diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fd1c8d2..9c48f483 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,28 @@ +# 2021-08-23 + +## LinkedIn bridging support via beeper-linkedin + +Thanks to [Alexandar Mechev](https://github.com/apmechev), the playbook can now install the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. + +This brings the total number of bridges supported by the playbook up to 20. See all supported bridges [here](docs/configuring-playbook.md#bridging-other-networks). + +To get started with bridging to LinkedIn, see [Setting up Beeper LinkedIn bridging](docs/configuring-playbook-bridge-beeper-linkedin.md). + + +# 2021-08-20 + +# Sygnal upgraded - ARM support and no longer requires a database + +The [Sygnal](docs/configuring-playbook-sygnal.md) push gateway has been upgraded from `v0.9.0` to `v0.10.1`. + +This is an optional component for the playbook, so most of our users wouldn't care about this announcement. + +Since this feels like a relatively big (and untested, as of yet) Sygnal change, we're putting up this changelog entry. + +The new version is also available for the ARM architecture. It also no longer requires a database anymore. +If you need to downgrade to the previous version, changing `matrix_sygnal_version` or `matrix_sygnal_docker_image` will not be enough, as we've removed the `database` configuration completely. You'd need to switch to an earlier playbook commit. + + # 2021-05-21 ## Hydrogen support diff --git a/README.md b/README.md index 47119d14..edda6f99 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) +- (optional) the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) + - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) - (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/) diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md new file mode 100644 index 00000000..bcc9d0f5 --- /dev/null +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -0,0 +1,59 @@ +# Setting up Beeper Linkedin (optional) + +The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges + +See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you. + +```yaml +matrix_beeper_linkedin_enabled: true +``` + +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_beeper_linkedin_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_beeper_linkedin_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. + + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + + +## Usage + +You then need to start a chat with `@linkedinbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login YOUR_LINKEDIN_EMAIL_ADDRESS` to the bridge bot to enable bridging for your LinkedIn account. + +If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. + + +## Troubleshooting + +### Bridge asking for 2FA even if you don't have 2FA enabled + +If you don't have 2FA enabled and are logging in from a strange IP for the first time, LinkedIn will send an email with a one-time code. You can use this code to authorize the bridge session. In my experience, once the IP is authorized, you will not be asked again. diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index d5f0a9e6..0cd15bbf 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -24,7 +24,7 @@ matrix_dimension_enabled: true ## Define admin users -These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon. +These users can modify the integrations this Dimension supports. Admin interface is accessible at `https://dimension./riot-app/admin` after logging in to element. Add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index ec3ab416..f4e4c9f3 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -26,7 +26,6 @@ matrix_jitsi_enabled: true # Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords, # or define your own strong passwords manually. -matrix_jitsi_jicofo_component_secret: "" matrix_jitsi_jicofo_auth_password: "" matrix_jitsi_jvb_auth_password: "" matrix_jitsi_jibri_recorder_password: "" diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fae66dca..60c7a4bf 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -104,6 +104,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) +- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) + - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index 84347b57..d27375bb 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -27,8 +27,6 @@ ansible-playbook -i inventory/hosts setup.yml \ --tags=import-postgres ``` -We specify the `synapse` database as the default import database. If your dump is a single-database dump (`pg_dump`), then we need to tell it where to go to. If you're redefining `matrix_synapse_database_database` to something other than `synapse`, please adjust it here too. For database dumps spanning multiple databases (`pg_dumpall`), you can remove the `postgres_default_import_database` definition (but it doesn't hurt to keep it too). - **Note**: `` must be a file path to a Postgres dump file on the server (not on your local machine!). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a8e39282..e2db0885 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -216,6 +216,42 @@ matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key ###################################################################### +###################################################################### +# +# matrix-bridge-beeper-linkedin +# +###################################################################### + +# We don't enable bridges by default. +matrix_beeper_linkedin_enabled: false + +matrix_beeper_linkedin_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" + +matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" + +matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" + +matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-beeper-linkedin +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -1372,6 +1408,12 @@ matrix_postgres_additional_databases: | 'password': matrix_appservice_irc_database_password, }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_beeper_linkedin_database_name, + 'username': matrix_beeper_linkedin_database_username, + 'password': matrix_beeper_linkedin_database_password, + }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, @@ -1462,12 +1504,6 @@ matrix_postgres_additional_databases: | 'password': matrix_etherpad_database_password, }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else []) + - ([{ - 'name': matrix_sygnal_database_name, - 'username': matrix_sygnal_database_username, - 'password': matrix_sygnal_database_password, - }] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else []) - + ([{ 'name': matrix_prometheus_postgres_exporter_database_name, 'username': matrix_prometheus_postgres_exporter_database_username, @@ -1512,10 +1548,6 @@ matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}" matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}" - ###################################################################### # # /matrix-sygnal diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 481e0d68..1d1038af 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -3,7 +3,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v0.1.18" +matrix_bot_mjolnir_version: "v0.1.19" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index b0f27e65..0cfe56a4 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-v0.29.0 +matrix_appservice_irc_version: release-0.30.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml new file mode 100644 index 00000000..ff3243cd --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -0,0 +1,100 @@ +# beeper-linkedin is a Matrix <-> LinkedIn bridge +# See: https://gitlab.com/beeper/linkedin + +matrix_beeper_linkedin_enabled: true + +matrix_beeper_linkedin_version: v0.5.0 +# See: https://gitlab.com/beeper/linkedin/container_registry +matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64" +matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}" + +matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin" +matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config" +matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data" + +matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" +matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" + +# A list of extra arguments to pass to the container +matrix_beeper_linkedin_container_extra_arguments: [] + +# List of systemd services that matrix-beeper-linkedin.service depends on. +matrix_beeper_linkedin_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-beeper-linkedin.service wants +matrix_beeper_linkedin_systemd_wanted_services_list: [] + +matrix_beeper_linkedin_appservice_token: "" +matrix_beeper_linkedin_homeserver_token: "" + +matrix_beeper_linkedin_appservice_bot_username: linkedinbot + + +# Database-related configuration fields. +# Only Postgres is supported. +matrix_beeper_linkedin_database_engine: "postgres" + +matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' +matrix_beeper_linkedin_database_password: "" +matrix_beeper_linkedin_database_hostname: 'matrix-postgres' +matrix_beeper_linkedin_database_port: 5432 +matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' + +matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable' + +matrix_beeper_linkedin_appservice_database_type: "{{ + { + 'postgres':'postgres', + }[matrix_beeper_linkedin_database_engine] +}}" + +matrix_beeper_linkedin_appservice_database_uri: "{{ + { + 'postgres': matrix_beeper_linkedin_database_connection_string, + }[matrix_beeper_linkedin_database_engine] +}}" + + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_beeper_linkedin_login_shared_secret: '' + +# Default beeper-linkedin configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_beeper_linkedin_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_beeper_linkedin_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_beeper_linkedin_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_beeper_linkedin_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_beeper_linkedin_configuration_yaml`. + +matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`. +matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" + +matrix_beeper_linkedin_registration_yaml: | + id: linkedin + url: {{ matrix_beeper_linkedin_appservice_address }} + as_token: "{{ matrix_beeper_linkedin_appservice_token }}" + hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" + + sender_localpart: _bot_{{ matrix_beeper_linkedin_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml new file mode 100644 index 00000000..755ac2f5 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -0,0 +1,16 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" + when: matrix_beeper_linkedin_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-beeper-linkedin-registration.yaml"] }} + when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml new file mode 100644 index 00000000..79c54f1a --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool" + tags: + - setup-all + - setup-beeper-linkedin + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup and matrix_beeper_linkedin_enabled" + tags: + - setup-all + - setup-beeper-linkedin + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup and not matrix_beeper_linkedin_enabled" + tags: + - setup-all + - setup-beeper-linkedin diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml new file mode 100644 index 00000000..97d05a45 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -0,0 +1,56 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure Beeper LinkedIn image is pulled + docker_image: + name: "{{ matrix_beeper_linkedin_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" + +- name: Ensure Beeper LinkedIn paths exists + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_beeper_linkedin_base_path }}" + - "{{ matrix_beeper_linkedin_config_path }}" + - "{{ matrix_beeper_linkedin_data_path }}" + +- name: Ensure beeper-linkedin config.yaml installed + copy: + content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" + dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure beeper-linkedin registration.yaml installed + copy: + content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}" + dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-beeper-linkedin.