titanz
/
matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
development
Slavi Pantaleev 5 years ago committed by GitHub
parent 63cf891842 63d1ed1d56
commit 65da600426
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
42 changed files with 1075 additions and 34 deletions
Show Stats Download Patch File Download Diff File

35
CHANGELOG.md
Unescape View File

@ -1,3 +1,38 @@
# 2019-08-21
## Google Hangouts support
Thanks to the [great work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/251) of [Eduardo Beltrame (Munfred)](https://github.com/Munfred) and [Robbie D (microchipster)](https://github.com/microchipster), the playbook now supports bridging to [Google Hangouts](https://hangouts.google.com/) via the [mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts) bridge.
Additional details are available in [Setting up Mautrix Hangouts bridging](docs/configuring-playbook-bridge-mautrix-hangouts.md).
# 2019-08-05
## Email2Matrix support
Support for [Email2Matrix](https://github.com/devture/email2matrix) has been added.
It's an optional feature that you can enable via the playbook.
To learn more, see the [playbook's documentation on Email2Matrix](./docs/configuring-playbook-email2matrix.md).
# 2019-08-03
## Synapse logging level has been reduced to WARNING
After [some discussion in our support room](https://matrix.to/#/!PukFFdIcHgtaaHZflT:devture.com/$156476852524179TBeKy:matrix.org?via=devture.com&via=matrix.org&via=librem.one), we've decided to change the default logging level for Synapse from `INFO` to `WARNING`.
This greatly reduces the number of log messages that are being logged, leading to:
- much less disk space dedicated to Synapse and thus, logs kept for longer
- easier to find some important `WARNING`, `ERROR` and `CRITICAL` messages, as they're not longer buried in thousands of non-important `INFO` messages
If you'd like to track down an issue, you [can always increase the logging level as described here](./docs/maintenance-and-troubleshooting.md#increasing-synapse-logging).
# 2019-07-08
## Synapse Maintenance docs and synapse-janitor support are available

10
README.md
Unescape View File

@ -38,12 +38,16 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [Whatsapp](https://www.whatsapp.com/)
- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [facebook](https://facebook.com/)
- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
@ -108,6 +112,8 @@ This playbook sets up your server using the following Docker images:
- [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional)
- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional)
- [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional)
- [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional)
@ -120,6 +126,8 @@ This playbook sets up your server using the following Docker images:
- [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-facebook/) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)

24
docs/configuring-playbook-bridge-mautrix-hangouts.md
Unescape View File

@ -0,0 +1,24 @@
# Setting up Mautrix Hangouts (optional)
The playbook can install and configure [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) for you.
See the project's [documentation](https://github.com/tulir/mautrix-hangouts/wiki#usage) to learn what it does and why it might be useful to you.
To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use the following playbook configuration:
```yaml
matrix_mautrix_hangouts_enabled: true
```
## Usage
Once the bot is enabled you need to start a chat with `Hangouts bridge bot` with handle `@hangoutsbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login` to the bridge bot to receive a link to the portal from which you can enable the bridging. Open the link sent by the bot and follow the instructions.
Automatic login may not work. If it does not, reload the page and select the "Manual login" checkbox before starting. Manual login involves logging into your Google account normally and then manually getting the OAuth token from browser cookies with developer tools.
Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages.
You can learn more about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication).

2
docs/configuring-playbook-dimension.md
Unescape View File

@ -29,7 +29,7 @@ You are required to specify an access token for Dimension to work.
To get an access token, follow these steps:
1. In a private browsing session (incognito window), open Riot.
2. It's better to you use dedicated user for getting access token, so log in with this user's username and password.
2. It's preferable to use a dedicated user for the access token, so create and log in with that user's username and password.
3. Set the display name and avatar, if required.
4. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
5. Copy the highlighted text to your configuration.

