From cdbffd04bcbbfae01a2d8b63347f1f2b2f17f3f0 Mon Sep 17 00:00:00 2001 From: loooph Date: Sun, 7 Nov 2021 18:49:43 +0100 Subject: [PATCH] remove unused roles --- roles/matrix-awx/defaults/main.yml | 1 - .../scripts/matrix_build_room_list.py | 28 -- .../matrix-awx/surveys/access_export.json.j2 | 42 -- .../matrix-awx/surveys/backup_server.json.j2 | 18 - .../surveys/configure_corporal.json.j2 | 88 ---- .../surveys/configure_dimension.json.j2 | 30 -- .../surveys/configure_element.json.j2 | 114 ----- .../configure_element_subdomain.json.j2 | 18 - .../surveys/configure_email_relay.json.j2 | 19 - .../surveys/configure_jitsi.json.j2 | 31 -- .../surveys/configure_ma1sd.json.j2 | 41 -- .../surveys/configure_synapse.json.j2 | 198 --------- .../surveys/configure_synapse_admin.json.j2 | 18 - .../configure_website_access_export.json.j2 | 54 --- roles/matrix-awx/tasks/backup_server.yml | 100 ----- .../tasks/cache_matrix_variables.yml | 12 - .../matrix-awx/tasks/create_session_token.yml | 10 - roles/matrix-awx/tasks/create_user.yml | 40 -- .../tasks/customise_website_access_export.yml | 267 ----------- .../matrix-awx/tasks/delete_session_token.yml | 10 - roles/matrix-awx/tasks/export_server.yml | 43 -- roles/matrix-awx/tasks/import_awx.yml | 7 - .../tasks/load_hosting_and_org_variables.yml | 16 - .../tasks/load_matrix_variables.yml | 16 - roles/matrix-awx/tasks/main.yml | 216 --------- .../tasks/purge_database_build_list.yml | 11 - .../tasks/purge_database_events.yml | 14 - .../matrix-awx/tasks/purge_database_main.yml | 320 ------------- .../tasks/purge_database_no_local.yml | 14 - .../matrix-awx/tasks/purge_database_users.yml | 14 - roles/matrix-awx/tasks/purge_media_local.yml | 19 - roles/matrix-awx/tasks/purge_media_main.yml | 108 ----- roles/matrix-awx/tasks/purge_media_remote.yml | 19 - roles/matrix-awx/tasks/rename_variables.yml | 8 - roles/matrix-awx/tasks/rotate_ssh.yml | 25 -- roles/matrix-awx/tasks/self_check.yml | 106 ----- .../tasks/set_variables_corporal.yml | 241 ---------- .../tasks/set_variables_dimension.yml | 105 ----- .../tasks/set_variables_element.yml | 180 -------- .../tasks/set_variables_element_subdomain.yml | 43 -- .../matrix-awx/tasks/set_variables_jitsi.yml | 45 -- .../matrix-awx/tasks/set_variables_ma1sd.yml | 103 ----- .../matrix-awx/tasks/set_variables_mailer.yml | 44 -- .../tasks/set_variables_synapse.yml | 222 ---------- .../tasks/set_variables_synapse_admin.yml | 44 -- roles/matrix-bot-go-neb/defaults/main.yml | 231 ---------- roles/matrix-bot-go-neb/tasks/init.yml | 3 - roles/matrix-bot-go-neb/tasks/main.yml | 21 - .../matrix-bot-go-neb/tasks/setup_install.yml | 50 --- .../tasks/setup_uninstall.yml | 35 -- .../tasks/validate_config.yml | 13 - .../templates/config.yaml.j2 | 44 -- .../systemd/matrix-bot-go-neb.service.j2 | 49 -- .../defaults/main.yml | 97 ---- .../tasks/init.yml | 3 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 95 ---- .../tasks/setup_uninstall.yml | 35 -- .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 50 --- .../matrix-bot-matrix-reminder-bot.service.j2 | 42 -- roles/matrix-bot-mjolnir/defaults/main.yml | 60 --- roles/matrix-bot-mjolnir/tasks/init.yml | 10 - roles/matrix-bot-mjolnir/tasks/main.yml | 21 - .../tasks/setup_install.yml | 72 --- .../tasks/setup_uninstall.yml | 35 -- .../tasks/validate_config.yml | 9 - .../templates/production.yaml.j2 | 162 ------- .../systemd/matrix-bot-mjolnir.service.j2 | 42 -- .../defaults/main.yml | 110 ----- .../tasks/init.yml | 24 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 114 ----- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 26 -- .../templates/config.yaml.j2 | 103 ----- .../matrix-appservice-discord.service.j2 | 45 -- .../defaults/main.yml | 401 ----------------- .../tasks/init.yml | 31 -- .../tasks/main.yml | 21 - .../tasks/migrate_nedb_to_postgres.yml | 70 --- .../tasks/setup_install.yml | 194 -------- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 35 -- .../templates/config.yaml.j2 | 134 ------ .../systemd/matrix-appservice-irc.service.j2 | 46 -- .../defaults/main.yml | 118 ----- .../tasks/init.yml | 86 ---- .../tasks/main.yml | 21 - .../tasks/migrate_nedb_to_postgres.yml | 66 --- .../tasks/setup_install.yml | 94 ---- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 12 - .../templates/config.yaml.j2 | 20 - .../matrix-appservice-slack.service.j2 | 45 -- .../defaults/main.yml | 84 ---- .../tasks/init.yml | 81 ---- .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 88 ---- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 12 - .../templates/config.yaml.j2 | 28 -- .../templates/database.json.j2 | 13 - .../templates/schema.yml.j2 | 54 --- .../matrix-appservice-webhooks.service.j2 | 45 -- .../defaults/main.yml | 100 ----- .../tasks/init.yml | 16 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 56 --- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 11 - .../templates/config.yaml.j2 | 267 ----------- .../systemd/matrix-beeper-linkedin.service.j2 | 42 -- .../defaults/main.yml | 47 -- .../matrix-bridge-heisenbridge/tasks/init.yml | 24 - .../matrix-bridge-heisenbridge/tasks/main.yml | 15 - .../tasks/setup_install.yml | 38 -- .../tasks/setup_uninstall.yml | 24 - .../systemd/matrix-heisenbridge.service.j2 | 51 --- .../defaults/main.yml | 114 ----- .../tasks/init.yml | 23 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 129 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 31 -- .../templates/config.yaml.j2 | 227 ---------- .../matrix-mautrix-facebook.service.j2 | 42 -- .../defaults/main.yml | 115 ----- .../tasks/init.yml | 69 --- .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 14 - .../templates/config.yaml.j2 | 145 ------ .../matrix-mautrix-googlechat.service.j2 | 43 -- .../defaults/main.yml | 115 ----- .../tasks/init.yml | 69 --- .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 14 - .../templates/config.yaml.j2 | 145 ------ .../matrix-mautrix-hangouts.service.j2 | 54 --- .../defaults/main.yml | 105 ----- .../tasks/init.yml | 23 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 81 ---- .../tasks/setup_uninstall.yml | 23 - .../tasks/validate_config.yml | 9 - .../templates/config.yaml.j2 | 234 ---------- .../matrix-mautrix-instagram.service.j2 | 42 -- .../defaults/main.yml | 123 ----- .../tasks/init.yml | 16 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 118 ----- .../tasks/setup_uninstall.yml | 45 -- .../tasks/validate_config.yml | 28 -- .../templates/config.yaml.j2 | 239 ---------- .../templates/registration.yaml.j2 | 18 - .../matrix-mautrix-signal-daemon.service.j2 | 41 -- .../systemd/matrix-mautrix-signal.service.j2 | 48 -- .../defaults/main.yml | 132 ------ .../tasks/init.yml | 70 --- .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 150 ------- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 22 - .../templates/config.yaml.j2 | 419 ------------------ .../matrix-mautrix-telegram.service.j2 | 54 --- .../defaults/main.yml | 116 ----- .../tasks/init.yml | 16 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 140 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 11 - .../templates/config.yaml.j2 | 169 ------- .../matrix-mautrix-whatsapp.service.j2 | 43 -- .../defaults/main.yml | 110 ----- .../tasks/init.yml | 23 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 125 ------ .../matrix-mx-puppet-discord.service.j2 | 43 -- .../defaults/main.yml | 109 ----- .../tasks/init.yml | 23 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 86 ---- .../matrix-mx-puppet-groupme.service.j2 | 43 -- .../defaults/main.yml | 103 ----- .../tasks/init.yml | 24 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 112 ----- .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 69 --- .../matrix-mx-puppet-instagram.service.j2 | 43 -- .../defaults/main.yml | 111 ----- .../tasks/init.yml | 23 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 118 ----- .../systemd/matrix-mx-puppet-skype.service.j2 | 43 -- .../defaults/main.yml | 113 ----- .../tasks/init.yml | 70 --- .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 79 ---- .../systemd/matrix-mx-puppet-slack.service.j2 | 46 -- .../defaults/main.yml | 109 ----- .../tasks/init.yml | 23 - .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 86 ---- .../systemd/matrix-mx-puppet-steam.service.j2 | 43 -- .../defaults/main.yml | 122 ----- .../tasks/init.yml | 70 --- .../tasks/main.yml | 21 - .../tasks/setup_install.yml | 128 ------ .../tasks/setup_uninstall.yml | 24 - .../tasks/validate_config.yml | 10 - .../templates/config.yaml.j2 | 79 ---- .../matrix-mx-puppet-twitter.service.j2 | 46 -- roles/matrix-bridge-sms/defaults/main.yml | 125 ------ roles/matrix-bridge-sms/tasks/init.yml | 24 - roles/matrix-bridge-sms/tasks/main.yml | 21 - .../matrix-bridge-sms/tasks/setup_install.yml | 55 --- .../tasks/setup_uninstall.yml | 19 - .../tasks/validate_config.yml | 15 - .../systemd/matrix-sms-bridge.service.j2 | 45 -- .../matrix-client-hydrogen/defaults/main.yml | 68 --- roles/matrix-client-hydrogen/tasks/init.yml | 10 - roles/matrix-client-hydrogen/tasks/main.yml | 15 - .../tasks/self_check.yml | 22 - roles/matrix-client-hydrogen/tasks/setup.yml | 121 ----- .../tasks/validate_config.yml | 9 - .../templates/config.json.j2 | 3 - .../templates/nginx.conf.j2 | 66 --- .../systemd/matrix-client-hydrogen.service.j2 | 39 -- roles/matrix-corporal/defaults/main.yml | 106 ----- roles/matrix-corporal/tasks/init.yml | 10 - roles/matrix-corporal/tasks/main.yml | 22 - .../tasks/self_check_corporal.yml | 22 - .../matrix-corporal/tasks/setup_corporal.yml | 114 ----- .../matrix-corporal/tasks/validate_config.yml | 27 -- .../matrix-corporal/templates/config.json.j2 | 38 -- .../systemd/matrix-corporal.service.j2 | 44 -- roles/matrix-dimension/defaults/main.yml | 91 ---- roles/matrix-dimension/tasks/init.yml | 3 - roles/matrix-dimension/tasks/main.yml | 21 - .../matrix-dimension/tasks/setup_install.yml | 110 ----- .../tasks/setup_uninstall.yml | 35 -- .../tasks/validate_config.yml | 16 - .../matrix-dimension/templates/config.yaml.j2 | 85 ---- .../systemd/matrix-dimension.service.j2 | 48 -- roles/matrix-dimension/vars/main.yml | 5 - roles/matrix-dynamic-dns/defaults/main.yml | 48 -- roles/matrix-dynamic-dns/tasks/init.yml | 10 - roles/matrix-dynamic-dns/tasks/install.yml | 62 --- roles/matrix-dynamic-dns/tasks/main.yml | 21 - roles/matrix-dynamic-dns/tasks/uninstall.yml | 27 -- .../tasks/validate_config.yml | 16 - .../templates/ddclient.conf.j2 | 26 -- .../systemd/matrix-dynamic-dns.service.j2 | 36 -- roles/matrix-email2matrix/defaults/main.yml | 50 --- roles/matrix-email2matrix/tasks/init.yml | 3 - roles/matrix-email2matrix/tasks/main.yml | 21 - .../tasks/setup_install.yml | 63 --- .../tasks/setup_uninstall.yml | 35 -- .../tasks/validate_config.yml | 7 - .../templates/config.json.j2 | 14 - .../systemd/matrix-email2matrix.service.j2 | 34 -- roles/matrix-etherpad/defaults/main.yml | 87 ---- roles/matrix-etherpad/tasks/init.yml | 62 --- roles/matrix-etherpad/tasks/main.yml | 21 - roles/matrix-etherpad/tasks/setup_install.yml | 36 -- .../matrix-etherpad/tasks/setup_uninstall.yml | 35 -- .../matrix-etherpad/tasks/validate_config.yml | 11 - .../templates/settings.json.j2 | 105 ----- .../systemd/matrix-etherpad.service.j2 | 44 -- roles/matrix-grafana/defaults/main.yml | 59 --- roles/matrix-grafana/tasks/init.yml | 5 - roles/matrix-grafana/tasks/main.yml | 14 - roles/matrix-grafana/tasks/setup.yml | 110 ----- .../matrix-grafana/tasks/validate_config.yml | 7 - .../templates/dashboards.yaml.j2 | 9 - .../templates/datasources.yaml.j2 | 8 - roles/matrix-grafana/templates/grafana.ini.j2 | 31 -- .../systemd/matrix-grafana.service.j2 | 43 -- roles/matrix-jitsi/defaults/main.yml | 270 ----------- roles/matrix-jitsi/tasks/init.yml | 3 - roles/matrix-jitsi/tasks/main.yml | 39 -- roles/matrix-jitsi/tasks/setup_jitsi_base.yml | 20 - .../matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 93 ---- roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 93 ---- .../tasks/setup_jitsi_prosody.yml | 84 ---- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 95 ---- roles/matrix-jitsi/tasks/validate_config.yml | 42 -- roles/matrix-jitsi/templates/jicofo/env.j2 | 34 -- .../templates/jicofo/logging.properties.j2 | 20 - .../jicofo/matrix-jitsi-jicofo.service.j2 | 33 -- .../jicofo/sip-communicator.properties.j2 | 9 - .../jvb/custom-sip-communicator.properties.j2 | 7 - roles/matrix-jitsi/templates/jvb/env.j2 | 25 -- .../templates/jvb/logging.properties.j2 | 13 - .../templates/jvb/matrix-jitsi-jvb.service.j2 | 43 -- roles/matrix-jitsi/templates/prosody/env.j2 | 57 --- .../prosody/matrix-jitsi-prosody.service.j2 | 38 -- .../templates/web/custom-config.js.j2 | 18 - roles/matrix-jitsi/templates/web/env.j2 | 94 ---- .../templates/web/interface_config.js.j2 | 295 ------------ .../templates/web/matrix-jitsi-web.service.j2 | 38 -- roles/matrix-ma1sd/defaults/main.yml | 161 ------- roles/matrix-ma1sd/tasks/init.yml | 10 - roles/matrix-ma1sd/tasks/main.yml | 28 -- roles/matrix-ma1sd/tasks/migrate_mxisd.yml | 72 --- roles/matrix-ma1sd/tasks/self_check_ma1sd.yml | 22 - roles/matrix-ma1sd/tasks/setup_install.yml | 167 ------- roles/matrix-ma1sd/tasks/setup_uninstall.yml | 35 -- roles/matrix-ma1sd/tasks/validate_config.yml | 68 --- roles/matrix-ma1sd/templates/ma1sd.yaml.j2 | 104 ----- .../templates/systemd/matrix-ma1sd.service.j2 | 48 -- roles/matrix-ma1sd/vars/main.yml | 5 - .../defaults/main.yml | 34 -- .../tasks/init.yml | 5 - .../tasks/main.yml | 8 - .../tasks/setup.yml | 54 --- ...matrix-prometheus-node-exporter.service.j2 | 44 -- .../defaults/main.yml | 49 -- .../tasks/init.yml | 5 - .../tasks/main.yml | 8 - .../tasks/setup.yml | 54 --- ...ix-prometheus-postgres-exporter.service.j2 | 42 -- roles/matrix-prometheus/defaults/main.yml | 67 --- roles/matrix-prometheus/tasks/init.yml | 5 - roles/matrix-prometheus/tasks/main.yml | 21 - .../matrix-prometheus/tasks/setup_install.yml | 50 --- .../tasks/setup_uninstall.yml | 25 -- .../tasks/validate_config.yml | 7 - .../templates/prometheus.yml.j2 | 59 --- .../systemd/matrix-prometheus.service.j2 | 43 -- roles/matrix-registration/defaults/main.yml | 116 ----- .../tasks/generate_token.yml | 50 --- roles/matrix-registration/tasks/init.yml | 68 --- .../matrix-registration/tasks/list_tokens.yml | 29 -- roles/matrix-registration/tasks/main.yml | 31 -- .../tasks/setup_install.yml | 101 ----- .../tasks/setup_uninstall.yml | 30 -- .../tasks/validate_config.yml | 20 - .../templates/config.yaml.j2 | 31 -- .../systemd/matrix-registration.service.j2 | 42 -- roles/matrix-sygnal/defaults/main.yml | 75 ---- roles/matrix-sygnal/tasks/init.yml | 3 - roles/matrix-sygnal/tasks/main.yml | 21 - roles/matrix-sygnal/tasks/setup_install.yml | 40 -- roles/matrix-sygnal/tasks/setup_uninstall.yml | 35 -- roles/matrix-sygnal/tasks/validate_config.yml | 5 - roles/matrix-sygnal/templates/sygnal.yaml.j2 | 237 ---------- .../systemd/matrix-sygnal.service.j2 | 42 -- roles/matrix-synapse-admin/defaults/main.yml | 32 -- roles/matrix-synapse-admin/tasks/init.yml | 59 --- roles/matrix-synapse-admin/tasks/main.yml | 14 - roles/matrix-synapse-admin/tasks/setup.yml | 81 ---- .../tasks/validate_config.yml | 10 - .../systemd/matrix-synapse-admin.service.j2 | 42 -- setup.yml | 40 -- 376 files changed, 21712 deletions(-) delete mode 100755 roles/matrix-awx/defaults/main.yml delete mode 100644 roles/matrix-awx/scripts/matrix_build_room_list.py delete mode 100644 roles/matrix-awx/surveys/access_export.json.j2 delete mode 100644 roles/matrix-awx/surveys/backup_server.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_corporal.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_dimension.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_element.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_element_subdomain.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_email_relay.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_jitsi.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_ma1sd.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_synapse.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_synapse_admin.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_website_access_export.json.j2 delete mode 100644 roles/matrix-awx/tasks/backup_server.yml delete mode 100644 roles/matrix-awx/tasks/cache_matrix_variables.yml delete mode 100644 roles/matrix-awx/tasks/create_session_token.yml delete mode 100755 roles/matrix-awx/tasks/create_user.yml delete mode 100755 roles/matrix-awx/tasks/customise_website_access_export.yml delete mode 100644 roles/matrix-awx/tasks/delete_session_token.yml delete mode 100644 roles/matrix-awx/tasks/export_server.yml delete mode 100644 roles/matrix-awx/tasks/import_awx.yml delete mode 100644 roles/matrix-awx/tasks/load_hosting_and_org_variables.yml delete mode 100755 roles/matrix-awx/tasks/load_matrix_variables.yml delete mode 100755 roles/matrix-awx/tasks/main.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_build_list.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_events.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_main.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_no_local.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_users.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_local.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_main.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_remote.yml delete mode 100644 roles/matrix-awx/tasks/rename_variables.yml delete mode 100644 roles/matrix-awx/tasks/rotate_ssh.yml delete mode 100644 roles/matrix-awx/tasks/self_check.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_corporal.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_dimension.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_element.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_element_subdomain.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_jitsi.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_ma1sd.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_mailer.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_synapse.