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + mode: 0644 + register: matrix_beeper_linkedin_systemd_service_result + +- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation + service: + daemon_reload: yes + when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml new file mode 100644 index 00000000..004b788e --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-beeper-linkedin service + stat: + path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + register: matrix_beeper_linkedin_service_stat + +- name: Ensure matrix-beeper-linkedin is stopped + service: + name: matrix-beeper-linkedin + state: stopped + daemon_reload: yes + when: "matrix_beeper_linkedin_service_stat.stat.exists" + +- name: Ensure matrix-beeper-linkedin.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + state: absent + when: "matrix_beeper_linkedin_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal + service: + daemon_reload: yes + when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml new file mode 100644 index 00000000..fe33defa --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_beeper_linkedin_appservice_token" + - "matrix_beeper_linkedin_homeserver_token" + diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 new file mode 100644 index 00000000..4fb6b055 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -0,0 +1,267 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_beeper_linkedin_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_beeper_linkedin_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + # Whether or not the homeserver supports asmux-specific endpoints, + # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically + # updating m.direct. + asmux: false + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + + +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_beeper_linkedin_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29319 + + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. Only Postgres is currently supported. + database: {{ matrix_beeper_linkedin_appservice_database_uri|to_json }} + # Additional arguments for asyncpg.create_pool() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + database_opts: + min_size: 5 + max_size: 10 + + # Provisioning API part of the web server for automated portal creation and fetching information. + # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). + provisioning: + # Whether or not the provisioning API should be enabled. + enabled: true + # The prefix to use in the provisioning API endpoints. + prefix: /_matrix/provision/v1 + # The shared secret to authorize users of the API. + # Set to "generate" to generate and save a new token. + shared_secret: generate + + # The unique ID of this appservice. + id: beeper_linkedin + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_beeper_linkedin_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: LinkedIn bridge bot + avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_beeper_linkedin_appservice_token }}" + hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" + + +# Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/linkedin-matrix.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 + + +# Bridge config +bridge: + # Localpart template of MXIDs for LinkedIn users. + username_template: "linkedin_{userid}" + # Displayname template for LinkedIn users. + # Localpart template for per-user room grouping community IDs. + # The bridge will create these communities and add all of the specific user's portals to the community. + # {localpart} is the MXID localpart and {server} is the MXID server part of the user. + # (Note that, by default, non-admins might not have your homeserver's permission to create + # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.) + # `linkedin_{localpart}={server}` is a good value. + community_template: null + + # Displayname template for LinkedIn users. + # {displayname} is replaced with the display name of the LinkedIn user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: "{displayname} (LinkedIn)" + + # Number of chats to sync (and create portals for) on startup/login. + # Set 0 to disable automatic syncing. + initial_chat_sync: 10 + + # Whether or not the LinkedIn users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications + # when double puppeting is enabled + sync_with_custom_puppets: true + # Whether or not to update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Servers to always allow double puppeting from + double_puppet_server_map: {} + # example.com: https://example.com + # Allow using double puppeting from any server with a valid client .well-known file. + + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret: {{ matrix_beeper_linkedin_login_shared_secret|to_json }} + + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + + # Whether or not to bridge presence in both directions. LinkedIn allows users not to broadcast + # presence, but then it won't send other users' presence to the client. + presence: {{ matrix_beeper_linkedin_bridge_presence|to_json }} + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + + + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: false + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to LinkedIn. + delivery_receipts: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + + # Settings for backfilling messages from LinkedIn. + backfill: + # Whether or not the LinkedIn users of logged in Matrix users should be + # invited to private chats when backfilling history from LinkedIn. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while + # the bridge was disconnected. + # Set to 0 to disable backfilling missed messages. + missed_limit: 1000 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + periodic_reconnect: + # TODO needed? + # Interval in seconds in which to automatically reconnect all users. + # This can be used to automatically mitigate the bug where Linkedin stops sending messages. + # Set to -1 to disable periodic reconnections entirely. + interval: -1 + # What to do in periodic reconnects. Either "refresh" or "reconnect" + mode: refresh + # Should even disconnected users be reconnected? + always: false + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: true + # Whether or not the bridge should try to "refresh" the connection if a normal reconnection + # attempt fails. + refresh_on_reconnection_fail: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!li" + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to chat with a Linkedin account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_beeper_linkedin_homeserver_domain }}": user + + + +# Logging config. +logging: + version: 1 + formatters: + colored: + (): mautrix.util.logging.color.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + paho: + level: INFO + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [ console] + diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 new file mode 100644 index 00000000..4498b4f0 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Beeper Linkedin bridge +{% for service in matrix_beeper_linkedin_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_beeper_linkedin_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_beeper_linkedin_config_path }}:/data:z \ + --workdir=/opt/linkedin-matrix \ + {% for arg in matrix_beeper_linkedin_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_beeper_linkedin_docker_image }} \ + python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-beeper-linkedin + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index f7db9f7d..c686b62b 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -3,7 +3,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.0.0 +matrix_heisenbridge_version: 1.0.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 4f98635d..fb9dcca4 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -60,7 +60,7 @@ git: repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" -# version: "{{ matrix_coturn_docker_image.split(':')[1] }}" + version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" force: "yes" register: matrix_mautrix_facebook_git_pull_results when: "matrix_mautrix_facebook_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index f8faff15..a105621a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_telegram_container_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.9.0 +matrix_mautrix_telegram_version: v0.10.1 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 0c0480f1..962e8d88 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.8.1 +matrix_client_element_version: v1.8.2 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 3cc1df2a..e84d56cf 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.5 +matrix_client_hydrogen_version: v0.2.7 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/tasks/setup.yml b/roles/matrix-client-hydrogen/tasks/setup.yml index 205fa3ce..a5a5a48b 100644 --- a/roles/matrix-client-hydrogen/tasks/setup.yml +++ b/roles/matrix-client-hydrogen/tasks/setup.yml @@ -33,6 +33,17 @@ register: matrix_client_hydrogen_git_pull_results when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" +- name: Ensure Hydrogen Docker image is built + docker_image: + name: "{{ matrix_client_hydrogen_docker_image }}" + source: build + force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_client_hydrogen_docker_src_files_path }}" + pull: yes + when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" + - name: Ensure Hydrogen configuration installed copy: content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" @@ -53,17 +64,6 @@ - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} when: "matrix_client_hydrogen_enabled|bool and item.src is not none" -- name: Ensure Hydrogen Docker image is built - docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: build - force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: yes - when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" - - name: Ensure matrix-client-hydrogen.service installed template: src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 881bee67..313f79a8 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.1.1 +matrix_corporal_version: 2.1.2 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index eb55e500..b845e9ee 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r3 +matrix_coturn_version: 4.5.2-r4 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 45bd2d91..55259c52 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.0.6 +matrix_grafana_version: 8.1.