19
docs/configuring-playbook-email.md
Unescape View File

@ -7,6 +7,8 @@ This may or may not work, depending on your domain configuration (SPF settings,
By default, emails are sent from `matrix@<your-domain-name>` (as specified by the `matrix_mailer_sender_address` playbook variable).
**Note**: If you are using a Google Cloud instance, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so you need to relay email through another SMTP server as described below.
## Firewall settings
@ -31,6 +33,23 @@ matrix_mailer_relay_auth_password: "some-password"
**Note**: only the secure submission protocol (using `STARTTLS`, usually on port `587`) is supported. **SMTPS** (encrypted SMTP, usually on port `465`) **is not supported**.
### Configuations for sending emails using Sendgrid
An easy and free STMP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `matrix_mailer_sender_address`.
The only other thing you need to change is the `matrix_mailer_relay_auth_password`, which you can generate at https://app.sendgrid.com/settings/api_keys. The API key password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`.
Note that the `matrix_mailer_relay_auth_username` is literally the string `apikey`, it's always the same for Sendgrid.
```yaml
matrix_mailer_sender_address: "arbitrary@email.com"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "smtp.sendgrid.net"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "apikey"
matrix_mailer_relay_auth_password: "<your api key password>"
```
## Troubleshooting
If you're having trouble with email not being delivered, it may be useful to inspect the mailer logs: `journalctl -f -u matrix-mailer`.

80
docs/configuring-playbook-email2matrix.md
Unescape View File

@ -0,0 +1,80 @@
# Setting up Email2Matrix (optional)
The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you.
See the project's [documentation](https://github.com/devture/email2matrix/blob/master/docs/README.md) to learn what it does and why it might be useful to you.
## Preparation
### Port availability
Ensure that port 25 is available on your Matrix server and open in your firewall.
If you have `postfix` or some other email server software installed, you may need to manually remove it first (unless you need it, of course).
If you really need to run an email server on the Matrix machine for other purposes, it may be possible to run Email2Matrix on another port (with a configuration like `matrix_email2matrix_smtp_host_bind_port: "127.0.0.01:2525"`) and have your other email server relay messages there.
For details about using Email2Matrix alongside [Postfix](http://www.postfix.org/), see [here](https://github.com/devture/email2matrix/blob/master/docs/setup_with_postfix.md).
### Creating a user
Before enabling Email2Matrix, you'd most likely wish to create a dedicated user (or more) that would be sending messages on the Matrix side.
Refer to [Registering users](registering-users.md) for ways to do that. A regular (non-admin) user works best.
### Creating a shared room
After creating a sender user, you should create one or more Matrix rooms that you share with that user.
It doesn't matter who creates and owns the rooms and who joins later (you or the sender user).
What matters is that both you and the sender user are part of the same room and that the sender user has enough privileges in the room to be able to send messages there.
Inviting additional people to the room is okay too.
Take note of each room's room id (different clients show the room id in a different place).
You'll need the room id when doing [Configuration](#configuration) below.
### Obtaining an access token for the sender user
In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it.
To do this, you can execute a command like this:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
Take note of the `access_token` value. You'll need the access token when doing [Configuration](#configuration) below.
## Configuration
After doing the preparation steps above, adjust your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration like this:
```yaml
matrix_email2matrix_enabled: true
matrix_email2matrix_matrix_mappings:
- MailboxName: "my-mailbox"
MatrixRoomId: "!someRoom:DOMAIN"
MatrixHomeserverUrl: "https://matrix.DOMAIN"
MatrixUserId: "@email2matrix:DOMAIN"
MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE"
IgnoreSubject: false
IgnoreBody: false
SkipMarkdown: false
- MailboxName: "my-mailbox2"
MatrixRoomId: "!anotherRoom:DOMAIN"
MatrixHomeserverUrl: "https://matrix.DOMAIN"
MatrixUserId: "@email2matrix:DOMAIN"
MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE"
IgnoreSubject: true
IgnoreBody: false
SkipMarkdown: true
```
You can also set `MatrixHomeserverUrl` to `http://matrix-synapse:8008`, instead of the public `https://matrix.DOMAIN`.
However, that's more likely to break in the future if you switch to another server implementation than Synapse.
Re-run the playbook (`--tags=setup-email2matrix,start`) and try sending an email to `my-mailbox@matrix.DOMAIN`.