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_synapse_admin.yml delete mode 100644 roles/matrix-bot-go-neb/defaults/main.yml delete mode 100644 roles/matrix-bot-go-neb/tasks/init.yml delete mode 100644 roles/matrix-bot-go-neb/tasks/main.yml delete mode 100644 roles/matrix-bot-go-neb/tasks/setup_install.yml delete mode 100644 roles/matrix-bot-go-neb/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bot-go-neb/tasks/validate_config.yml delete mode 100644 roles/matrix-bot-go-neb/templates/config.yaml.j2 delete mode 100644 roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 delete mode 100644 roles/matrix-bot-matrix-reminder-bot/defaults/main.yml delete mode 100644 roles/matrix-bot-matrix-reminder-bot/tasks/init.yml delete mode 100644 roles/matrix-bot-matrix-reminder-bot/tasks/main.yml delete mode 100644 roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml delete mode 100644 roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml delete mode 100644 roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 delete mode 100644 roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 delete mode 100644 roles/matrix-bot-mjolnir/defaults/main.yml delete mode 100644 roles/matrix-bot-mjolnir/tasks/init.yml delete mode 100644 roles/matrix-bot-mjolnir/tasks/main.yml delete mode 100644 roles/matrix-bot-mjolnir/tasks/setup_install.yml delete mode 100644 roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bot-mjolnir/tasks/validate_config.yml delete mode 100644 roles/matrix-bot-mjolnir/templates/production.yaml.j2 delete mode 100644 roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 delete mode 100644 roles/matrix-bridge-appservice-discord/defaults/main.yml delete mode 100644 roles/matrix-bridge-appservice-discord/tasks/init.yml delete mode 100644 roles/matrix-bridge-appservice-discord/tasks/main.yml delete mode 100644 roles/matrix-bridge-appservice-discord/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-appservice-discord/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 delete mode 100644 roles/matrix-bridge-appservice-irc/defaults/main.yml delete mode 100644 roles/matrix-bridge-appservice-irc/tasks/init.yml delete mode 100644 roles/matrix-bridge-appservice-irc/tasks/main.yml delete mode 100644 roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml delete mode 100644 roles/matrix-bridge-appservice-irc/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-appservice-irc/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 delete mode 100644 roles/matrix-bridge-appservice-slack/defaults/main.yml delete mode 100644 roles/matrix-bridge-appservice-slack/tasks/init.yml delete mode 100644 roles/matrix-bridge-appservice-slack/tasks/main.yml delete mode 100644 roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml delete mode 100644 roles/matrix-bridge-appservice-slack/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-appservice-slack/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 delete mode 100644 roles/matrix-bridge-appservice-webhooks/defaults/main.yml delete mode 100644 roles/matrix-bridge-appservice-webhooks/tasks/init.yml delete mode 100644 roles/matrix-bridge-appservice-webhooks/tasks/main.yml delete mode 100644 roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 delete mode 100644 roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 delete mode 100644 roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 delete mode 100644 roles/matrix-bridge-beeper-linkedin/defaults/main.yml delete mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/init.yml delete mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/main.yml delete mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 delete mode 100644 roles/matrix-bridge-heisenbridge/defaults/main.yml delete mode 100644 roles/matrix-bridge-heisenbridge/tasks/init.yml delete mode 100644 roles/matrix-bridge-heisenbridge/tasks/main.yml delete mode 100644 roles/matrix-bridge-heisenbridge/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-facebook/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-googlechat/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-googlechat/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-googlechat/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-hangouts/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-instagram/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-instagram/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-instagram/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-signal/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-signal/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-signal/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-telegram/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-discord/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-skype/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-slack/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-steam/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 delete mode 100644 roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 delete mode 100644 roles/matrix-bridge-sms/defaults/main.yml delete mode 100644 roles/matrix-bridge-sms/tasks/init.yml delete mode 100644 roles/matrix-bridge-sms/tasks/main.yml delete mode 100644 roles/matrix-bridge-sms/tasks/setup_install.yml delete mode 100644 roles/matrix-bridge-sms/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-bridge-sms/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 delete mode 100644 roles/matrix-client-hydrogen/defaults/main.yml delete mode 100644 roles/matrix-client-hydrogen/tasks/init.yml delete mode 100644 roles/matrix-client-hydrogen/tasks/main.yml delete mode 100644 roles/matrix-client-hydrogen/tasks/self_check.yml delete mode 100644 roles/matrix-client-hydrogen/tasks/setup.yml delete mode 100644 roles/matrix-client-hydrogen/tasks/validate_config.yml delete mode 100644 roles/matrix-client-hydrogen/templates/config.json.j2 delete mode 100644 roles/matrix-client-hydrogen/templates/nginx.conf.j2 delete mode 100644 roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 delete mode 100644 roles/matrix-corporal/defaults/main.yml delete mode 100644 roles/matrix-corporal/tasks/init.yml delete mode 100644 roles/matrix-corporal/tasks/main.yml delete mode 100644 roles/matrix-corporal/tasks/self_check_corporal.yml delete mode 100644 roles/matrix-corporal/tasks/setup_corporal.yml delete mode 100644 roles/matrix-corporal/tasks/validate_config.yml delete mode 100644 roles/matrix-corporal/templates/config.json.j2 delete mode 100644 roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 delete mode 100644 roles/matrix-dimension/defaults/main.yml delete mode 100644 roles/matrix-dimension/tasks/init.yml delete mode 100644 roles/matrix-dimension/tasks/main.yml delete mode 100644 roles/matrix-dimension/tasks/setup_install.yml delete mode 100644 roles/matrix-dimension/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-dimension/tasks/validate_config.yml delete mode 100644 roles/matrix-dimension/templates/config.yaml.j2 delete mode 100644 roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 delete mode 100644 roles/matrix-dimension/vars/main.yml delete mode 100644 roles/matrix-dynamic-dns/defaults/main.yml delete mode 100644 roles/matrix-dynamic-dns/tasks/init.yml delete mode 100644 roles/matrix-dynamic-dns/tasks/install.yml delete mode 100644 roles/matrix-dynamic-dns/tasks/main.yml delete mode 100644 roles/matrix-dynamic-dns/tasks/uninstall.yml delete mode 100644 roles/matrix-dynamic-dns/tasks/validate_config.yml delete mode 100644 roles/matrix-dynamic-dns/templates/ddclient.conf.j2 delete mode 100644 roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 delete mode 100644 roles/matrix-email2matrix/defaults/main.yml delete mode 100644 roles/matrix-email2matrix/tasks/init.yml delete mode 100644 roles/matrix-email2matrix/tasks/main.yml delete mode 100644 roles/matrix-email2matrix/tasks/setup_install.yml delete mode 100644 roles/matrix-email2matrix/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-email2matrix/tasks/validate_config.yml delete mode 100644 roles/matrix-email2matrix/templates/config.json.j2 delete mode 100644 roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 delete mode 100644 roles/matrix-etherpad/defaults/main.yml delete mode 100644 roles/matrix-etherpad/tasks/init.yml delete mode 100644 roles/matrix-etherpad/tasks/main.yml delete mode 100644 roles/matrix-etherpad/tasks/setup_install.yml delete mode 100644 roles/matrix-etherpad/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-etherpad/tasks/validate_config.yml delete mode 100644 roles/matrix-etherpad/templates/settings.json.j2 delete mode 100644 roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 delete mode 100644 roles/matrix-grafana/defaults/main.yml delete mode 100644 roles/matrix-grafana/tasks/init.yml delete mode 100644 roles/matrix-grafana/tasks/main.yml delete mode 100644 roles/matrix-grafana/tasks/setup.yml delete mode 100644 roles/matrix-grafana/tasks/validate_config.yml delete mode 100644 roles/matrix-grafana/templates/dashboards.yaml.j2 delete mode 100644 roles/matrix-grafana/templates/datasources.yaml.j2 delete mode 100644 roles/matrix-grafana/templates/grafana.ini.j2 delete mode 100644 roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 delete mode 100644 roles/matrix-jitsi/defaults/main.yml delete mode 100644 roles/matrix-jitsi/tasks/init.yml delete mode 100644 roles/matrix-jitsi/tasks/main.yml delete mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_base.yml delete mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml delete mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml delete mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml delete mode 100644 roles/matrix-jitsi/tasks/setup_jitsi_web.yml delete mode 100644 roles/matrix-jitsi/tasks/validate_config.yml delete mode 100644 roles/matrix-jitsi/templates/jicofo/env.j2 delete mode 100644 roles/matrix-jitsi/templates/jicofo/logging.properties.j2 delete mode 100644 roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 delete mode 100644 roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 delete mode 100644 roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 delete mode 100644 roles/matrix-jitsi/templates/jvb/env.j2 delete mode 100644 roles/matrix-jitsi/templates/jvb/logging.properties.j2 delete mode 100644 roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 delete mode 100644 roles/matrix-jitsi/templates/prosody/env.j2 delete mode 100644 roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 delete mode 100644 roles/matrix-jitsi/templates/web/custom-config.js.j2 delete mode 100644 roles/matrix-jitsi/templates/web/env.j2 delete mode 100644 roles/matrix-jitsi/templates/web/interface_config.js.j2 delete mode 100644 roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 delete mode 100644 roles/matrix-ma1sd/defaults/main.yml delete mode 100644 roles/matrix-ma1sd/tasks/init.yml delete mode 100644 roles/matrix-ma1sd/tasks/main.yml delete mode 100644 roles/matrix-ma1sd/tasks/migrate_mxisd.yml delete mode 100644 roles/matrix-ma1sd/tasks/self_check_ma1sd.yml delete mode 100644 roles/matrix-ma1sd/tasks/setup_install.yml delete mode 100644 roles/matrix-ma1sd/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-ma1sd/tasks/validate_config.yml delete mode 100644 roles/matrix-ma1sd/templates/ma1sd.yaml.j2 delete mode 100644 roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 delete mode 100644 roles/matrix-ma1sd/vars/main.yml delete mode 100644 roles/matrix-prometheus-node-exporter/defaults/main.yml delete mode 100644 roles/matrix-prometheus-node-exporter/tasks/init.yml delete mode 100644 roles/matrix-prometheus-node-exporter/tasks/main.yml delete mode 100644 roles/matrix-prometheus-node-exporter/tasks/setup.yml delete mode 100644 roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 delete mode 100644 roles/matrix-prometheus-postgres-exporter/defaults/main.yml delete mode 100644 roles/matrix-prometheus-postgres-exporter/tasks/init.yml delete mode 100644 roles/matrix-prometheus-postgres-exporter/tasks/main.yml delete mode 100644 roles/matrix-prometheus-postgres-exporter/tasks/setup.yml delete mode 100644 roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 delete mode 100644 roles/matrix-prometheus/defaults/main.yml delete mode 100644 roles/matrix-prometheus/tasks/init.yml delete mode 100644 roles/matrix-prometheus/tasks/main.yml delete mode 100644 roles/matrix-prometheus/tasks/setup_install.yml delete mode 100644 roles/matrix-prometheus/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-prometheus/tasks/validate_config.yml delete mode 100644 roles/matrix-prometheus/templates/prometheus.yml.j2 delete mode 100644 roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 delete mode 100644 roles/matrix-registration/defaults/main.yml delete mode 100644 roles/matrix-registration/tasks/generate_token.yml delete mode 100644 roles/matrix-registration/tasks/init.yml delete mode 100644 roles/matrix-registration/tasks/list_tokens.yml delete mode 100644 roles/matrix-registration/tasks/main.yml delete mode 100644 roles/matrix-registration/tasks/setup_install.yml delete mode 100644 roles/matrix-registration/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-registration/tasks/validate_config.yml delete mode 100644 roles/matrix-registration/templates/config.yaml.j2 delete mode 100644 roles/matrix-registration/templates/systemd/matrix-registration.service.j2 delete mode 100644 roles/matrix-sygnal/defaults/main.yml delete mode 100644 roles/matrix-sygnal/tasks/init.yml delete mode 100644 roles/matrix-sygnal/tasks/main.yml delete mode 100644 roles/matrix-sygnal/tasks/setup_install.yml delete mode 100644 roles/matrix-sygnal/tasks/setup_uninstall.yml delete mode 100644 roles/matrix-sygnal/tasks/validate_config.yml delete mode 100644 roles/matrix-sygnal/templates/sygnal.yaml.j2 delete mode 100644 roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 delete mode 100644 roles/matrix-synapse-admin/defaults/main.yml delete mode 100644 roles/matrix-synapse-admin/tasks/init.yml delete mode 100644 roles/matrix-synapse-admin/tasks/main.yml delete mode 100644 roles/matrix-synapse-admin/tasks/setup.yml delete mode 100644 roles/matrix-synapse-admin/tasks/validate_config.yml delete mode 100644 roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml deleted file mode 100755 index fb9f56ae..00000000 --- a/roles/matrix-awx/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -matrix_awx_enabled: true diff --git a/roles/matrix-awx/scripts/matrix_build_room_list.py b/roles/matrix-awx/scripts/matrix_build_room_list.py deleted file mode 100644 index 3abfcd8c..00000000 --- a/roles/matrix-awx/scripts/matrix_build_room_list.py +++ /dev/null @@ -1,28 +0,0 @@ - -import sys -import requests -import json - -janitor_token = sys.argv[1] -synapse_container_ip = sys.argv[2] - -# collect total amount of rooms - -rooms_raw_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms' -rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} -rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) -rooms_raw_python = json.loads(rooms_raw.text) -total_rooms = rooms_raw_python["total_rooms"] - -# build complete room list file - -room_list_file = open("/tmp/room_list_complete.json", "w") - -for i in range(0, total_rooms, 100): - rooms_inc_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms?from=' + str(i) - rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) - room_list_file.write(rooms_inc.text) - -room_list_file.close() - -print(total_rooms) diff --git a/roles/matrix-awx/surveys/access_export.json.j2 b/roles/matrix-awx/surveys/access_export.json.j2 deleted file mode 100644 index d5e1f945..00000000 --- a/roles/matrix-awx/surveys/access_export.json.j2 +++ /dev/null @@ -1,42 +0,0 @@ -{ - "name": "Access Export", - "description": "Access the services export.", - "spec": [ - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 deleted file mode 100644 index 559daade..00000000 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Backup Server", - "description": "Performs a backup of the entire service to a remote location.", - "spec": [ - { - "question_name": "Enable Backup", - "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_backup_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_backup_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_corporal.json.j2 b/roles/matrix-awx/surveys/configure_corporal.json.j2 deleted file mode 100755 index 7b782fd0..00000000 --- a/roles/matrix-awx/surveys/configure_corporal.json.j2 +++ /dev/null @@ -1,88 +0,0 @@ -{ - "name": "Configure Matrix Corporal", - "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.", - "spec": [ - { - "question_name": "Enable Corporal", - "question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_corporal_enabled|string|lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_corporal_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Corporal Policy Provider", - "question_description": "Controls what provider policy is used with Matrix Corporal.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_corporal_policy_provider_mode }}", - "choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)", - "new_question": true, - "variable": "awx_corporal_policy_provider_mode", - "type": "multiplechoice" - }, - { - "question_name": "Simple Static File Configuration", - "question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.", - "required": false, - "min": 0, - "max": 65536, - "default": "", - "new_question": true, - "variable": "awx_corporal_simple_static_config", - "type": "textarea" - }, - { - "question_name": "HTTP Pull Mode URI", - "question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.", - "required": false, - "min": 0, - "max": 4096, - "default": "{{ awx_corporal_pull_mode_uri }}", - "new_question": true, - "variable": "awx_corporal_pull_mode_uri", - "type": "text" - }, - { - "question_name": "HTTP Pull Mode Authentication Token", - "question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ awx_corporal_pull_mode_token }}", - "choices": "", - "new_question": true, - "variable": "awx_corporal_pull_mode_token", - "type": "password" - }, - { - "question_name": "Corporal API Authentication Token", - "question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ awx_corporal_http_api_auth_token }}", - "choices": "", - "new_question": true, - "variable": "awx_corporal_http_api_auth_token", - "type": "password" - }, - { - "question_name": "Raise Synapse Ratelimits", - "question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_corporal_raise_ratelimits }}", - "choices": "Normal\nRaised", - "new_question": true, - "variable": "matrix_corporal_raise_ratelimits", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 deleted file mode 100644 index 5f79cfd0..00000000 --- a/roles/matrix-awx/surveys/configure_dimension.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "Configure Dimension", - "description": "Configure Dimension, the self-hosted integrations server.", - "spec": [ - { - "question_name": "Enable Dimension", - "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_dimension_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_dimension_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Dimension Users", - "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_dimension_users_final | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_dimension_users", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element.json.j2 b/roles/matrix-awx/surveys/configure_element.json.j2 deleted file mode 100755 index b4021732..00000000 --- a/roles/matrix-awx/surveys/configure_element.json.j2 +++ /dev/null @@ -1,114 +0,0 @@ -{ - "name": "Configure Element", - "description": "Configure Element web client, Element is the most developed Matrix client software.", - "spec": [ - { - "question_name": "Enable Element-Web", - "question_description": "Set if Element web client is enabled or not.