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 8c8d9156..bef993e0 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -7,6 +7,7 @@ matrix_jitsi_enable_guests: false matrix_jitsi_enable_recording: false matrix_jitsi_enable_transcriptions: false matrix_jitsi_enable_p2p: true +matrix_jitsi_enable_av_moderation: true # Authentication type, must be one of internal, jwt or ldap. Currently only # internal and ldap are supported by this playbook. @@ -53,7 +54,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-5963 +matrix_jitsi_version: stable-6173 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" @@ -69,6 +70,14 @@ matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" # Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`. matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443'] +# Setting up TURN +# Default set with Coturn container +matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}" +matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}" +matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}" +matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}" +matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}" + # Controls whether Etherpad will be available within Jitsi matrix_jitsi_etherpad_enabled: false diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 index 3a91463e..70feda6e 100644 --- a/roles/matrix-jitsi/templates/prosody/env.j2 +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -2,6 +2,7 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }} ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }} +ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}} ENABLE_XMPP_WEBSOCKET GLOBAL_MODULES GLOBAL_CONFIG @@ -48,4 +49,9 @@ JWT_AUTH_TYPE JWT_TOKEN_AUTH_MODULE LOG_LEVEL PUBLIC_URL={{ matrix_jitsi_web_public_url }} +TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }} +TURN_HOST={{ matrix_jitsi_turn_host }} +TURNS_HOST={{ matrix_jitsi_turns_host }} +TURN_PORT={{ matrix_jitsi_turn_port }} +TURNS_PORT={{ matrix_jitsi_turns_port }} TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 8ca1a8a3..71a33752 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.94.2-r0-2 +matrix_mailer_version: 4.94.2-r0-4 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 87cbcde1..f64b161f 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -282,6 +282,23 @@ matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] +# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives +# Nginx Default: proxy_connect_timeout 60s; #Defines a timeout for establishing a connection with a proxied server +# Nginx Default: proxy_send_timeout 60s; #Sets a timeout for transmitting a request to the proxied server. +# Nginx Default: proxy_read_timeout 60s; #Defines a timeout for reading a response from the proxied server. +# Nginx Default: send_timeout 60s; #Sets a timeout for transmitting a response to the client. +# +# For more information visit: +# http://nginx.org/en/docs/http/ngx_http_proxy_module.html +# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout +# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/ +# +# Here we are sticking with nginx default values change this value carefully. +matrix_nginx_proxy_connect_timeout: 60 +matrix_nginx_proxy_send_timeout: 60 +matrix_nginx_proxy_read_timeout: 60 +matrix_nginx_send_timeout: 60 + # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users. # # Learn more about what it is here: @@ -409,7 +426,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 index 9ec7fa56..1084d8ca 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 @@ -42,6 +42,11 @@ http { {% else %} access_log off; {% endif %} + + proxy_connect_timeout {{ matrix_nginx_proxy_connect_timeout }}; + proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }}; + proxy_read_timeout {{ matrix_nginx_proxy_read_timeout }}; + send_timeout {{ matrix_nginx_send_timeout }}; sendfile on; #tcp_nopush on; diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 9c1cac9a..8439241a 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64 # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 5c3a6386..481864d3 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_node_exporter_enabled: false -matrix_prometheus_node_exporter_version: v1.2.0 +matrix_prometheus_node_exporter_version: v1.2.2 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 8aca4576..0857d3e7 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.9.0 +matrix_prometheus_postgres_exporter_version: v0.10.0 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 3725993c..dc43eb48 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.28.1 +matrix_prometheus_version: v2.29.2 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 476ac2ad..70d530f8 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -7,7 +7,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" -matrix_sygnal_version: v0.9.0 +matrix_sygnal_version: v0.10.1 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}" matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}" @@ -25,26 +25,6 @@ matrix_sygnal_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_sygnal_container_extra_arguments: [] -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_sygnal_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables -matrix_sygnal_database_engine: 'sqlite' - -matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db" -matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db" - -matrix_sygnal_database_username: 'matrix_sygnal' -matrix_sygnal_database_password: 'some-password' -matrix_sygnal_database_hostname: 'matrix-postgres' -matrix_sygnal_database_port: 5432 -matrix_sygnal_database_name: 'matrix_sygnal' - -matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}' - # A map (dictionary) of apps instances that this server works with. # # Example configuration: diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index afac61c4..b85b6bff 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -1,32 +1,5 @@ --- -- set_fact: - matrix_sygnal_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_sygnal_sqlite_database_path_local }}" - register: matrix_sygnal_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_sygnal_sqlite_database_path_local }}" - dst: "{{ matrix_sygnal_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_sygnal_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-sygnal.service'] - pgloader_options: ['--with "quote identifiers"'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_sygnal_requires_restart: true - when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_sygnal_database_engine == 'postgres'" - - name: Ensure Sygnal image is pulled docker_image: name: "{{ matrix_sygnal_docker_image }}" @@ -65,9 +38,3 @@ service: daemon_reload: yes when: "matrix_sygnal_systemd_service_result.changed|bool" - -- name: Ensure matrix-sygnal.service restarted, if necessary - service: - name: "matrix-sygnal.service" - state: restarted - when: "matrix_sygnal_requires_restart|bool" diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index efd64104..1cf8357e 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -3,11 +3,3 @@ msg: >- Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" - -- name: Fail if running on a non-supported architecture - fail: - msg: >- - Sygnal can only be used on the amd64 architecture for now. - Only amd64 container images are pushed for the `docker.io/matrixdotorg/sygnal` container image. - Either use a different image (by redefining `matrix_sygnal_docker_image`) or consider contributing self-building support to this role. - when: "matrix_sygnal_enabled and matrix_architecture != 'amd64' and matrix_sygnal_docker_image.startswith('docker.io/matrixdotorg/sygnal')" diff --git a/roles/matrix-sygnal/templates/sygnal.yaml.j2 b/roles/matrix-sygnal/templates/sygnal.yaml.j2 index bb8c521d..bb81ea9a 100644 --- a/roles/matrix-sygnal/templates/sygnal.yaml.j2 +++ b/roles/matrix-sygnal/templates/sygnal.yaml.j2 @@ -3,57 +3,6 @@ # See: matrix.org ## -# The 'database' setting defines the database that sygnal uses to store all of -# its data. -# -# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or -# 'psycopg2' (for PostgreSQL). -# -# 'args' gives options which are passed through to the database engine, -# except for options starting 'cp_', which are used to configure the Twisted -# connection pool. For a reference to valid arguments, see: -# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect -# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS -# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ -# -# -# Example SQLite configuration: -# -#database: -# name: sqlite3 -# args: -# dbfile: /path/to/database.db -# -# -# Example Postgres configuration: -# -#database: -# name: psycopg2 -# args: -# host: localhost -# database: sygnal -# user: sygnal -# password: pass -# cp_min: 1 -# cp_max: 5 -# -{% if matrix_sygnal_database_engine == 'sqlite' %} -database: - name: sqlite3 - args: - dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }} -{% else %} -database: - name: psycopg2 - args: - host: {{ matrix_sygnal_database_hostname|to_json }} - database: {{ matrix_sygnal_database_name|to_json }} - user: {{ matrix_sygnal_database_username|to_json }} - password: {{ matrix_sygnal_database_password|to_json }} - cp_min: 1 - cp_max: 5 -{% endif %} - ## Logging # # log: diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 002ff68d..6fb47fb3 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -16,6 +16,7 @@ git: repo: "{{ matrix_synapse_admin_container_self_build_repo }}" dest: "{{ matrix_synapse_admin_docker_src_files_path }}" + version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" force: "yes" register: matrix_synapse_admin_git_pull_results when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 83d2e51d..e63c4696 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.40.0 -matrix_synapse_version_arm64: v1.40.0 +matrix_synapse_version: v1.41.1 +matrix_synapse_version_arm64: v1.41.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -470,6 +470,7 @@ matrix_synapse_email_smtp_port: 587 matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_notif_from: "Matrix " matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}" +matrix_synapse_email_invite_client_location: "https://app.element.io" # Enable this to activate the REST auth password provider module. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 4fd258f1..8c7d0449 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -185,6 +185,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # # This option replaces federation_ip_range_blacklist in Synapse v1.25.0. # +# Note: The value is ignored when an HTTP proxy is in use +# #ip_range_blacklist: # - '127.0.0.0/8' # - '10.0.0.0/8' @@ -583,6 +585,19 @@ retention: # #next_link_domain_whitelist: ["matrix.org"] +# Templates to use when generating email or HTML page contents. +# +templates: + # Directory in which Synapse will try to find template files to use to generate + # email or HTML page contents. + # If not set, or a file is not found within the template directory, a default + # template from within the Synapse package will be used. + # + # See https://matrix-org.github.io/synapse/latest/templates.html for more + # information about using custom templates. + # + #custom_template_directory: /path/to/custom/templates/ + ## TLS ## @@ -729,6 +744,21 @@ caches: per_cache_factors: #get_users_who_share_room_with_user: 2.0 + # Controls how long an entry can be in a cache without having been + # accessed before being evicted. Defaults to None, which means + # entries are never evicted based on time. + # + #expiry_time: 30m + + # Controls how long the results of a /sync request are cached for after + # a successful response is returned. A higher duration can help clients with + # intermittent connections, at the cost of higher memory usage. + # + # By default, this is zero, which means that sync responses are