25
docs/configuring-playbook-ngnix.md
Unescape View File

@ -0,0 +1,25 @@
# Configure Ngnix (optional, advanced)
By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443.
If that's alright, you can skip this.
## Using Ngnix status
This will serve a statuspage to the hosting machine only. Useful for monitoring software like [longview](https://www.linode.com/docs/platform/longview/longview-app-for-nginx/)
```yaml
matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true
```
This will serve the status page under the following addresses:
- `http://matrix.DOMAIN/nginx_status` (using HTTP)
- `https://matrix.DOMAIN/nginx_status` (using HTTPS)
By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list:
```yaml
matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses:
- 8.8.8.8
- 1.1.1.1
```

6
docs/configuring-playbook.md
Unescape View File

@ -44,6 +44,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional)
- [Configure Ngnix (optional, advanced)](configuring-playbook-ngnix.md) (optional, advanced)
- [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced)
- [Adjusting TURN server configuration](configuring-playbook-turn.md) (optional, advanced)
@ -77,8 +79,12 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional)
- [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)

18
docs/maintenance-and-troubleshooting.md
Unescape View File

@ -16,6 +16,24 @@ You can see the logs by using journalctl. Example:
sudo journalctl -fu matrix-synapse
```
## Increasing Synapse logging
Because the [Synapse](https://github.com/matrix-org/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`.
If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO`.
Example configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`):
```yaml
matrix_synapse_log_level: "INFO"
matrix_synapse_storage_sql_log_level: "INFO"
matrix_synapse_root_log_level: "INFO"
```
Re-run the playbook after making these configuration changes.
## Postgres
See the dedicated [PostgreSQL Maintenance](maintenance-postgres.md) documentation page.

54
examples/apache/matrix-synapse.conf
Unescape View File

@ -15,6 +15,7 @@
Redirect permanent / https://matrix.DOMAIN/
</VirtualHost>
# Client-Server API
<VirtualHost *:443>
ServerName matrix.DOMAIN
@ -34,22 +35,32 @@
# Keep some URIs free for different proxy/location
ProxyPassMatch ^/.well-known/matrix/client !
ProxyPassMatch ^/.well-known/matrix/server !
ProxyPassMatch ^/_matrix/identity !
ProxyPassMatch ^/_matrix/client/r0/user_directory/search !
# Proxy all remaining traffic to Synapse
ProxyPass / http://127.0.0.1:8008/
ProxyPassReverse / http://127.0.0.1:8008/
AllowEncodedSlashes NoDecode
ProxyPass /_matrix http://127.0.0.1:8008/_matrix retry=0 nocanon
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
# Map /.well-known/matrix/client for client discovery
Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client
<Files "/matrix/static-files/.well-known/matrix/client">
Require all granted
</Files>
<Location "/.well-known/matrix/client>
<Location "/.well-known/matrix/client">
Header always set Content-Type "application/json"
Header always set Access-Control-Allow-Origin "*"
</Location>
# Map /.well-known/matrix/server for server discovery
Alias /.well-known/matrix/server /matrix/static-files/.well-known/matrix/server
<Files "/matrix/static-files/.well-known/matrix/server">
Require all granted
</Files>
<Location "/.well-known/matrix/server">
Header always set Content-Type "application/json"
</Location>
<Directory /matrix/static-files/.well-known/matrix/>
AllowOverride All
# Apache 2.4:
@ -71,3 +82,40 @@
ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
</VirtualHost>
# Server-Server (federation) API
# Use this apache reverse proxy template to enable matrix server-to-server federation traffic
# Be sure that network traffic on port 8448 is possible
#
# You can check your federation config at https://federationtester.matrix.org/
# Enter there your base DOMAIN address, NOT your matrix.DOMAIN address, ex. https://DOMAIN
#
# In this example we use all services on the same machine (127.0.0.1) but you can do this with different machines.
# If you do so be sure to reach the destinated IPADRESS and the correspondending port. Check this with netstat, nmap or your favourite tool.
<VirtualHost *:8448>
ServerName matrix.DOMAIN
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
# Proxy all remaining traffic to the Synapse port
# Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1
# Of course you can use another IPADRESS in case of using other synapse servers in your network
AllowEncodedSlashes NoDecode
ProxyPass /_matrix http://127.0.0.1:8048/_matrix retry=0 nocanon
ProxyPassReverse /_matrix http://127.0.0.1:8048/_matrix
ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
</VirtualHost>

45
group_vars/matrix_servers
Unescape View File

@ -156,6 +156,36 @@ matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key
######################################################################
######################################################################
#
# matrix-bridge-mautrix-hangouts
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_hangouts_enabled: false
matrix_mautrix_hangouts_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.as.token') | to_uuid }}"
matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-hangouts
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-telegram