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_client_element_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Theme for Web Client", - "question_description": "Sets the default theme for the web client, can be changed later by individual users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_default_theme }}", - "choices": "light\ndark", - "new_question": true, - "variable": "matrix_client_element_default_theme", - "type": "multiplechoice" - }, - { - "question_name": "Set Branding for Web Client", - "question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_client_element_brand | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_brand", - "type": "text" - }, - { - "question_name": "Set Welcome Page Background", - "question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_branding_welcomeBackgroundUrl", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo", - "question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo URL", - "question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo_link | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo_link", - "type": "text" - }, - { - "question_name": "Set Welcome Page Headline", - "question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'", - "required": false, - "min": 0, - "max": 512, - "default": "{{ awx_matrix_client_element_welcome_headline | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_headline", - "type": "text" - }, - { - "question_name": "Set Welcome Page Text", - "question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_matrix_client_element_welcome_text | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_text", - "type": "text" - }, - { - "question_name": "Show Registration Button", - "question_description": "If you show the registration button on the welcome page.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_registration_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_registration_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 b/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 deleted file mode 100644 index 8e6aaf28..00000000 --- a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Element Subdomain", - "description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)", - "spec": [ - { - "question_name": "Set Element Subdomain", - "question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_element_subdomain }}", - "choices": "", - "new_question": true, - "variable": "awx_element_subdomain", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_email_relay.json.j2 b/roles/matrix-awx/surveys/configure_email_relay.json.j2 deleted file mode 100644 index 65c21a94..00000000 --- a/roles/matrix-awx/surveys/configure_email_relay.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "Configure Email Relay", - "description": "Enable MailGun relay to increase verification email reliability.", - "spec": [ - { - "question_name": "Enable Email Relay", - "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_mailer_relay_use | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_mailer_relay_use", - "type": "multiplechoice" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_jitsi.json.j2 b/roles/matrix-awx/surveys/configure_jitsi.json.j2 deleted file mode 100755 index 9cb3044d..00000000 --- a/roles/matrix-awx/surveys/configure_jitsi.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "Configure Jitsi", - "description": "Configure Jitsi conferencing settings.", - "spec": [ - { - "question_name": "Enable Jitsi", - "question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_jitsi_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_jitsi_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Default Language", - "question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes", - "required": false, - "min": 0, - "max": 2, - "default": "{{ matrix_jitsi_web_config_defaultLanguage }}", - "choices": "", - "new_question": true, - "variable": "matrix_jitsi_web_config_defaultLanguage", - "type": "text" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 deleted file mode 100644 index 055e817c..00000000 --- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 +++ /dev/null @@ -1,41 +0,0 @@ -{ - "name": "Configure ma1sd", - "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.", - "spec": [ - { - "question_name": "Enable ma1sd", - "question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_ma1sd_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_ma1sd_enabled", - "type": "multiplechoice" - }, - { - "question_name": "ma1sd Authentication Mode", - "question_description": "Set the source of user account authentication credentials with the ma1sd.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_matrix_ma1sd_auth_store }}", - "choices": "Synapse Internal\nLDAP/AD", - "new_question": true, - "variable": "awx_matrix_ma1sd_auth_store", - "type": "multiplechoice" - }, - { - "question_name": "LDAP/AD Configuration", - "question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }}, - "new_question": true, - "variable": "awx_matrix_ma1sd_configuration_extension_yaml", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 deleted file mode 100755 index 7a4e711d..00000000 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ /dev/null @@ -1,198 +0,0 @@ -{ - "name": "Configure Synapse", - "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.", - "spec": [ - { - "question_name": "Enable Public Registration", - "question_description": "Controls whether people with access to the homeserver can register by themselves.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_registration | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_registration", - "type": "multiplechoice" - }, - { - "question_name": "Enable Federation", - "question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_federation_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_federation_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Allow Public Rooms Over Federation", - "question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_public_rooms_over_federation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Community Creation", - "question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_group_creation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_group_creation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Synapse Presence", - "question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_presence_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_presence_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable URL Previews", - "question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_url_preview_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable Guest Access", - "question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_guest_access | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_guest_access", - "type": "multiplechoice" - }, - { - "question_name": "Registration Requires Email", - "question_description": "Controls whether an email address is required to register on the server.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_registrations_require_3pid | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_registrations_require_3pid", - "type": "multiplechoice" - }, - { - "question_name": "Registration Shared Secret", - "question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_matrix_synapse_registration_shared_secret", - "type": "password" - }, - { - "question_name": "Synapse Max Upload Size", - "question_description": "Sets the maximum size for uploaded files in MB.", - "required": false, - "min": 0, - "max": 3, - "default": "{{ matrix_synapse_max_upload_size_mb }}", - "choices": "", - "new_question": true, - "variable": "awx_synapse_max_upload_size_mb", - "type": "text" - }, - { - "question_name": "URL Preview Languages", - "question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_url_preview_accept_language_default | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_url_preview_accept_language", - "type": "textarea" - }, - { - "question_name": "Federation Whitelist", - "question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_federation_whitelist | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_federation_whitelist", - "type": "textarea" - }, - { - "question_name": "Synapse Auto-Join Rooms", - "question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_synapse_auto_join_rooms | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_synapse_auto_join_rooms", - "type": "textarea" - }, - { - "question_name": "Enable ReCaptcha on Registration", - "question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_enable_registration_captcha | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_enable_registration_captcha", - "type": "multiplechoice" - }, - { - "question_name": "Recaptcha Public Key", - "question_description": "Sets the Google ReCaptcha public key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_public_key", - "type": "text" - }, - { - "question_name": "Recaptcha Private Key", - "question_description": "Sets the Google ReCaptcha private key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_private_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_private_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 deleted file mode 100644 index 8845b83a..00000000 --- a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Synapse Admin", - "description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.", - "spec": [ - { - "question_name": "Enable Synapse Admin", - "question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_admin_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_admin_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 b/roles/matrix-awx/surveys/configure_website_access_export.json.j2 deleted file mode 100755 index d35fb839..00000000 --- a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Configure Website Access Backup", - "description": "Configure base domain website settings and access the services backup.", - "spec": [ - { - "question_name": "Customise Base Domain Website", - "question_description": "Set if you want to adjust the base domain website using SFTP.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_customise_base_domain_website | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_customise_base_domain_website", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml deleted file mode 100644 index d33f0f70..00000000 --- a/roles/matrix-awx/tasks/backup_server.yml +++ /dev/null @@ -1,100 +0,0 @@ - -- name: Record Backup Server variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# AWX Settings Start' - with_dict: - 'awx_backup_enabled': '{{ awx_backup_enabled }}' - tags: use-survey - -- name: Save new 'Backup Server' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/backup_server.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - tags: use-survey - -- name: Copy new 'Backup Server' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - dest: '/matrix/awx/backup_server.json' - mode: '0660' - tags: use-survey - -- name: Recreate 'Backup Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Backup Server" - description: "Performs a backup of the entire service to a remote location." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "backup-server,use-survey" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - tags: use-survey - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - tags: use-survey - -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - borgmatic -c /root/.config/borgmatic/config_1.yaml - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - register: _create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - when: awx_backup_enabled|bool - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: _jobs - until: _jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ _create_instances.results }}" - when: awx_backup_enabled|bool - -- name: Perform borg backup of postgres dump - command: borgmatic -c /root/.config/borgmatic/config_2.yaml - when: awx_backup_enabled|bool - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml deleted file mode 100644 index a34b3792..00000000 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ /dev/null @@ -1,12 +0,0 @@ - -- name: Collect current datetime - set_fact: - awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" - -- name: Create cached matrix_vars.yml file location - set_fact: - awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' - -- name: Create cached matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml deleted file mode 100644 index 9f22a37e..00000000 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ /dev/null @@ -1,10 +0,0 @@ - -- name: Create a AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: present - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_master_token }}" - register: awx_session_token - no_log: True diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml deleted file mode 100755 index fefec426..00000000 --- a/roles/matrix-awx/tasks/create_user.yml +++ /dev/null @@ -1,40 +0,0 @@ -# -# Create user and define if they are admin -# -# /usr/local/bin/matrix-synapse-register-user -# - -- name: Set admin bool to zero - set_fact: - awx_admin_bool: 0 - when: awx_admin_access == 'false' - -- name: Examine if server admin set - set_fact: - awx_admin_bool: 1 - when: awx_admin_access == 'true' - -- name: Create user account - command: | - /usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }} - register: awx_cmd_output - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: Result - debug: msg="{{ awx_cmd_output.stdout }}" - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml deleted file mode 100755 index c9b96026..00000000 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ /dev/null @@ -1,267 +0,0 @@ ---- - -- name: Enable index.html creation if user doesn't wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' - when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool - -- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' - when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"' - 'awx_sftp_password': '"{{ awx_sftp_password }}"' - 'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"' - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}' - when: awx_customise_base_domain_website is defined - -- name: Reload vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: True - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - when: awx_customise_base_domain_website is defined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is defined - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - when: awx_customise_base_domain_website is undefined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is undefined - -- name: Recreate 'Configure Website + Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" - description: "Configure base domain website settings and access the servers export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: awx_customise_base_domain_website is defined - -- name: Recreate 'Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Access Export" - description: "Access the services export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: awx_customise_base_domain_website is undefined - -- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: '*' - update_password: always - when: awx_sftp_password|length == 0 - -- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: "{{ awx_sftp_password | password_hash('sha512') }}" - update_password: always - when: awx_sftp_password|length > 0 - -- name: Ensure group "sftp" exists - group: - name: sftp - state: present - -- name: adding existing user 'sftp' to group matrix - user: - name: sftp - groups: sftp - append: yes - when: awx_customise_base_domain_website is defined - -- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) - file: - path: /chroot - state: directory - owner: root - group: root - mode: '1755' - -- name: Ensure /chroot/website location exists. - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Ensure /chroot/export location exists - file: - path: /chroot/export - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/.ssh location exists - file: - path: /home/sftp/.ssh - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/authorized_keys exists - file: - path: /home/sftp/.ssh/authorized_keys - state: touch - owner: sftp - group: sftp - mode: '0644' - -- name: Clear authorized_keys file - shell: echo "" > /home/sftp/.ssh/authorized_keys - -- name: Insert public SSH key into authorized_keys file - lineinfile: - path: /home/sftp/.ssh/authorized_keys - line: "{{ awx_sftp_public_key }}" - owner: sftp - group: sftp - mode: '0644' - when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - -- name: Remove any existing Subsystem lines - lineinfile: - path: /etc/ssh/sshd_config - state: absent - regexp: '^Subsystem' - -- name: Set SSH Subsystem State - lineinfile: - path: /etc/ssh/sshd_config - insertafter: "^# override default of no subsystems" - line: "Subsystem sftp internal-sftp" - -- name: Add SSH Match User section for disabled auth - blockinfile: - path: /etc/ssh/sshd_config - state: absent - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "Disabled" - -- name: Add SSH Match User section for password auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - when: awx_sftp_auth_method == "Password" - -- name: Add SSH Match User section for publickey auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "SSH Key" - -- name: Restart service ssh.service - service: - name: ssh.service - state: restarted diff --git a/roles/matrix-awx/tasks/delete_session_token.yml b/roles/matrix-awx/tasks/delete_session_token.yml deleted file mode 100644 index a6a52e48..00000000 --- a/roles/matrix-awx/tasks/delete_session_token.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml deleted file mode 100644 index d779028e..00000000 --- a/roles/matrix-awx/tasks/export_server.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 - register: awx_create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: awx_jobs - until: awx_jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ awx_create_instances.results }}" - -- name: Schedule deletion of the export in 24 hours - at: - command: rm /chroot/export/matrix* - count: 1 - units: days - unique: yes - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml deleted file mode 100644 index b2154c7a..00000000 --- a/roles/matrix-awx/tasks/import_awx.