn_uris: [] matrix_synapse_turn_shared_secret: "" +matrix_synapse_turn_allow_guests: False matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 124825ad..220e62cd 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -280,6 +280,26 @@ listeners: # - medium: 'email' # address: 'reserved_user@example.com' +# Used by phonehome stats to group together related servers. +#server_context: context + +# Resource-constrained Homeserver Settings +# +# If limit_remote_rooms.enabled is True, the room complexity will be +# checked before a user joins a new remote room. If it is above +# limit_remote_rooms.complexity, it will disallow joining or +# instantly leave. +# +# limit_remote_rooms.complexity_error can be set to customise the text +# displayed to the user when a room above the complexity threshold has +# its join cancelled. +# +# Uncomment the below lines to enable: +#limit_remote_rooms: +# enabled: True +# complexity: 1.0 +# complexity_error: "This room is too complex." + # Whether to require a user to be in the room to add an alias to it. # Defaults to 'true'. # @@ -559,6 +579,13 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_ +## Media Store ## + +# Enable the media store service in the Synapse master. Uncomment the +# following if you are using a separate media store worker. +# +#enable_media_repo: false + # Directory where uploaded images and attachments are stored. # media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }}" @@ -749,7 +776,7 @@ turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }} # connect to arbitrary endpoints without having first signed up for a # valid account (e.g. by passing a CAPTCHA). # -turn_allow_guests: False +turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }} ## Registration ## @@ -796,6 +823,16 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} # period: 6w # renew_at: 1w # renew_email_subject: "Renew your %(app)s account" +# # Directory in which Synapse will try to find the HTML files to serve to the +# # user when trying to renew an account. Optional, defaults to +# # synapse/res/templates. +# template_dir: "res/templates" +# # HTML to be displayed to the user after they successfully renewed their +# # account. Optional. +# account_renewed_html_path: "account_renewed.html" +# # HTML to be displayed when the user tries to renew an account with an invalid +# # renewal token. Optional. +# invalid_token_html_path: "invalid_token.html" # Time that a user's session remains valid for, after they log in. # @@ -854,7 +891,7 @@ registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string| # participate in rooms hosted on this server which have been made # accessible to anonymous users. # -#allow_guest_access: false +allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # The identity server which we suggest that clients should use when users log # in on this server. @@ -945,10 +982,6 @@ app_service_config_files: {{ matrix_synapse_app_service_config_files|to_json }} # macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|string|to_json }} -# Used to enable access token expiration. -# -#expire_access_token: False - # a secret which is used to calculate HMACs for form values, to stop # falsification of values. Must be specified for the User Consent # forms to work. @@ -1509,3 +1542,19 @@ opentracing: # #homeserver_whitelist: # - ".*" + + # Jaeger can be configured to sample traces at different rates. + # All configuration options provided by Jaeger can be set here. + # Jaeger's configuration mostly related to trace sampling which + # is documented here: + # https://www.jaegertracing.io/docs/1.13/sampling/. + # + #jaeger_config: + # sampler: + # type: const + # param: 1 + + # Logging whether spans were started and reported + # + # logging: + # false diff --git a/setup.yml b/setup.yml index 5f658199..3d677074 100755 --- a/setup.yml +++ b/setup.yml @@ -12,12 +12,14 @@ - matrix-bridge-appservice-slack - matrix-bridge-appservice-irc - matrix-bridge-mautrix-facebook + - matrix-bridge-mautrix-hangouts - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp - matrix-synapse - matrix-riot-web - matrix-mxisd - matrix-dimension + - matrix-email2matrix - matrix-nginx-proxy - matrix-coturn - matrix-common-after