@ -296,6 +326,21 @@ matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ena
######################################################################
######################################################################
#
# matrix-email2matrix
#
######################################################################
matrix_email2matrix_enabled: false
######################################################################
#
# /matrix-email2matrix
#
######################################################################
######################################################################
#

2
roles/matrix-base/tasks/setup_server_base.yml
Unescape View File

@ -49,7 +49,7 @@
- name: Ensure Docker repository is enabled (Debian)
apt_repository:
repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
when: ansible_os_family == 'Debian'

4
roles/matrix-bridge-appservice-discord/defaults/main.yml
Unescape View File

@ -69,7 +69,7 @@ matrix_appservice_discord_configuration_yaml: |
disableJoinLeaveNotifications: false
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string }}
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
logging:
# What level should the logger output to the console at.
@ -86,6 +86,8 @@ matrix_appservice_discord_configuration_yaml: |
# enable:
# - "DiscordBot"
database:
userStorePath: "/data/user-store.db"
roomStorePath: "/data/room-store.db"
# You may either use SQLite or Postgresql for the bridge database, which contains
# important mappings for events and user puppeting configurations.
# Use the filename option for SQLite, or connString for Postgresql.

8
roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
Unescape View File

@ -32,10 +32,12 @@
failed_when: false
when: "matrix_appservice_discord_stat_db.stat.exists"
# In addition to this, there used to be some `user-store-db` and `room-store.db` files.
# They're no longer in use, so we're not relocating them in an effort to point them out as neither `./data`, nor `./config`.
- name: (Data relocation) Move AppService Discord discord.db file to ./data directory
command: "mv {{ matrix_appservice_discord_base_path }}/discord.db {{ matrix_appservice_discord_data_path }}/discord.db"
command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}"
with_items:
- discord.db
- user-store.db
- room-store.db
when: "matrix_appservice_discord_stat_db.stat.exists"
- name: Ensure AppService Discord config.yaml installed

7
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
Unescape View File

@ -3,7 +3,8 @@
matrix_mautrix_facebook_enabled: true
matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
# See: https://mau.dev/tulir/mautrix-facebook/container_registry
matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest"
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
@ -12,7 +13,7 @@ matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data
matrix_mautrix_facebook_homeserver_address: 'http://matrix-synapse:8008'
matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080'
matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319'
# A list of extra arguments to pass to the container
matrix_mautrix_facebook_container_extra_arguments: []
@ -51,7 +52,7 @@ matrix_mautrix_facebook_configuration_yaml: |
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1

196
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
Unescape View File

@ -0,0 +1,196 @@
# mautrix-hangouts is a Matrix <-> Hangouts bridge
# See: https://github.com/tulir/mautrix-hangouts
matrix_mautrix_hangouts_enabled: true
# See: https://mau.dev/tulir/mautrix-hangouts/container_registry
matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest"
matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}"
matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts"
matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config"
matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data"
matrix_mautrix_hangouts_public_endpoint: '/mautrix-hangouts'
matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008'
matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
# A list of extra arguments to pass to the container
matrix_mautrix_hangouts_container_extra_arguments: []
# List of systemd services that matrix-mautrix-hangouts.service depends on.
matrix_mautrix_hangouts_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-hangouts.service wants
matrix_mautrix_hangouts_systemd_wanted_services_list: []
matrix_mautrix_hangouts_appservice_token: ''
matrix_mautrix_hangouts_homeserver_token: ''
# Default mxisd configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_hangouts_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_hangouts_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_hangouts_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-hangouts.db
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Hangouts users.
# {userid} is replaced with the user ID of the Hangouts user.
username_template: "hangouts_{userid}"
# Displayname template for Hangouts users.
# {displayname} is replaced with the display name of the Hangouts user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (Hangouts)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the Hangouts users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Hangouts account.
sync_with_custom_puppets: true