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Ensure correct ownership of /matrix/awx - shell: chown -R matrix:matrix /matrix/awx - -- name: Ensure correct ownership of /matrix/synapse - shell: chown -R matrix:matrix /matrix/synapse diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml deleted file mode 100644 index 69b2aac8..00000000 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include vars in organisation.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: True - -- name: Include vars in hosting_vars.yml - include_vars: - file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: True - -- name: Include AWX master token from awx_tokens.yml - include_vars: - file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: True diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml deleted file mode 100755 index 34754efb..00000000 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include new vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: True - -- name: If include_vars succeeds overwrite the old matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml deleted file mode 100755 index ceb697ec..00000000 --- a/roles/matrix-awx/tasks/main.yml +++ /dev/null @@ -1,216 +0,0 @@ - -# Load initial hosting and organisation variables from AWX volume -- include_tasks: - file: "load_hosting_and_org_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Renames the variables if needed -- include_tasks: - file: "rename_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Create AWX session token -- include_tasks: - file: "create_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Perform a backup of the server -- include_tasks: - file: "backup_server.yml" - apply: - tags: backup-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - backup-server - -# Perform a export of the server -- include_tasks: - file: "export_server.yml" - apply: - tags: export-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - export-server - -# Create a user account if called -- include_tasks: - file: "create_user.yml" - apply: - tags: create-user - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - create-user - -# Purge local/remote media if called -- include_tasks: - file: "purge_media_main.yml" - apply: - tags: purge-media - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-media - -# Purge Synapse database if called -- include_tasks: - file: "purge_database_main.yml" - apply: - tags: purge-database - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-database - -# Rotate SSH key if called -- include_tasks: - file: "rotate_ssh.yml" - apply: - tags: rotate-ssh - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - rotate-ssh - -# Import configs, media repo from /chroot/backup import -- include_tasks: - file: "import_awx.yml" - apply: - tags: import-awx - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - import-awx - -# Perform extra self-check functions -- include_tasks: - file: "self_check.yml" - apply: - tags: self-check - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - self-check - -# Create cached matrix_vars.yml file -- include_tasks: - file: "cache_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Configure SFTP so user can upload a static website or access the servers export -- include_tasks: - file: "customise_website_access_export.yml" - apply: - tags: setup-nginx-proxy - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-nginx-proxy - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element.yml" - apply: - tags: setup-client-element - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element - -# Additional playbook to set the variable file during Mailer configuration -- include_tasks: - file: "set_variables_mailer.yml" - apply: - tags: setup-mailer - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-mailer - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element_subdomain.yml" - apply: - tags: setup-client-element-subdomain - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element-subdomain - -# Additional playbook to set the variable file during Synapse configuration -- include_tasks: - file: "set_variables_synapse.yml" - apply: - tags: setup-synapse - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse - -# Additional playbook to set the variable file during Jitsi configuration -- include_tasks: - file: "set_variables_jitsi.yml" - apply: - tags: setup-jitsi - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-jitsi - -# Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: - file: "set_variables_ma1sd.yml" - apply: - tags: setup-ma1sd - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-ma1sd - -# Additional playbook to set the variable file during Corporal configuration -- include_tasks: - file: "set_variables_corporal.yml" - apply: - tags: setup-corporal - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-corporal - -# Additional playbook to set the variable file during Dimension configuration -- include_tasks: - file: "set_variables_dimension.yml" - apply: - tags: setup-dimension - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-dimension - -# Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: - file: "set_variables_synapse_admin.yml" - apply: - tags: setup-synapse-admin - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse-admin - -# Delete AWX session token -- include_tasks: - file: "delete_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Load newly formed matrix variables from AWX volume -- include_tasks: - file: "load_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always diff --git a/roles/matrix-awx/tasks/purge_database_build_list.yml b/roles/matrix-awx/tasks/purge_database_build_list.yml deleted file mode 100644 index 5ca57d22..00000000 --- a/roles/matrix-awx/tasks/purge_database_build_list.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Collect entire room list into stdout - shell: | - curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}' - register: awx_rooms_output - -- name: Print stdout to file - delegate_to: 127.0.0.1 - shell: | - echo '{{ awx_rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json diff --git a/roles/matrix-awx/tasks/purge_database_events.yml b/roles/matrix-awx/tasks/purge_database_events.yml deleted file mode 100644 index aaef3cba..00000000 --- a/roles/matrix-awx/tasks/purge_database_events.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N events - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml deleted file mode 100644 index c64a54dd..00000000 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ /dev/null @@ -1,320 +0,0 @@ ---- - -- name: Ensure dateutils and curl is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect before shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_before_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_synapse_container_ip - -- name: Collect access token for janitor user - shell: | - curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_janitors_token - no_log: True - -- name: Copy build_room_list.py script to target machine - copy: - src: ./roles/matrix-awx/scripts/matrix_build_room_list.py - dest: /usr/local/bin/matrix_build_room_list.py - owner: matrix - group: matrix - mode: '0755' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Run build_room_list.py script - shell: | - runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} - register: awx_rooms_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Fetch complete room list from target machine - fetch: - src: /tmp/room_list_complete.json - dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: yes - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Remove complete room list from target machine - file: - path: /tmp/room_list_complete.json - state: absent - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Generate list of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Count number of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }' - register: awx_rooms_no_local_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Setting host fact awx_room_list_no_local_users - set_fact: - awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: True - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Purge all rooms with no local users - include_tasks: awx_purge_database_no_local.yml - loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Collect epoche time from date - delegate_to: 127.0.0.1 - shell: | - date -d '{{ awx_purge_date }}' +"%s" - when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_purge_epoche_time - -- name: Generate list of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Count number of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }' - register: awx_rooms_join_members_total - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Setting host fact awx_room_list_joined_members - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: True - -- name: Purge all rooms with more then N users - include_tasks: awx_purge_database_users.yml - loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Generate list of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Count number of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }' - register: awx_rooms_state_events_total - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Setting host fact awx_room_list_state_events - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: True - -- name: Purge all rooms with more then N events - include_tasks: awx_purge_database_events.yml - loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "rust-synapse-compress-state" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Execute rust-synapse-compress-state job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Ensure matrix-synapse is stopped - service: - name: matrix-synapse - state: stopped - daemon_reload: yes - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Re-index Synapse database - shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse' - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Ensure matrix-synapse is started - service: - name: matrix-synapse - state: started - daemon_reload: yes - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "run-postgres-vacuum,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Execute run-postgres-vacuum job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: yes - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Cleanup room_list files - delegate_to: 127.0.0.1 - shell: | - rm /tmp/{{ subscription_id }}_room_list* - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: yes - -- name: Collect after shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_after_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: True - -- name: Print total number of rooms processed - debug: - msg: '{{ awx_rooms_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with no local users - debug: - msg: '{{ awx_rooms_no_local_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with more then N users - debug: - msg: '{{ awx_rooms_join_members_total.stdout }}' - when: awx_purge_mode.find("Number of users") != -1 - -- name: Print the number of rooms purged with more then N events - debug: - msg: '{{ awx_rooms_state_events_total.stdout }}' - when: awx_purge_mode.find("Number of events") != -1 - -- name: Print before purge size of Synapse database - debug: - msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}" - when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 ) - -- name: Print after purge size of Synapse database - debug: - msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}" - when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_database_no_local.yml b/roles/matrix-awx/tasks/purge_database_no_local.yml deleted file mode 100644 index 33f99c49..00000000 --- a/roles/matrix-awx/tasks/purge_database_no_local.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with no local users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_users.yml b/roles/matrix-awx/tasks/purge_database_users.yml deleted file mode 100644 index 1c8da14d..00000000 --- a/roles/matrix-awx/tasks/purge_database_users.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml deleted file mode 100644 index 2074d5d8..00000000 --- a/roles/matrix-awx/tasks/purge_media_local.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge local media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml deleted file mode 100644 index 9c5f6bfb..00000000 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ /dev/null @@ -1,108 +0,0 @@ - -- name: Ensure dateutils is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - register: awx_synapse_container_ip - -- name: Collect access token for janitor user - shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' - register: awx_janitors_token - no_log: True - -- name: Generate list of dates to purge to - delegate_to: 127.0.0.1 - shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" - register: awx_purge_dates - -- name: Calculate initial size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_before - when: awx_purge_media_type == "Local Media" - ignore_errors: yes - no_log: True - -- name: Calculate initial size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_before - when: awx_purge_media_type == "Remote Media" - ignore_errors: yes - no_log: True - -- name: Purge local media with loop - include_tasks: purge_media_local.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Local Media" - -- name: Purge remote media with loop - include_tasks: purge_media_remote.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Remote Media" - -- name: Calculate final size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_after - when: awx_purge_media_type == "Local Media" - ignore_errors: yes - no_log: True - -- name: Calculate final size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_after - when: awx_purge_media_type == "Remote Media" - ignore_errors: yes - no_log: True - -- name: Print size of local media repository before purge - debug: - msg: "{{ awx_local_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of local media repository after purge - debug: - msg: "{{ awx_local_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of remote media repository before purge - debug: - msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Print size of remote media repository after purge - debug: - msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml deleted file mode 100644 index 1418d9a6..00000000 --- a/roles/matrix-awx/tasks/purge_media_remote.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge remote media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/rename_variables.yml b/roles/matrix-awx/tasks/rename_variables.yml deleted file mode 100644 index e664325f..00000000 --- a/roles/matrix-awx/tasks/rename_variables.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- name: Rename synapse presence variable - delegate_to: 127.0.0.1 - replace: - path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - regexp: 'matrix_synapse_use_presence' - replace: 'matrix_synapse_presence_enabled' diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml deleted file mode 100644 index 9596f504..00000000 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Set the new authorized key taken from file - authorized_key: - user: root - state: present - exclusive: yes - key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml deleted file mode 100644 index 510b9f9e..00000000 --- a/roles/matrix-awx/tasks/self_check.yml +++ /dev/null @@ -1,106 +0,0 @@ ---- - -- name: Install prerequisite apt packages on target - apt: - name: - - sysstat - - curl - state: present - -- name: Install prerequisite yum packages on AWX - delegate_to: 127.0.0.1 - yum: - name: - - bind-utils - state: present - -- name: Install prerequisite pip packages on AWX - delegate_to: 127.0.0.1 - pip: - name: - - dnspython - state: present - -- name: Calculate MAU value - shell: | - curl -s localhost:9000 | grep "^synapse_admin_mau_current " - register: awx_mau_stat - no_log: True - -- name: Calculate CPU usage statistics - shell: iostat -c - register: awx_cpu_usage_stat - no_log: True - -- name: Calculate RAM usage statistics - shell: free -mh - register: awx_ram_usage_stat - no_log: True - -- name: Calculate free disk space - shell: df -h - register: awx_disk_space_stat - no_log: True - -- name: Calculate size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_stat - no_log: True - -- name: Calculate size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_stat - ignore_errors: yes - no_log: True - -- name: Calculate size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_stat - ignore_errors: yes - no_log: True - -- name: Calculate docker container statistics - shell: docker stats --all --no-stream - register: awx_docker_stats - ignore_errors: yes - no_log: True - -- name: Print size of remote media repository - debug: - msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" - when: awx_remote_media_size_stat is defined - -- name: Print size of local media repository - debug: - msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" - when: awx_local_media_size_stat is defined - -- name: Print size of Synapse database - debug: - msg: "{{ awx_db_size_stat.stdout.split('\n') }}" - when: awx_db_size_stat is defined - -- name: Print free disk space - debug: - msg: "{{ awx_disk_space_stat.stdout.split('\n') }}" - when: awx_disk_space_stat is defined - -- name: Print RAM usage statistics - debug: - msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}" - when: awx_ram_usage_stat is defined - -- name: Print CPU usage statistics - debug: - msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}" - when: awx_cpu_usage_stat is defined - -- name: Print MAU value - debug: - msg: "{{ awx_mau_stat.stdout.split('\n') }}" - when: awx_mau_stat is defined - -- name: Print docker container statistics - debug: - msg: "{{ awx_docker_stats.stdout.split('\n') }}" - when: awx_docker_stats is defined diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml deleted file mode 100755 index 3558f717..00000000 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ /dev/null @@ -1,241 +0,0 @@ ---- - -- name: Record Corporal Enabled/Disabled variable - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - -- name: Enable Shared Secret Auth if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Shared Secret Auth if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Enable Rest Auth Endpoint if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Rest Auth Endpoint if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Disable Corporal API if Simple Static File mode selected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'false' - when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) - -- name: Enable Corporal API if Push/Pull mode delected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'true' - when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) - -- name: Record Corporal API Access Token if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'awx_corporal_http_api_auth_token': '{{ awx_corporal_http_api_auth_token }}' - when: awx_corporal_http_api_auth_token|length > 0 - -- name: Record 'Simple Static File' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "static_file", - "Path": "/etc/matrix-corporal/corporal-policy.json" - } - when: awx_corporal_policy_provider_mode == "Simple Static File" - -- name: Touch the /matrix/corporal/ directory - file: - path: "/matrix/corporal/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/config/ directory - file: - path: "/matrix/corporal/config/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/cache/ directory - file: - path: "/matrix/corporal/cache/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the corporal-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/corporal-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Touch the last-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/last-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Record 'Simple Static File' configuration content in corporal-policy.json - copy: - content: "{{ awx_corporal_simple_static_config | string }}" - dest: "/matrix/corporal/config/corporal-policy.json" - owner: matrix - group: matrix - mode: '660' - when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0) - -- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "http", - "Uri": "{{ awx_corporal_pull_mode_uri }}", - "AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}", - "CachePath": "/var/cache/matrix-corporal/last-policy.json", - "ReloadIntervalSeconds": 1800, - "TimeoutMilliseconds": 30000 - } - when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0) - -- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "last_seen_store_policy", - "CachePath": "/var/cache/matrix-corporal/last-policy.json" - } - when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)") - -- name: Lower RateLimit if set to 'Normal' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - when: awx_corporal_raise_ratelimits == "Normal" - -- name: Raise RateLimit if set to 'Raised' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - when: awx_corporal_raise_ratelimits == "Raised" - -- name: Save new 'Configure Corporal' survey.json to the AWX tower - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_corporal.