not cached + # at all. + # + #sync_response_cache_duration: 2m + ## Database ## @@ -996,6 +1026,8 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }} # This must be specified if url_preview_enabled is set. It is recommended that # you uncomment the following list as a starting point. # +# Note: The value is ignored when an HTTP proxy is in use +# url_preview_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' @@ -1924,6 +1956,9 @@ cas_config: # Additional settings to use with single-sign on systems such as OpenID Connect, # SAML2 and CAS. # +# Server admins can configure custom templates for pages related to SSO. See +# https://matrix-org.github.io/synapse/latest/templates.html for more information. +# sso: # A list of client URLs which are whitelisted so that the user does not # have to confirm giving access to their account to the URL. Any client @@ -2250,6 +2285,9 @@ ui_auth: {% if matrix_synapse_email_enabled %} # Configuration for sending emails from Synapse. # +# Server admins can configure custom templates for email content. See +# https://matrix-org.github.io/synapse/latest/templates.html for more information. +# email: # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. # @@ -2275,10 +2313,13 @@ email: #require_transport_security: true require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }} - # Enable sending emails for messages that the user has missed + # Uncomment the following to disable TLS for SMTP. # - #enable_notifs: false - enable_notifs: true + # By default, if the server supports TLS, it will be used, and the server + # must present a certificate that is valid for 'smtp_host'. If this option + # is set to false, TLS will not be used. + # + #enable_tls: false # notif_from defines the "From" address to use when sending emails. # It must be set if email sending is enabled. @@ -2299,6 +2340,11 @@ email: #app_name: my_branded_matrix_server app_name: Matrix + # Enable sending emails for messages that the user has missed + # + #enable_notifs: false + enable_notifs: true + # Uncomment the following to disable automatic subscription to email # notifications for new users. Enabled by default. # @@ -2319,48 +2365,11 @@ email: # #validation_token_lifetime: 15m - # Directory in which Synapse will try to find the template files below. - # If not set, or the files named below are not found within the template - # directory, default templates from within the Synapse package will be used. - # - # Synapse will look for the following templates in this directory: - # - # * The contents of email notifications of missed events: 'notif_mail.html' and - # 'notif_mail.txt'. - # - # * The contents of account expiry notice emails: 'notice_expiry.html' and - # 'notice_expiry.txt'. - # - # * The contents of password reset emails sent by the homeserver: - # 'password_reset.html' and 'password_reset.txt' - # - # * An HTML page that a user will see when they follow the link in the password - # reset email. The user will be asked to confirm the action before their - # password is reset: 'password_reset_confirmation.html' - # - # * HTML pages for success and failure that a user will see when they confirm - # the password reset flow using the page above: 'password_reset_success.html' - # and 'password_reset_failure.html' - # - # * The contents of address verification emails sent during registration: - # 'registration.html' and 'registration.txt' - # - # * HTML pages for success and failure that a user will see when they follow - # the link in an address verification email sent during registration: - # 'registration_success.html' and 'registration_failure.html' - # - # * The contents of address verification emails sent when an address is added - # to a Matrix account: 'add_threepid.html' and 'add_threepid.txt' - # - # * HTML pages for success and failure that a user will see when they follow - # the link in an address verification email sent when an address is added - # to a Matrix account: 'add_threepid_success.html' and - # 'add_threepid_failure.html' - # - # You can see the default templates at: - # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates + # The web client location to direct users to during an invite. This is passed + # to the identity server as the org.matrix.web_client_location key. Defaults + # to unset, giving no guidance to the identity server. # - #template_dir: "res/templates" + invite_client_location: {{ matrix_synapse_email_invite_client_location|string|to_json }} # Subjects to use when sending emails from Synapse. # diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 1f817c8e..5244d26f 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -37,6 +37,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/send/ # Client API requests + - ^/_matrix/client/(api/v1|r0|unstable)/createRoom$ - ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ @@ -253,10 +254,12 @@ matrix_synapse_workers_media_repository_endpoints: - ^/_synapse/admin/v1/user/.*/media.*$ - ^/_synapse/admin/v1/media/.*$ - ^/_synapse/admin/v1/quarantine_media/.*$ + - ^/_synapse/admin/v1/users/.*/media$ # You should also set `enable_media_repo: False` in the shared configuration # file to stop the main synapse running background jobs related to managing the - # media repository. + # media repository. Note that doing so will prevent the main process from being + # able to handle the above endpoints. # In the `media_repository` worker configuration file, configure the http listener to # expose the `media` resource. For example: diff --git a/setup.yml b/setup.yml index 2c0e197a..282df2e1 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc + - matrix-bridge-beeper-linkedin - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-hangouts - matrix-bridge-mautrix-instagram