# Whether or not to bridge presence in both directions. Hangouts allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_hangouts.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_hangouts_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_hangouts_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_hangouts_configuration_yaml`.
matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml if matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_hangouts_configuration_yaml`.
matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml|from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}"
matrix_mautrix_hangouts_registration_yaml: |
id: hangouts
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_hangouts_appservice_address }}
sender_localpart: hangoutsbot
rate_limited: false
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}"

62
roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
Unescape View File

@ -0,0 +1,62 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts'] }}"
when: matrix_mautrix_hangouts_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mautrix-hangouts-registration.yaml"] }}
when: matrix_mautrix_hangouts_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
msg: >-
Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
set_fact:
matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_hangouts_public_endpoint }} {
{% if matrix_nginx_proxy_enabled|default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-hangouts:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+
[matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mautrix_hangouts_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
URL endpoint to the matrix-mautrix-hangouts container.
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
when: "matrix_mautrix_hangouts_enabled|bool and matrix_nginx_proxy_enabled is not defined"

21
roles/matrix-bridge-mautrix-hangouts/tasks/main.yml
Unescape View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool"
tags:
- setup-all
- setup-mautrix-hangouts
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool"
tags:
- setup-all
- setup-mautrix-hangouts
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mautrix_hangouts_enabled|bool"
tags:
- setup-all
- setup-mautrix-hangouts

73
roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
Unescape View File

@ -0,0 +1,73 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Mautrix Hangouts image is pulled
docker_image:
name: "{{ matrix_mautrix_hangouts_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}"
- name: Ensure Mautrix Hangouts paths exist
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_mautrix_hangouts_base_path }}"
- "{{ matrix_mautrix_hangouts_config_path }}"
- "{{ matrix_mautrix_hangouts_data_path }}"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db"
register: matrix_mautrix_hangouts_stat_database
- name: (Data relocation) Ensure matrix-mautrix-hangouts.service is stopped
service:
name: matrix-mautrix-hangouts
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mautrix_hangouts_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-hangouts database file to ./data directory
command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"
when: "matrix_mautrix_hangouts_stat_database.stat.exists"
- name: Ensure mautrix-hangouts config.yaml installed
copy:
content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure mautrix-hangouts registration.yaml installed
copy:
content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure matrix-mautrix-hangouts.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2"
dest: "/etc/systemd/system/matrix-mautrix-hangouts.service"
mode: 0644
register: matrix_mautrix_hangouts_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_hangouts_systemd_service_result.changed"

24
roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml
Unescape View File

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mautrix-hangouts service
stat:
path: "/etc/systemd/system/matrix-mautrix-hangouts.service"
register: matrix_mautrix_hangouts_service_stat
- name: Ensure matrix-mautrix-hangouts is stopped
service:
name: matrix-mautrix-hangouts
state: stopped
daemon_reload: yes
when: "matrix_mautrix_hangouts_service_stat.stat.exists"
- name: Ensure matrix-mautrix-hangouts.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mautrix-hangouts.service"
state: absent
when: "matrix_mautrix_hangouts_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal
service:
daemon_reload: yes
when: "matrix_mautrix_hangouts_service_stat.stat.exists"

14
roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml
Unescape View File

@ -0,0 +1,14 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_hangouts_public_endpoint"
- "matrix_mautrix_hangouts_appservice_token"
- "matrix_mautrix_hangouts_homeserver_token"
- debug:
msg:
- '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}'

48
roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
Unescape View File

@ -0,0 +1,48 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Hangouts server
{% for service in matrix_mautrix_hangouts_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_hangouts_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
-v {{ matrix_mautrix_hangouts_config_path }}:/config:z \
-v {{ matrix_mautrix_hangouts_data_path }}:/data:z \
{{ matrix_mautrix_hangouts_docker_image }} \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_hangouts_config_path }}:/config:z \