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - -- name: Copy new 'Configure Corporal' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - dest: '/matrix/awx/configure_corporal.json' - mode: '0660' - -- debug: - msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}" - -- debug: - msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}" - -- debug: - msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}" - -- debug: - msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" - -- name: Recreate 'Configure Corporal (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" - description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-corporal" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml deleted file mode 100644 index d5e51c6b..00000000 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: True - -- name: Install jq and curl on remote machine - apt: - name: - - jq - - curl - state: present - -- name: Collect access token of Dimension user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' - register: awx_dimension_user_access_token - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Dimension Settings Start' - with_dict: - 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' - 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"' - -- name: Set final users list if users are defined - set_fact: - awx_dimension_users_final: "{{ awx_dimension_users }}" - when: awx_dimension_users | length > 0 - -- name: Set final users list if no users are defined - set_fact: - awx_dimension_users_final: '@dimension:{{ matrix_domain }}' - when: awx_dimension_users | length == 0 - -- name: Remove Dimension Users - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - .*\n' - after: 'matrix_dimension_admins:' - before: '# Dimension Settings End' - -- name: Set Dimension Users Header - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: '# Dimension Settings End' - line: "matrix_dimension_admins:" - -- name: Set Dimension Users - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_dimension_admins:' - line: ' - "{{ item }}"' - with_items: "{{ awx_dimension_users_final.splitlines() }}" - -- name: Record Dimension Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Dimension Settings End' - with_dict: - 'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}' - -- name: Save new 'Configure Dimension' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' - -- name: Copy new 'Configure Dimension' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' - mode: '0660' - -- name: Recreate 'Configure Dimension' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Dimension" - description: "Configure Dimension, the self-hosted integrations server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-dimension" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml deleted file mode 100755 index 491c91b3..00000000 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ /dev/null @@ -1,180 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' - 'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}' - 'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}' - 'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}' - 'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}' - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}' - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}' - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}' - -- name: Record Element-Web custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertbefore: '# Element Settings End' - with_dict: - 'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}' - 'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}' - -- name: Set Element-Web custom branding locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_brand': "{{ matrix_client_element_brand }}" - when: matrix_client_element_brand | trim | length > 0 - -- name: Remove Element-Web custom branding locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_brand: " - state: absent - when: matrix_client_element_brand | trim | length == 0 - -- name: Set fact for 'https' string - set_fact: - awx_https_string: "https" - -- name: Set Element-Web custom logo locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}' - when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 ) - -- name: Remove Element-Web custom logo locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo: " - state: absent - when: matrix_client_element_welcome_logo | trim | length == 0 - -- name: Set Element-Web custom logo link locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}' - when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 ) - -- name: Remove Element-Web custom logo link locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo_link: " - state: absent - when: matrix_client_element_welcome_logo_link | trim | length == 0 - -- name: Set Element-Web custom headline locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}' - when: awx_matrix_client_element_welcome_headline | trim | length > 0 - -- name: Remove Element-Web custom headline locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_headline: " - state: absent - when: awx_matrix_client_element_welcome_headline | trim | length == 0 - -- name: Set Element-Web custom text locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}' - when: awx_matrix_client_element_welcome_text | trim | length > 0 - -- name: Remove Element-Web custom text locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_text: " - state: absent - when: awx_matrix_client_element_welcome_text | trim | length == 0 - -- name: Set Element-Web background locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0 - -- name: Remove Element-Web background locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: " - state: absent - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0 - -- name: Save new 'Configure Element' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - -- name: Copy new 'Configure Element' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - dest: '/matrix/awx/configure_element.json' - mode: '0660' - -- name: Recreate 'Configure Element' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element" - description: "Configure Element client via survey." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-client-element" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml deleted file mode 100644 index 9e47be16..00000000 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - -- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - -- name: Copy new 'Configure Element Subdomain' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - dest: '/matrix/awx/configure_element_subdomain.json' - mode: '0660' - -- name: Recreate 'Configure Element Subdomain' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" - description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-client-element-subdomain" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml deleted file mode 100755 index 2e8f1f8e..00000000 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Record Jitsi variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Jitsi Settings Start' - with_dict: - 'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' - 'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}' - -- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - -- name: Copy new 'Configure Jitsi' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' - mode: '0660' - -- name: Recreate 'Configure Jitsi' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Jitsi" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-jitsi" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml deleted file mode 100755 index 0f4234f1..00000000 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- - -- name: Record ma1sd variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# ma1sd Settings Start' - with_dict: - 'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' - -- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false' - when: awx_matrix_ma1sd_auth_store == 'Synapse Internal' - -- name: Enable REST auth if using external LDAP/AD with ma1sd - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' - 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"' - when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' - -- name: Remove entire ma1sd configuration extension - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^.*\n' - after: '# Start ma1sd Extension' - before: '# End ma1sd Extension' - -- name: Replace conjoined ma1sd configuration extension limiters - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^# Start ma1sd Extension# End ma1sd Extension' - replace: '# Start ma1sd Extension\n# End ma1sd Extension' - -- name: Insert/Update ma1sd configuration extension variables - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" - insertafter: '# Start ma1sd Extension' - block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}' - -- name: Record ma1sd Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# ma1sd Settings End' - with_dict: - 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' - 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: True - -- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - -- name: Copy new 'Configure ma1sd' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' - mode: '0660' - -- name: Recreate 'Configure ma1sd (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-ma1sd" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes - diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml deleted file mode 100644 index 2ae2d513..00000000 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Mailer variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Email Settings Start' - with_dict: - 'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' - -- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - -- name: Copy new 'Configure Email Relay' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - dest: '/matrix/awx/configure_email_relay.json' - mode: '0660' - -- name: Recreate 'Configure Email Relay' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Email Relay" - description: "Enable MailGun relay to increase verification email reliability." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-mailer" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml deleted file mode 100755 index df6b2798..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ /dev/null @@ -1,222 +0,0 @@ - -- name: Limit max upload size to 200MB part 1 - set_fact: - matrix_synapse_max_upload_size_mb: "200" - when: awx_synapse_max_upload_size_mb | int >= 200 - -- name: Limit max upload size to 200MB part 2 - set_fact: - matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}" - when: awx_synapse_max_upload_size_mb | int < 200 - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' - 'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' - 'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}' - 'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}' - 'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}' - 'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}' - 'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}' - 'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}' - -- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_synapse_auto_join_rooms: .*$" - replace: "matrix_synapse_auto_join_rooms: []" - when: awx_synapse_auto_join_rooms | length == 0 - -- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list - set_fact: - awx_synapse_auto_join_rooms_array: |- - {{ awx_synapse_auto_join_rooms.splitlines() | to_json }} - when: awx_synapse_auto_join_rooms|length > 0 - -- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - "matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}" - when: awx_synapse_auto_join_rooms|length > 0 - -- name: Record Synapse Shared Secret if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}' - when: awx_matrix_synapse_registration_shared_secret | length > 0 - -- name: Record registations_require_3pid extra variable if true - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - with_items: - - " registrations_require_3pid:" - - " - email" - when: awx_registrations_require_3pid | bool - -- name: Remove registrations_require_3pid extra variable if false - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - state: absent - with_items: - - " registrations_require_3pid:" - - " - email" - when: not awx_registrations_require_3pid | bool - -- name: Remove URL Languages - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n' - after: ' url_preview_accept_language:' - before: '# Synapse Extension End' - -- name: Set URL languages default if raw inputs empty - set_fact: - awx_url_preview_accept_language_default: 'en' - when: awx_url_preview_accept_language | length == 0 - -- name: Set URL languages default if raw inputs not empty - set_fact: - awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}" - when: awx_url_preview_accept_language|length > 0 - -- name: Set URL languages if raw inputs empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ awx_url_preview_accept_language_default }}" - when: awx_url_preview_accept_language|length == 0 - -- name: Set URL languages if raw inputs not empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ item }}" - with_items: "{{ awx_url_preview_accept_language.splitlines() }}" - when: awx_url_preview_accept_language | length > 0 - -- name: Remove Federation Whitelisting 1 - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n' - after: ' federation_domain_whitelist:' - before: '# Synapse Extension End' - -- name: Remove Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - line: " federation_domain_whitelist:" - state: absent - -- name: Set Federation Whitelisting 1 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_synapse_configuration_extension_yaml: \|' - line: " federation_domain_whitelist:" - when: awx_federation_whitelist | length > 0 - -- name: Set Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ federation_domain_whitelist:' - line: " - {{ item }}" - with_items: "{{ awx_federation_whitelist.splitlines() }}" - when: awx_federation_whitelist | length > 0 - -- name: Set awx_recaptcha_public_key to a 'public-key' if undefined - set_fact: awx_recaptcha_public_key="public-key" - when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0) - -- name: Set awx_recaptcha_private_key to a 'private-key' if undefined - set_fact: awx_recaptcha_private_key="private-key" - when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0) - -- name: Record Synapse Extension variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Extension End' - with_dict: - ' enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - ' recaptcha_public_key': '{{ awx_recaptcha_public_key }}' - ' recaptcha_private_key': '{{ awx_recaptcha_private_key }}' - -- name: Record Synapse Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Settings End' - with_dict: - 'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}' - 'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}' - 'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - 'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"' - 'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"' - -- name: Save new 'Configure Synapse' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json' - -- name: Copy new 'Configure Synapse' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' - mode: '0660' - -- name: Recreate 'Configure Synapse' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse" - description: "Configure Synapse (homeserver) settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-synapse" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml deleted file mode 100644 index 635befb5..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Synapse Admin variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Admin Settings Start' - with_dict: - 'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' - -- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - -- name: Copy new 'Configure Synapse Admin' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' - mode: '0660' - -- name: Recreate 'Configure Synapse Admin' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" - description: "Configure 'Synapse Admin', a moderation tool to help you manage your server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: yes - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml deleted file mode 100644 index 4dd4f1f6..00000000 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ /dev/null @@ -1,231 +0,0 @@ -# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. -# See: https://github.com/matrix-org/go-neb - -matrix_bot_go_neb_enabled: true -matrix_bot_go_neb_version: latest -matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}" -matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}" - -matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb" -matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config" -matrix_bot_go_neb_config_path_in_container: "/config/config.yaml" -matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data" -matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store" - -# Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:4050"), or empty string to not expose. -matrix_bot_go_neb_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_bot_go_neb_container_extra_arguments: [] - -# List of systemd services that matrix-bot-go-neb.service depends on -matrix_bot_go_neb_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-bot-go-neb.service wants -matrix_bot_go_neb_systemd_wanted_services_list: [] - -# Database-related configuration fields. -# -# MUST be "sqlite3". No other type is supported. -matrix_bot_go_neb_database_engine: 'sqlite3' - -matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db" -matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db" - -matrix_bot_go_neb_storage_database: "{{ - { - 'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'), - }[matrix_bot_go_neb_database_engine] -}}" - -# The bot's username(s). These users need to be created manually beforehand. -# The access tokens that the bot uses to authenticate. -# Generate one as described in -# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token -# via curl. With the element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start) -matrix_bot_go_neb_clients: [] -# - UserID: "@goneb:{{ matrix_domain }}" -# AccessToken: "MDASDASJDIASDJASDAFGFRGER" -# DeviceID: "DEVICE1" -# HomeserverURL: "{{ matrix_homeserver_container_url }}" -# Sync: true -# AutoJoinRooms: true -# DisplayName: "Go-NEB!" -# AcceptVerificationFromUsers: [":{{ matrix_domain }}"] -# -# - UserID: "@another_goneb:{{ matrix_domain }}" -# AccessToken: "MDASDASJDIASDJASDAFGFRGER" -# DeviceID: "DEVICE2" -# HomeserverURL: "{{ matrix_homeserver_container_url }}" -# Sync: false -# AutoJoinRooms: false -# DisplayName: "Go-NEB!" -# AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"] - -# The list of realms which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# See the docs for /configureAuthRealm for the full list of options: -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest -matrix_bot_go_neb_realms: [] -# - ID: "github_realm" -# Type: "github" -# Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs - -# The list of *authenticated* sessions which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# The full list of options are shown below: there is no single HTTP endpoint -# which maps to this section. -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session -matrix_bot_go_neb_sessions: [] -# - SessionID: "your_github_session" -# RealmID: "github_realm" -# UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands -# Config: -# # Populate these fields by generating a "Personal Access Token" on github.com -# AccessToken: "YOUR_GITHUB_ACCESS_TOKEN" -# Scopes: "admin:org_hook,admin:repo_hook,repo,user" - -# The list of services which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# See the docs for /configureService for the full list of options: -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest -matrix_bot_go_neb_services: [] -# - ID: "echo_service" -# Type: "echo" -# UserID: "@goneb:{{ matrix_domain }}" -# Config: {} - -## Can be obtained from https://developers.giphy.com/dashboard/ -# - ID: "giphy_service" -# Type: "giphy" -# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client -# Config: -# api_key: "qwg4672vsuyfsfe" -# use_downsized: false -# -## This service has been dead for over a year :/ -# - ID: "guggy_service" -# Type: "guggy" -# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client -# Config: -# api_key: "2356saaqfhgfe" -# -## API Key via https://developers.google.com/custom-search/v1/introduction -## CX via http://www.google.com/cse/manage/all -## https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python -## 'Search the entire web' and 'Image search' enabled for best results -# - ID: "google_service" -# Type: "google" -# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client -# Config: -# api_key: "AIzaSyA4FD39m9" -# cx: "AIASDFWSRRtrtr" -# -## Get a key via https://api.imgur.com/oauth2/addclient -## Select "oauth2 without callback url" -# - ID: "imgur_service" -# Type: "imgur" -# UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client -# Config: -# client_id: "AIzaSyA4FD39m9" -# client_secret: "somesecret" -# -# - ID: "wikipedia_service" -# Type: "wikipedia" -# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client -# Config: -# -# - ID: "rss_service" -# Type: "rssbot" -# UserID: "@another_goneb:{{ matrix_domain }}" -# Config: -# feeds: -# "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60": -# rooms: ["!qmElAGdFYCHoCJuaNt:localhost"] -# must_include: -# author: -# - author1 -# description: -# - lorem -# - ipsum -# must_not_include: -# title: -# - Lorem -# - Ipsum -# -# - ID: "github_cmd_service" -# Type: "github" -# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client -# Config: -# RealmID: "github_realm" -# -# # Make sure your BASE_URL can be accessed by Github! -# - ID: "github_webhook_service" -# Type: "github-webhook" -# UserID: "@another_goneb:{{ matrix_domain }}" -# Config: -# RealmID: "github_realm" -# ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. -# Rooms: -# "!someroom:id": -# Repos: -# "matrix-org/synapse": -# Events: ["push", "issues"] -# "matrix-org/dendron": -# Events: ["pull_request"] -# "!anotherroom:id": -# Repos: -# "matrix-org/synapse": -# Events: ["push", "issues"] -# "matrix-org/dendron": -# Events: ["pull_request"] -# -# - ID: "slackapi_service" -# Type: "slackapi" -# UserID: "@slackapi:{{ matrix_domain }}" -# Config: -# Hooks: -# "hook1": -# RoomID: "!someroom:id" -# MessageType: "m.text" # default is m.text -# -# - ID: "alertmanager_service" -# Type: "alertmanager" -# UserID: "@alertmanager:{{ matrix_domain }}" -# Config: -# # This is for information purposes only. It should point to Go-NEB path as follows: -# # `/services/hooks/` -# # Where in this case "service ID" is "alertmanager_service" -# # Make sure your BASE_URL can be accessed by the Alertmanager instance! -# webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U" -# # Each room will get the notification with the alert rendered with the given template -# rooms: -# "!someroomid:domain.tld": -# text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}" -# html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}" -# msg_type: "m.text" # Must be either `m.text` or `m.notice` - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_bot_go_neb_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_bot_go_neb_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_bot_go_neb_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_bot_go_neb_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_bot_go_neb_configuration_yaml`. - -matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. -matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml deleted file mode 100644 index 169f5978..00000000 --- a/roles/matrix-bot-go-neb/tasks/init.yml +++ /dev/null @@ -1,3 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" - when: matrix_bot_go_neb_enabled|bool diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/matrix-bot-go-neb/tasks/main.yml deleted file mode 100644 index 1a4fe70a..00000000 --- a/roles/matrix-bot-go-neb/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_go_neb_enabled|bool" - tags: - - setup-all - - setup-bot-go-neb - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_go_neb_enabled|bool" - tags: - - setup-all - - setup-bot-go-neb - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool" - tags: - - setup-all - - setup-bot-go-neb diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml deleted file mode 100644 index e26be080..00000000 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- set_fact: - matrix_bot_go_neb_requires_restart: false - -- name: Ensure go-neb paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_bot_go_neb_config_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_path }}", when: true } - - { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true } - when: "item.when|bool" - -- name: Ensure go-neb image is pulled - docker_image: - name: "{{ matrix_bot_go_neb_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" - -- name: Ensure go-neb config installed - copy: - content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}" - dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-bot-go-neb.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" - mode: 0644 - register: matrix_bot_go_neb_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation - service: - daemon_reload: yes - when: "matrix_bot_go_neb_systemd_service_result.changed|bool" - -- name: Ensure matrix-bot-go-neb.service restarted, if necessary - service: - name: "matrix-bot-go-neb.service" - state: restarted - when: "matrix_bot_go_neb_requires_restart|bool" diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml deleted file mode 100644 index 49ad1fe7..00000000 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-go-neb service - stat: - path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" - register: matrix_bot_go_neb_service_stat - -- name: Ensure matrix-go-neb is stopped - service: - name: matrix-bot-go-neb - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - -- name: Ensure matrix-bot-go-neb.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" - state: absent - when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal - service: - daemon_reload: yes - when: "matrix_bot_go_neb_service_stat.stat.exists|bool" - -- name: Ensure Matrix go-neb paths don't exist - file: - path: "{{ matrix_bot_go_neb_base_path }}" - state: absent - -- name: Ensure go-neb Docker image doesn't exist - docker_image: - name: "{{ matrix_bot_go_neb_docker_image }}" - state: absent diff --git a/roles/matrix-bot-go-neb/tasks/validate_config.yml b/roles/matrix-bot-go-neb/tasks/validate_config.yml deleted file mode 100644 index 7b292250..00000000 --- a/roles/matrix-bot-go-neb/tasks/validate_config.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Fail if there's not at least 1 client - fail: - msg: >- - You need at least 1 client in the matrix_bot_go_neb_clients block. - when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined - -- name: Fail if there's not at least 1 service - fail: - msg: >- - You need at least 1 service in the matrix_bot_go_neb_services block. - when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined diff --git a/roles/matrix-bot-go-neb/templates/config.yaml.j2 b/roles/matrix-bot-go-neb/templates/config.yaml.j2 deleted file mode 100644 index c72dbf8d..00000000 --- a/roles/matrix-bot-go-neb/templates/config.yaml.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# Go-NEB Configuration File -# -# This file provides an alternative way to configure Go-NEB which does not involve HTTP APIs. -# -# This file can be supplied to go-neb by the environment variable `CONFIG_FILE=config.yaml`. -# It will force Go-NEB to operate in "config" mode. This means: -# - Go-NEB will ONLY use the data contained inside this file. -# - All of Go-NEB's /admin HTTP listeners will be disabled. You will be unable to add new services at runtime. -# - The environment variable `DATABASE_URL` will be ignored and an in-memory database will be used instead. -# -# This file is broken down into 4 sections which matches the following HTTP APIs: -# - /configureClient -# - /configureAuthRealm -# - /configureService -# - /requestAuthSession (redirects not supported) - -# The list of clients which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# See the docs for /configureClient for the full list of options: -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig -clients: - {{ matrix_bot_go_neb_clients|to_json }} - -# The list of realms which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# See the docs for /configureAuthRealm for the full list of options: -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest -realms: - {{ matrix_bot_go_neb_realms|to_json }} - -# The list of *authenticated* sessions which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# The full list of options are shown below: there is no single HTTP endpoint -# which maps to this section. -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session -sessions: - {{ matrix_bot_go_neb_sessions|to_json }} - -# The list of services which Go-NEB is aware of. -# Delete or modify this list as appropriate. -# See the docs for /configureService for the full list of options: -# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest -services: - {{ matrix_bot_go_neb_services|to_json }} diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 deleted file mode 100644 index eabf1137..00000000 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Go-NEB bot -{% for service in matrix_bot_go_neb_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_bot_go_neb_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - {% if matrix_bot_go_neb_container_http_host_bind_port %} - -p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \ - {% endif %} - -e 'BIND_ADDRESS=:4050' \ - -e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \ - -e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \ - -e 'CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}' \ - -e 'DATABASE_URL={{ matrix_bot_go_neb_storage_database }}' \ - --mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \ - --mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \ - --entrypoint=/bin/sh \ - {% for arg in matrix_bot_go_neb_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_bot_go_neb_docker_image }} \ - -c "go-neb /config/config.yaml" - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-bot-go-neb - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml deleted file mode 100644 index 3e955673..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ /dev/null @@ -1,97 +0,0 @@ -# matrix-reminder-bot is a bot for one-off and recurring reminders -# See: https://github.com/anoadragon453/matrix-reminder-bot - -matrix_bot_matrix_reminder_bot_enabled: true - -matrix_bot_matrix_reminder_bot_container_self_build: false -matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git" -matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src" - -matrix_bot_matrix_reminder_bot_version: release-v0.2.1 -matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_container_global_registry_prefix }}anoa/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}" -matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}" - -matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot" -matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/config" -matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data" -matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store" - -# A list of extra arguments to pass to the container -matrix_bot_matrix_reminder_bot_container_extra_arguments: [] - -# List of systemd services that matrix-bot-matrix-reminder-bot.service depends on -matrix_bot_matrix_reminder_bot_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-bot-matrix-reminder-bot.service wants -matrix_bot_matrix_reminder_bot_systemd_wanted_services_list: [] - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_bot_matrix_reminder_bot_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_bot_matrix_reminder_bot_database_*` variables -matrix_bot_matrix_reminder_bot_database_engine: 'sqlite' - -matrix_bot_matrix_reminder_bot_sqlite_database_path_local: "{{ matrix_bot_matrix_reminder_bot_data_path }}/bot.db" -matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container: "/data/bot.db" - -matrix_bot_matrix_reminder_bot_database_username: 'matrix_reminder_bot' -matrix_bot_matrix_reminder_bot_database_password: 'some-password' -matrix_bot_matrix_reminder_bot_database_hostname: 'matrix-postgres' -matrix_bot_matrix_reminder_bot_database_port: 5432 -matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot' - -matrix_bot_matrix_reminder_bot_database_connection_string: 'postgres://{{ matrix_bot_matrix_reminder_bot_database_username }}:{{ matrix_bot_matrix_reminder_bot_database_password }}@{{ matrix_bot_matrix_reminder_bot_database_hostname }}:{{ matrix_bot_matrix_reminder_bot_database_port }}/{{ matrix_bot_matrix_reminder_bot_database_name }}' - -matrix_bot_matrix_reminder_bot_storage_database: "{{ - { - 'sqlite': ('sqlite://' + matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container), - 'postgres': matrix_bot_matrix_reminder_bot_database_connection_string, - }[matrix_bot_matrix_reminder_bot_database_engine] -}}" - - -# The bot's username. This user needs to be created manually beforehand. -# Also see `matrix_bot_matrix_reminder_bot_user_password`. -matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: "bot.matrix-reminder-bot" - -matrix_bot_matrix_reminder_bot_matrix_user_id: '@{{ matrix_bot_matrix_reminder_bot_matrix_user_id_localpart }}:{{ matrix_domain }}' - -# The password that the bot uses to authenticate. -matrix_bot_matrix_reminder_bot_matrix_user_password: '' - -matrix_bot_matrix_reminder_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" - -# The timezone to use when creating reminders. -# Examples: 'Europe/London', 'Etc/UTC' -matrix_bot_matrix_reminder_bot_reminders_timezone: '' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_bot_matrix_reminder_bot_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_bot_matrix_reminder_bot_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_bot_matrix_reminder_bot_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_bot_matrix_reminder_bot_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_bot_matrix_reminder_bot_configuration_yaml`. - # - # Example configuration extension follows: - # - # matrix: - # device_name: My-Reminder-Bot - -matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_bot_matrix_reminder_bot_configuration_yaml`. -matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml|from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml deleted file mode 100644 index 7fd12524..