-v {{ matrix_mautrix_hangouts_data_path }}:/data:z \
{% for arg in matrix_mautrix_hangouts_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_hangouts_docker_image }} \
python3 -m mautrix_hangouts -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts
ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-hangouts
[Install]
WantedBy=multi-user.target

3
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
Unescape View File

@ -3,7 +3,8 @@
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.6.0"
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.0"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

3
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
Unescape View File

@ -3,7 +3,8 @@
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
# See: https://mau.dev/tulir/mautrix-whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/tulir/mautrix-whatsapp"
matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"

2
roles/matrix-corporal/defaults/main.yml
Unescape View File

@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_docker_image: "devture/matrix-corporal:1.4.0"
matrix_corporal_docker_image: "devture/matrix-corporal:1.5.0"
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"

43
roles/matrix-email2matrix/defaults/main.yml
Unescape View File

@ -0,0 +1,43 @@
matrix_email2matrix_enabled: true
matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix"
matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config"
matrix_email2matrix_docker_image: "devture/email2matrix:1.0.1"
matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container
matrix_email2matrix_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_email2matrix_systemd_required_services_list: ['docker.service']
# Controls where the matrix-email2matrix container exposes the SMTP (tcp/2525 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2525").
#
# By default, we listen on port 25 on all of the host's network interfaces.
matrix_email2matrix_smtp_host_bind_port: "25"
matrix_email2matrix_smtp_hostname: "{{ matrix_server_fqn_matrix }}"
# A list of mailbox to Matrix mappings.
#
# Example:
# matrix_email2matrix_matrix_mappings:
# - MailboxName: "mailbox1"
# MatrixRoomId: "!bpcwlxIUxVvvgXcbjy:example.com"
# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
# MatrixUserId": "@email2matrix:{{ matrix_domain }}"
# MatrixAccessToken": "TOKEN_HERE"
# IgnoreSubject: false
#
# - MailboxName: "mailbox2"
# MatrixRoomId: "!another:example.com"
# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
# MatrixUserId": "@email2matrix:{{ matrix_domain }}"
# MatrixAccessToken": "TOKEN_HERE"
# IgnoreSubject: true
matrix_email2matrix_matrix_mappings: []
matrix_email2matrix_misc_debug: false

3
roles/matrix-email2matrix/tasks/init.yml
Unescape View File

@ -0,0 +1,3 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix'] }}"
when: matrix_email2matrix_enabled|bool

15
roles/matrix-email2matrix/tasks/main.yml
Unescape View File

@ -0,0 +1,15 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_email2matrix_enabled|bool"
tags:
- setup-all
- setup-email2matrix
- import_tasks: "{{ role_path }}/tasks/setup_email2matrix.yml"
when: run_setup|bool
tags:
- setup-all
- setup-email2matrix

88
roles/matrix-email2matrix/tasks/setup_email2matrix.yml
Unescape View File

@ -0,0 +1,88 @@
---
#
# Tasks related to setting up Email2Matrix
#
- name: Ensure Email2Matrix paths exist
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_email2matrix_base_path }}"
- "{{ matrix_email2matrix_config_dir_path }}"
when: matrix_email2matrix_enabled|bool
- name: Ensure Email2Matrix configuration file created
template:
src: "{{ role_path }}/templates/config.json.j2"
dest: "{{ matrix_email2matrix_config_dir_path }}/config.json"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
mode: 0640
when: matrix_email2matrix_enabled|bool
- name: Ensure Email2Matrix image is pulled
docker_image:
name: "{{ matrix_email2matrix_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}"
when: matrix_email2matrix_enabled|bool
- name: Ensure matrix-email2matrix.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2"
dest: "/etc/systemd/system/matrix-email2matrix.service"
mode: 0644
register: matrix_email2matrix_systemd_service_result
when: matrix_email2matrix_enabled|bool
- name: Ensure systemd reloaded after matrix-email2matrix.service installation
service:
daemon_reload: yes
when: "matrix_email2matrix_enabled|bool and matrix_email2matrix_systemd_service_result.changed"
#
# Tasks related to getting rid of the Email2Matrix (if it was previously enabled)
#
- name: Check existence of matrix-email2matrix service
stat:
path: "/etc/systemd/system/matrix-email2matrix.service"
register: matrix_email2matrix_service_stat
when: "not matrix_email2matrix_enabled|bool"
- name: Ensure matrix-email2matrix is stopped
service:
name: matrix-email2matrix
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"
- name: Ensure matrix-email2matrix.service doesn't exist
file:
path: "/etc/systemd/system/matrix-email2matrix.service"
state: absent
when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-email2matrix.service removal
service:
daemon_reload: yes
when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"
- name: Ensure Email2Matrix data path doesn't exist
file:
path: "{{ matrix_email2matrix_base_path }}"
state: absent
when: "not matrix_email2matrix_enabled|bool"