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ /dev/null @@ -1,3 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" - when: matrix_bot_matrix_reminder_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml deleted file mode 100644 index fc2afddb..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_matrix_reminder_bot_enabled|bool" - tags: - - setup-all - - setup-bot-matrix-reminder-bot - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_matrix_reminder_bot_enabled|bool" - tags: - - setup-all - - setup-bot-matrix-reminder-bot - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_matrix_reminder_bot_enabled|bool" - tags: - - setup-all - - setup-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml deleted file mode 100644 index dada8167..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- - -- set_fact: - matrix_bot_matrix_reminder_bot_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" - register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" - dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_bot_matrix_reminder_bot_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_bot_matrix_reminder_bot_requires_restart: true - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" - -- name: Ensure matrix-reminder-bot paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true } - - { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} - when: "item.when|bool" - -- name: Ensure matrix-reminder-bot image is pulled - docker_image: - name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" - when: "not matrix_bot_matrix_reminder_bot_container_self_build|bool" - -- name: Ensure matrix-reminder-bot repository is present on self-build - git: - repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}" - dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" - force: "yes" - register: matrix_bot_matrix_reminder_bot_git_pull_results - when: "matrix_bot_matrix_reminder_bot_container_self_build|bool" - -- name: Ensure matrix-reminder-bot image is built - docker_image: - name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" - source: build - force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" - build: - dockerfile: docker/Dockerfile - path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" - pull: yes - when: "matrix_bot_matrix_reminder_bot_container_self_build|bool" - -- name: Ensure matrix-reminder-bot config installed - copy: - content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml }}" - dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-bot-matrix-reminder-bot.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" - mode: 0644 - register: matrix_bot_matrix_reminder_bot_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation - service: - daemon_reload: yes - when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" - -- name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary - service: - name: "matrix-bot-matrix-reminder-bot.service" - state: restarted - when: "matrix_bot_matrix_reminder_bot_requires_restart|bool" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml deleted file mode 100644 index 141e61ba..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-matrix-reminder-bot service - stat: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" - register: matrix_bot_matrix_reminder_bot_service_stat - -- name: Ensure matrix-matrix-reminder-bot is stopped - service: - name: matrix-bot-matrix-reminder-bot - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - -- name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" - state: absent - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal - service: - daemon_reload: yes - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" - -- name: Ensure Matrix matrix-reminder-bot paths don't exist - file: - path: "{{ matrix_bot_matrix_reminder_bot_base_path }}" - state: absent - -- name: Ensure matrix-reminder-bot Docker image doesn't exist - docker_image: - name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" - state: absent diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml deleted file mode 100644 index 983e7166..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_bot_matrix_reminder_bot_matrix_user_password" - - "matrix_bot_matrix_reminder_bot_reminders_timezone" diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 deleted file mode 100644 index 59643958..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 +++ /dev/null @@ -1,50 +0,0 @@ -# The string to prefix bot commands with -command_prefix: "!" - -# Options for connecting to the bot's Matrix account -matrix: - # The Matrix User ID of the bot account - user_id: {{ matrix_bot_matrix_reminder_bot_matrix_user_id|to_json }} - # Matrix account password - user_password: {{ matrix_bot_matrix_reminder_bot_matrix_user_password|to_json }} - # The public URL at which the homeserver's Client-Server API can be accessed - homeserver_url: {{ matrix_bot_matrix_reminder_bot_matrix_homeserver_url }} - # The device ID that is a **non pre-existing** device - # If this device ID already exists, messages will be dropped silently in - # encrypted rooms - device_id: REMINDER - # What to name the logged in device - device_name: Reminder Bot - -storage: - # The database connection string - # For SQLite3, this would look like: - # database: "sqlite://bot.db" - # For Postgres, this would look like: - # database: "postgres://username:password@localhost/dbname?sslmode=disable" - #database: "postgres://matrix-reminder-bot:remindme@localhost/matrix-reminder-bot?sslmode=disable" - database: {{ matrix_bot_matrix_reminder_bot_storage_database|to_json }} - # The path to a directory for internal bot storage - # containing encryption keys, sync tokens, etc. - store_path: "/data/store" - -reminders: - # Uncomment to set a default timezone that will be used when creating reminders. - # If not set, UTC will be used - timezone: {{ matrix_bot_matrix_reminder_bot_reminders_timezone }} - -# Logging setup -logging: - # Logging level - # Allowed levels are 'INFO', 'WARNING', 'ERROR', 'DEBUG' where DEBUG is most verbose - level: INFO - # Configure logging to a file - file_logging: - # Whether logging to a file is enabled - enabled: false - # The path to the file to log to. May be relative or absolute - filepath: /data/bot.log - # Configure logging to the console (stdout/stderr) - console_logging: - # Whether console logging is enabled - enabled: true diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 deleted file mode 100644 index b1fe3c32..00000000 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix reminder bot -{% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_bot_matrix_reminder_bot_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - -e 'TZ={{ matrix_bot_matrix_reminder_bot_reminders_timezone }}' \ - --mount type=bind,src={{ matrix_bot_matrix_reminder_bot_config_path }},dst=/config,ro \ - --mount type=bind,src={{ matrix_bot_matrix_reminder_bot_data_path }},dst=/data \ - --entrypoint=/bin/sh \ - {% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_bot_matrix_reminder_bot_docker_image }} \ - -c "matrix-reminder-bot /config/config.yaml" - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-bot-matrix-reminder-bot - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml deleted file mode 100644 index 6e7331c4..00000000 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ /dev/null @@ -1,60 +0,0 @@ -# A moderation tool for Matrix -# See: https://github.com/matrix-org/mjolnir - -matrix_bot_mjolnir_enabled: true - -matrix_bot_mjolnir_version: "v1.1.20" - -matrix_bot_mjolnir_container_image_self_build: false -matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" - -matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" -matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}" - -matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}" - -matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir" -matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config" -matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data" -matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src" - -# A list of extra arguments to pass to the container -matrix_bot_mjolnir_container_extra_arguments: [] - -# List of systemd services that matrix-bot-mjolnir.service depends on -matrix_bot_mjolnir_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-bot-mjolnir.service wants -matrix_bot_mjolnir_systemd_wanted_services_list: [] - -# The access token for the bot user -matrix_bot_mjolnir_access_token: "" - -# The room ID where people can use the bot. The bot has no access controls, so -# anyone in this room can use the bot - secure your room! -# This should be a room alias or room ID - not a matrix.to URL. -# Note: Mjolnir is fairly verbose - expect a lot of messages from it. -matrix_bot_mjolnir_management_room: "" - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_bot_mjolnir_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_bot_mjolnir_configuration_yaml: "{{ lookup('template', 'templates/production.yaml.j2') }}" - -matrix_bot_mjolnir_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_bot_mjolnir_configuration_yaml`. - -matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration_extension_yaml|from_yaml if matrix_bot_mjolnir_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. -matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" - diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml deleted file mode 100644 index b8ab58f1..00000000 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ /dev/null @@ -1,10 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}" - when: matrix_bot_mjolnir_enabled|bool diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/matrix-bot-mjolnir/tasks/main.yml deleted file mode 100644 index eada8de5..00000000 --- a/roles/matrix-bot-mjolnir/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool" - tags: - - setup-all - - setup-bot-mjolnir - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool" - tags: - - setup-all - - setup-bot-mjolnir - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_mjolnir_enabled|bool" - tags: - - setup-all - - setup-bot-mjolnir diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml deleted file mode 100644 index e770b6d5..00000000 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- - -- set_fact: - matrix_bot_mjolnir_requires_restart: false - -- name: Ensure matrix-bot-mjolnir paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } - - { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" } - when: "item.when|bool" - -- name: Ensure mjolnir Docker image is pulled - docker_image: - name: "{{ matrix_bot_mjolnir_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" - when: "not matrix_bot_mjolnir_container_image_self_build|bool" - -- name: Ensure mjolnir repository is present on self-build - git: - repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}" - dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}" - version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_bot_mjolnir_git_pull_results - when: "matrix_bot_mjolnir_container_image_self_build|bool" - -- name: Ensure mjolnir Docker image is built - docker_image: - name: "{{ matrix_bot_mjolnir_docker_image }}" - source: build - force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" - pull: yes - when: "matrix_bot_mjolnir_container_image_self_build|bool" - -- name: Ensure matrix-bot-mjolnir config installed - copy: - content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml }}" - dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-bot-mjolnir.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" - mode: 0644 - register: matrix_bot_mjolnir_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation - service: - daemon_reload: yes - when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" - -- name: Ensure matrix-bot-mjolnir.service restarted, if necessary - service: - name: "matrix-bot-mjolnir.service" - state: restarted - when: "matrix_bot_mjolnir_requires_restart|bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml deleted file mode 100644 index 7127543e..00000000 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-bot-mjolnir service - stat: - path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" - register: matrix_bot_mjolnir_service_stat - -- name: Ensure matrix-bot-mjolnir is stopped - service: - name: matrix-bot-mjolnir - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - -- name: Ensure matrix-bot-mjolnir.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" - state: absent - when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal - service: - daemon_reload: yes - when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" - -- name: Ensure matrix-bot-mjolnir paths don't exist - file: - path: "{{ matrix_bot_mjolnir_base_path }}" - state: absent - -- name: Ensure mjolnir Docker image doesn't exist - docker_image: - name: "{{ matrix_bot_mjolnir_docker_image }}" - state: absent diff --git a/roles/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/matrix-bot-mjolnir/tasks/validate_config.yml deleted file mode 100644 index cb961baf..00000000 --- a/roles/matrix-bot-mjolnir/tasks/validate_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Fail if required variables are undefined - fail: - msg: "The `{{ item }}` variable must be defined and have a non-null value." - with_items: - - "matrix_bot_mjolnir_access_token" - - "matrix_bot_mjolnir_management_room" - when: "vars[item] == '' or vars[item] is none" diff --git a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/matrix-bot-mjolnir/templates/production.yaml.j2 deleted file mode 100644 index e5eb3aea..00000000 --- a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 +++ /dev/null @@ -1,162 +0,0 @@ -# Where the homeserver is located (client-server URL). This should point at -# pantalaimon if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" - -# The access token for the bot to use. Do not populate if using Pantalaimon. -accessToken: "{{ matrix_bot_mjolnir_access_token }}" - -# Pantalaimon options (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # If true, accessToken above is ignored and the username/password below will be -# # used instead. The access token of the bot will be stored in the dataPath. -# use: false -# -# # The username to login with. -# username: mjolnir -# -# # The password to login with. Can be removed after the bot has logged in once and -# # stored the access token. -# password: your_password - -# The directory the bot should store various bits of information in -dataPath: "/data" - -# If true (the default), only users in the `managementRoom` can invite the bot -# to new rooms. -autojoinOnlyIfManager: true - -# If `autojoinOnlyIfManager` is false, only the members in this group can invite -# the bot to new rooms. -#acceptInvitesFromGroup: '+example:example.org' - -# If the bot is invited to a room and it won't accept the invite (due to the -# conditions above), report it to the management room. Defaults to disabled (no -# reporting). -recordIgnoredInvites: false - -# The room ID where people can use the bot. The bot has no access controls, so -# anyone in this room can use the bot - secure your room! -# This should be a room alias or room ID - not a matrix.to URL. -# Note: Mjolnir is fairly verbose - expect a lot of messages from it. -managementRoom: "{{ matrix_bot_mjolnir_management_room }}" - -# Set to false to make the management room a bit quieter. -verboseLogging: false - -# The log level for the logs themselves. One of DEBUG, INFO, WARN, and ERROR. -# This should be at INFO or DEBUG in order to get support for Mjolnir problems. -logLevel: "INFO" - -# Set to false to disable synchronizing the ban lists on startup. If true, this -# is the same as running !mjolnir sync immediately after startup. -syncOnStartup: true - -# Set to false to prevent Mjolnir from checking its permissions on startup. This -# is recommended to be left as "true" to catch room permission problems (state -# resets, etc) before Mjolnir is needed. -verifyPermissionsOnStartup: true - -# If true, Mjolnir won't actually ban users or apply server ACLs, but will -# think it has. This is useful to see what it does in a scenario where the -# bot might not be trusted fully, yet. Default false (do bans/ACLs). -noop: false - -# Set to true to use /joined_members instead of /state to figure out who is -# in the room. Using /state is preferred because it means that users are -# banned when they are invited instead of just when they join, though if your -# server struggles with /state requests then set this to true. -fasterMembershipChecks: false - -# A case-insensitive list of ban reasons to automatically redact a user's -# messages for. Typically this is useful to avoid having to type two commands -# to the bot. Use asterisks to represent globs (ie: "spam*testing" would match -# "spam for testing" as well as "spamtesting"). -automaticallyRedactForReasons: - - "spam" - - "advertising" - -# A list of rooms to protect (matrix.to URLs) -#protectedRooms: -# - "https://matrix.to/#/#yourroom:example.org" - -# Set this option to true to protect every room the bot is joined to. Note that -# this effectively makes the protectedRooms and associated commands useless because -# the bot by nature must be joined to the room to protect it. -# -# Note: the management room is *excluded* from this condition. Add it to the -# protected rooms to protect it. -# -# Note: ban list rooms the bot is watching but didn't create will not be protected. -# Manually add these rooms to the protected rooms list if you want them protected. -protectAllJoinedRooms: false - -# Misc options for command handling and commands -commands: - # If true, Mjolnir will respond to commands like !help and !ban instead of - # requiring a prefix. This is useful if Mjolnir is the only bot running in - # your management room. - # - # Note that Mjolnir can be pinged by display name instead of having to use - # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" - # will ban a user. - allowNoPrefix: false - - # In addition to the bot's display name, !mjolnir, and optionally no prefix - # above, the bot will respond to these names. The items here can be used either - # as display names or prefixed with exclamation points. - additionalPrefixes: - - "mjolnir_bot" - - # If true, ban commands that use wildcard characters require confirmation with - # an extra `--force` argument - confirmWildcardBan: true - -# Configuration specific to certain toggleable protections -#protections: -# # Configuration for the wordlist plugin, which can ban users based if they say