- name: Ensure Email2Matrix Docker image doesn't exist
docker_image:
name: "{{ matrix_email2matrix_docker_image }}"
state: absent
when: "not matrix_email2matrix_enabled|bool"

7
roles/matrix-email2matrix/tasks/validate_config.yml
Unescape View File

@ -0,0 +1,7 @@
---
- name: Fail if no mappings
fail:
msg: >
You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix.
when: "matrix_email2matrix_matrix_mappings|length == 0"

14
roles/matrix-email2matrix/templates/config.json.j2
Unescape View File

@ -0,0 +1,14 @@
#jinja2: lstrip_blocks: "True"
{
"Smtp": {
"ListenInterface": "0.0.0.0:2525",
"Hostname": {{ matrix_email2matrix_smtp_hostname|to_json }},
"Workers": 10
},
"Matrix": {
"Mappings": {{ matrix_email2matrix_matrix_mappings|to_nice_json }}
},
"Misc": {
"Debug": {{ matrix_email2matrix_misc_debug|to_json }}
}
}

32
roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
Unescape View File

@ -0,0 +1,32 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Email2Matrix
After=docker.service
Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-email2matrix
ExecStartPre=-/usr/bin/docker rm matrix-email2matrix
ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
-p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \
--mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \
{% for arg in matrix_email2matrix_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_email2matrix_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-email2matrix
ExecStop=-/usr/bin/docker rm matrix-email2matrix
Restart=always
RestartSec=30
SyslogIdentifier=matrix-email2matrix
[Install]
WantedBy=multi-user.target

2
roles/matrix-mailer/defaults/main.yml
Unescape View File

@ -2,7 +2,7 @@ matrix_mailer_enabled: true
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
matrix_mailer_docker_image: "devture/exim-relay:4.92-r0-0"
matrix_mailer_docker_image: "devture/exim-relay:4.92.1-r0-1"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
# The user/group that the container runs with.

2
roles/matrix-mxisd/defaults/main.yml
Unescape View File

@ -3,7 +3,7 @@
matrix_mxisd_enabled: true
matrix_mxisd_docker_image: "kamax/mxisd:1.4.5"
matrix_mxisd_docker_image: "kamax/mxisd:1.4.6"
matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}"
matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"

9
roles/matrix-nginx-proxy/defaults/main.yml
Unescape View File

@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
# that is frequently out of date.
matrix_nginx_proxy_docker_image: "nginx:1.17.2-alpine"
matrix_nginx_proxy_docker_image: "nginx:1.17.3-alpine"
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
@ -144,7 +144,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.33.1"
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.37.1"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~
@ -152,3 +152,8 @@ matrix_ssl_lets_encrypt_support_email: ~
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
# ngnix status page configurations.
matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']

5
roles/matrix-nginx-proxy/tasks/validate_config.yml
Unescape View File

@ -10,3 +10,8 @@
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
- name: Fail on unknown matrix_ssl_retrieval_method
fail:
msg: >-
`matrix_ssl_retrieval_method` needs to be set to a known value.
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"

21
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
Unescape View File

@ -1,4 +1,17 @@
#jinja2: lstrip_blocks: "True"
{% macro render_nginx_status_location_block(addresses) %}
{# Empty first line to make indentation prettier. #}
location /nginx_status {
stub_status on;
access_log off;
{% for address in addresses %}
allow {{ address }};
{% endfor %}
deny all;
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
@ -17,6 +30,10 @@ server {
{% endif %}
}
{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %}
{{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }}
{% endif %}
location / {
return 301 https://$http_host$request_uri;
}
@ -52,6 +69,10 @@ server {
add_header Access-Control-Allow-Origin *;
}
{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %}
{{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }}
{% endif %}
{% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %}
location /_matrix/corporal {
{% if matrix_nginx_proxy_enabled %}

6
roles/matrix-postgres/defaults/main.yml
Unescape View File

@ -8,9 +8,9 @@ matrix_postgres_db_name: ""
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
matrix_postgres_docker_image_v9: "postgres:9.6.14-alpine"
matrix_postgres_docker_image_v10: "postgres:10.9-alpine"
matrix_postgres_docker_image_v11: "postgres:11.4-alpine"
matrix_postgres_docker_image_v9: "postgres:9.6.15-alpine"
matrix_postgres_docker_image_v10: "postgres:10.10-alpine"
matrix_postgres_docker_image_v11: "postgres:11.5-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
# This variable is assigned at runtime. Overriding its value has no effect.

2
roles/matrix-riot-web/defaults/main.yml
Unescape View File

@ -1,6 +1,6 @@
matrix_riot_web_enabled: true
matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.0"
matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.3"
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"

12
roles/matrix-synapse/defaults/main.yml
Unescape View File

@ -3,7 +3,7 @@
matrix_synapse_enabled: true
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.2.1"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.3.1"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@ -61,8 +61,11 @@ matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.
matrix_synapse_macaroon_secret_key: ""
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_allow_guest_access: false
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_id_servers_public: ['matrix.org', 'vector.im']
# The list of identity servers to use for Synapse.
# We assume this role runs standalone without a local Identity server, so we point Synapse to public ones.
# This most likely gets overwritten later, so that a local Identity server is used.
@ -77,9 +80,9 @@ matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50
# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
# warning: setting log level to DEBUG will make synapse log sensitive information such
# as access tokens
matrix_synapse_log_level: "INFO"
matrix_synapse_storage_sql_log_level: "INFO"
matrix_synapse_root_log_level: "INFO"
matrix_synapse_log_level: "WARNING"
matrix_synapse_storage_sql_log_level: "WARNING"
matrix_synapse_root_log_level: "WARNING"
# Rate limits
matrix_synapse_rc_message:
@ -223,6 +226,7 @@ matrix_synapse_database_database: ""
matrix_synapse_turn_uris: []
matrix_synapse_turn_shared_secret: ""
matrix_synapse_turn_allow_guests: False
matrix_synapse_email_enabled: false
matrix_synapse_email_smtp_host: ""

61
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
Unescape View File

@ -280,6 +280,26 @@ listeners:
# - medium: 'email'
# address: 'reserved_user@example.com'
# Used by phonehome stats to group together related servers.
#server_context: context
# Resource-constrained Homeserver Settings
#
# If limit_remote_rooms.enabled is True, the room complexity will be
# checked before a user joins a new remote room. If it is above
# limit_remote_rooms.complexity, it will disallow joining or
# instantly leave.
#
# limit_remote_rooms.complexity_error can be set to customise the text
# displayed to the user when a room above the complexity threshold has
# its join cancelled.
#
# Uncomment the below lines to enable:
#limit_remote_rooms:
# enabled: True
# complexity: 1.0
# complexity_error: "This room is too complex."
# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
#
@ -559,6 +579,13 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_
## Media Store ##
# Enable the media store service in the Synapse master. Uncomment the
# following if you are using a separate media store worker.
#
#enable_media_repo: false
# Directory where uploaded images and attachments are stored.
#
media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }}"
@ -749,7 +776,7 @@ turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }}
# connect to arbitrary endpoints without having first signed up for a
# valid account (e.g. by passing a CAPTCHA).
#
turn_allow_guests: False
turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }}
## Registration ##
@ -796,6 +823,16 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
# period: 6w
# renew_at: 1w
# renew_email_subject: "Renew your %(app)s account"
# # Directory in which Synapse will try to find the HTML files to serve to the
# # user when trying to renew an account. Optional, defaults to
# # synapse/res/templates.
# template_dir: "res/templates"
# # HTML to be displayed to the user after they successfully renewed their
# # account. Optional.
# account_renewed_html_path: "account_renewed.html"
# # HTML to be displayed when the user tries to renew an account with an invalid
# # renewal token. Optional.
# invalid_token_html_path: "invalid_token.html"
# Time that a user's session remains valid for, after they log in.
#
@ -854,7 +891,7 @@ registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string|
# participate in rooms hosted on this server which have been made
# accessible to anonymous users.
#
#allow_guest_access: false
allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
# The identity server which we suggest that clients should use when users log
# in on this server.
@ -945,10 +982,6 @@ app_service_config_files: {{ matrix_synapse_app_service_config_files|to_json }}
#
macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|string|to_json }}
# Used to enable access token expiration.
#
#expire_access_token: False
# a secret which is used to calculate HMACs for form values, to stop
# falsification of values. Must be specified for the User Consent
# forms to work.
@ -1509,3 +1542,19 @@ opentracing:
#
#homeserver_whitelist:
# - ".*"
# Jaeger can be configured to sample traces at different rates.
# All configuration options provided by Jaeger can be set here.
# Jaeger's configuration mostly related to trace sampling which
# is documented here:
# https://www.jaegertracing.io/docs/1.13/sampling/.
#
#jaeger_config:
# sampler:
# type: const
# param: 1
# Logging whether spans were started and reported
#
# logging:
# false

2
setup.yml
Unescape View File

@ -12,12 +12,14 @@
- matrix-bridge-appservice-slack
- matrix-bridge-appservice-irc
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-hangouts
- matrix-bridge-mautrix-telegram
- matrix-bridge-mautrix-whatsapp
- matrix-synapse
- matrix-riot-web
- matrix-mxisd
- matrix-dimension
- matrix-email2matrix
- matrix-nginx-proxy
- matrix-coturn
- matrix-common-after

Write Preview
Loading…
Cancel
Save