certain -# # blocked words shortly after joining. -# wordlist: -# # A list of words which should be monitored by the bot. These will match if any part -# # of the word is present in the message in any case. e.g. "hello" also matches -# # "HEllO". Additionally, regular expressions can be used. -# words: -# - "CaSe" -# - "InSeNsAtIve" -# - "WoRd" -# - "LiSt" -# -# # How long after a user joins the server should the bot monitor their messages. After -# # this time, users can say words from the wordlist without being banned automatically. -# # Set to zero to disable (users will always be banned if they say a bad word) -# minutesBeforeTrusting: 20 - -# Options for monitoring the health of the bot -health: - # healthz options. These options are best for use in container environments - # like Kubernetes to detect how healthy the service is. The bot will report - # that it is unhealthy until it is able to process user requests. Typically - # this means that it'll flag itself as unhealthy for a number of minutes - # before saying "Now monitoring rooms" and flagging itself healthy. - # - # Health is flagged through HTTP status codes, defined below. - healthz: - # Whether the healthz integration should be enabled (default false) - enabled: false - - # The port to expose the webserver on. Defaults to 8080. - port: 8080 - - # The address to listen for requests on. Defaults to all addresses. - address: "0.0.0.0" - - # The path to expose the monitoring endpoint at. Defaults to `/healthz` - endpoint: "/healthz" - - # The HTTP status code which reports that the bot is healthy/ready to - # process requests. Typically this should not be changed. Defaults to - # 200. - healthyStatus: 200 - - # The HTTP status code which reports that the bot is not healthy/ready. - # Defaults to 418. - unhealthyStatus: 418 diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 deleted file mode 100644 index 0b018f25..00000000 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mjolnir bot -{% for service in matrix_bot_mjolnir_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_bot_mjolnir_systemd_required_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - --mount type=bind,src={{ matrix_bot_mjolnir_config_path }},dst=/data/config,ro \ - --mount type=bind,src={{ matrix_bot_mjolnir_data_path }},dst=/data \ - {% for arg in matrix_bot_mjolnir_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_bot_mjolnir_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-bot-mjolnir - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml deleted file mode 100644 index 9b9284dc..00000000 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ /dev/null @@ -1,110 +0,0 @@ -# matrix-appservice-discord is a Matrix <-> Discord bridge -# See: https://github.com/Half-Shot/matrix-appservice-discord - -matrix_appservice_discord_enabled: true - -matrix_appservice_discord_version: v1.0.0 -matrix_appservice_discord_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" -matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" - -matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord" -matrix_appservice_discord_config_path: "{{ matrix_base_data_path }}/appservice-discord/config" -matrix_appservice_discord_data_path: "{{ matrix_base_data_path }}/appservice-discord/data" - -# Get your own keys at https://discordapp.com/developers/applications/me/create -matrix_appservice_discord_client_id: '' -matrix_appservice_discord_bot_token: '' - -matrix_appservice_discord_appservice_token: '' -matrix_appservice_discord_homeserver_token: '' - -matrix_appservice_discord_homeserver_domain: "{{ matrix_domain }}" - -# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9005 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9005"), or empty string to not expose. -matrix_appservice_discord_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_appservice_discord_container_extra_arguments: [] - -# List of systemd services that matrix-appservice-discord.service depends on. -matrix_appservice_discord_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-appservice-discord.service wants -matrix_appservice_discord_systemd_wanted_services_list: [] - -matrix_appservice_discord_appservice_url: 'http://matrix-appservice-discord:9005' - -matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}" -# As of right now, the homeserver URL must be a public URL. See below. -matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" -matrix_appservice_discord_bridge_disablePresence: false -matrix_appservice_discord_bridge_enableSelfServiceBridging: false - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables -matrix_appservice_discord_database_engine: 'sqlite' - -matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db" -matrix_appservice_discord_sqlite_database_path_in_container: "/data/discord.db" - -matrix_appservice_discord_database_username: 'matrix_appservice_discord' -matrix_appservice_discord_database_password: 'some-password' -matrix_appservice_discord_database_hostname: 'matrix-postgres' -matrix_appservice_discord_database_port: 5432 -matrix_appservice_discord_database_name: 'matrix_appservice_discord' - -# These 2 variables are what actually ends up in the bridge configuration. -# It's best if you don't change them directly, but rather redefine the sub-variables that constitute them. -matrix_appservice_discord_database_filename: "{{ matrix_appservice_discord_sqlite_database_path_in_container }}" -matrix_appservice_discord_database_connString: 'postgresql://{{ matrix_appservice_discord_database_username }}:{{ matrix_appservice_discord_database_password }}@{{ matrix_appservice_discord_database_hostname }}:{{ matrix_appservice_discord_database_port }}/{{ matrix_appservice_discord_database_name }}' - - -# Tells whether the bot should make use of "Privileged Gateway Intents". -# -# Enabling this means that you need to enable it for the bot (Discord application) as well, -# by triggering all Intent checkboxes on a page like this: `https://discord.com/developers/applications/694448564151123988/bot` -# -# Learn more: https://gist.github.com/advaith1/e69bcc1cdd6d0087322734451f15aa2f -matrix_appservice_discord_auth_usePrivilegedIntents: false - -matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_appservice_discord_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_appservice_discord_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_appservice_discord_configuration_yaml`. - -matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" - -matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" - -matrix_appservice_discord_registration_yaml: | - #jinja2: lstrip_blocks: "True" - id: appservice-discord - as_token: "{{ matrix_appservice_discord_appservice_token }}" - hs_token: "{{ matrix_appservice_discord_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '@_discord_.*:{{ matrix_appservice_discord_homeserver_domain|regex_escape }}' - aliases: - - exclusive: true - regex: '#_discord_.*:{{ matrix_appservice_discord_homeserver_domain|regex_escape }}' - url: {{ matrix_appservice_discord_appservice_url }} - sender_localpart: _discord_bot - rate_limited: false - protocols: - - discord - -matrix_appservice_discord_registration: "{{ matrix_appservice_discord_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml deleted file mode 100644 index ef64e78a..00000000 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ /dev/null @@ -1,24 +0,0 @@ -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. - when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}" - when: matrix_appservice_discord_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-discord-registration.yaml"] }} - when: matrix_appservice_discord_enabled|bool diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml deleted file mode 100644 index bad5e320..00000000 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_discord_enabled|bool" - tags: - - setup-all - - setup-appservice-discord - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_discord_enabled|bool" - tags: - - setup-all - - setup-appservice-discord - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_discord_enabled|bool" - tags: - - setup-all - - setup-appservice-discord diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml deleted file mode 100644 index 6d3fdd0f..00000000 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- - -- set_fact: - matrix_appservice_discord_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_appservice_discord_sqlite_database_path_local }}" - register: matrix_appservice_discord_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" - dst: "{{ matrix_appservice_discord_database_connString }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_appservice_discord_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-appservice-discord.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_appservice_discord_requires_restart: true - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_appservice_discord_database_engine == 'postgres'" - -- name: Ensure Appservice Discord image is pulled - docker_image: - name: "{{ matrix_appservice_discord_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" - -- name: Ensure AppService Discord paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_appservice_discord_base_path }}" - - "{{ matrix_appservice_discord_config_path }}" - - "{{ matrix_appservice_discord_data_path }}" - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_appservice_discord_base_path }}/discord.db" - register: matrix_appservice_discord_stat_db - -- name: (Data relocation) Ensure matrix-appservice-discord.service is stopped - service: - name: matrix-appservice-discord - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_appservice_discord_stat_db.stat.exists" - -- name: (Data relocation) Move AppService Discord discord.db file to ./data directory - command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}" - with_items: - - discord.db - - user-store.db - - room-store.db - when: "matrix_appservice_discord_stat_db.stat.exists" - -- name: Ensure AppService Discord config.yaml installed - copy: - content: "{{ matrix_appservice_discord_configuration|to_nice_yaml }}" - dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure AppService Discord registration.yaml installed - copy: - content: "{{ matrix_appservice_discord_registration|to_nice_yaml }}" - dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -# If `matrix_appservice_discord_client_id` hasn't changed, the same invite link would be generated. -# We intentionally suppress Ansible changes. -- name: Generate AppService Discord invite link - shell: >- - {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg - -w /cfg - {{ matrix_appservice_discord_docker_image }} - /bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link" - changed_when: false - -- name: Ensure matrix-appservice-discord.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" - mode: 0644 - register: matrix_appservice_discord_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-discord.service installation - service: - daemon_reload: yes - when: "matrix_appservice_discord_systemd_service_result.changed" - -- name: Ensure matrix-appservice-discord.service restarted, if necessary - service: - name: "matrix-appservice-discord.service" - state: restarted - when: "matrix_appservice_discord_requires_restart|bool" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml deleted file mode 100644 index 4e8c1fdc..00000000 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-appservice-discord service - stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" - register: matrix_appservice_discord_service_stat - -- name: Ensure matrix-appservice-discord is stopped - service: - name: matrix-appservice-discord - state: stopped - daemon_reload: yes - when: "matrix_appservice_discord_service_stat.stat.exists" - -- name: Ensure matrix-appservice-discord.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" - state: absent - when: "matrix_appservice_discord_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-discord.service removal - service: - daemon_reload: yes - when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml deleted file mode 100644 index 73253ba0..00000000 --- a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_appservice_discord_client_id" - - "matrix_appservice_discord_bot_token" - - "matrix_appservice_discord_appservice_token" - - "matrix_appservice_discord_homeserver_token" - - "matrix_appservice_discord_homeserver_domain" - -- name: (Deprecation) Catch and report renamed appservice-discord variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': ''} - -- name: Require a valid database engine - fail: msg="`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" - when: "matrix_appservice_discord_database_engine not in ['sqlite', 'postgres']" diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 deleted file mode 100644 index 6286a5d4..00000000 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ /dev/null @@ -1,103 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Domain part of the bridge, e.g. matrix.org - domain: {{ matrix_appservice_discord_bridge_domain|to_json }} - # This should be your publically facing URL because Discord may use it to - # fetch media from the media store. - homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }} - # Interval at which to process users in the 'presence queue'. If you have - # 5 users, one user will be processed every 500 milliseconds according to the - # value below. This has a minimum value of 250. - # WARNING: This has a high chance of spamming the homeserver with presence - # updates since it will send one each time somebody changes state or is online. - presenceInterval: 500 - # Disable setting presence for 'ghost users' which means Discord users on Matrix - # will not be shown as away or online. - disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }} - # Disable sending typing notifications when somebody on Discord types. - disableTypingNotifications: false - # Disable deleting messages on Discord if a message is redacted on Matrix. - disableDeletionForwarding: false - # Enable users to bridge rooms using !discord commands. See - # https://t2bot.io/discord for instructions. - enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} - # Disable sending of read receipts for Matrix events which have been - # successfully bridged to Discord. - disableReadReceipts: false - # Disable Join Leave echos from matrix - disableJoinLeaveNotifications: false - # Disable Invite echos from matrix - disableInviteNotifications: false - # Auto-determine the language of code blocks (this can be CPU-intensive) - determineCodeLanguage: false -# Authentication configuration for the discord bot. -auth: - clientID: {{ matrix_appservice_discord_client_id|string|to_json }} - botToken: {{ matrix_appservice_discord_bot_token|to_json }} - # You must enable "Privileged Gateway Intents" in your bot settings on discord.com (e.g. https://discord.com/developers/applications/12345/bot) - # for this to work - usePrivilegedIntents: {{ matrix_appservice_discord_auth_usePrivilegedIntents|to_json }} -logging: - # What level should the logger output to the console at. - console: "warn" #silly, verbose, info, http, warn, error, silent - lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format - # files: - # - file: "debug.log" - # disable: - # - "PresenceHandler" # Will not capture presence logging - # - file: "warn.log" # Will capture warnings - # level: "warn" - # - file: "botlogs.log" # Will capture logs from DiscordBot - # level: "info" - # enable: - # - "DiscordBot" -database: - # You may either use SQLite or Postgresql for the bridge database, which contains - # important mappings for events and user puppeting configurations. - # Use the filename option for SQLite, or connString for Postgresql. - # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite - # WARNING: You will almost certainly be fine with sqlite unless your bridge - # is in heavy demand and you suffer from IO slowness. - {% if matrix_appservice_discord_database_engine == 'sqlite' %} - filename: {{ matrix_appservice_discord_database_filename|to_json }} - {% else %} - connString: {{ matrix_appservice_discord_database_connString|to_json }} - {% endif %} -room: - # Set the default visibility of alias rooms, defaults to "public". - # One of: "public", "private" - defaultVisibility: "public" -channel: - # Pattern of the name given to bridged rooms. - # Can use :guild for the guild name and :name for the channel name. - namePattern: "[Discord] :guild :name" - # Changes made to rooms when a channel is deleted. - deleteOptions: - # Prefix the room name with a string. - #namePrefix: "[Deleted]" - # Prefix the room topic with a string. - #topicPrefix: "This room has been deleted" - # Disable people from talking in the room by raising the event PL to 50 - disableMessaging: false - # Remove the discord alias from the room. - unsetRoomAlias: true - # Remove the room from the directory. - unlistFromDirectory: true - # Set the room to be unavaliable for joining without an invite. - setInviteOnly: true - # Make all the discord users leave the room. - ghostsLeave: true -limits: - # Delay in milliseconds between discord users joining a room. - roomGhostJoinDelay: 6000 - # Lock timeout in milliseconds before sending messages to discord to avoid - # echos. Default is rather high as the lock will most likely time out - # before anyways. - # echos = (Copies of a sent message may arrive from discord before we've - # fininished handling it, causing us to echo it back to the room) - discordSendDelay: 1500 -ghosts: - # Pattern for the ghosts nick, available is :nick, :username, :tag and :id - nickPattern: ":nick" - # Pattern for the ghosts username, available is :username, :tag and :id - usernamePattern: ":username#:tag" diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 deleted file mode 100644 index 84dee801..00000000 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Appservice Discord bridge -{% for service in matrix_appservice_discord_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_appservice_discord_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_appservice_discord_container_http_host_bind_port %} - -p {{ matrix_appservice_discord_container_http_host_bind_port }}:9005 \ - {% endif %} - --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg \ - --mount type=bind,src={{ matrix_appservice_discord_data_path }},dst=/data \ - {% for arg in matrix_appservice_discord_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_appservice_discord_docker_image }} \ - node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-appservice-discord - - [Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml deleted file mode 100644 index 35432aa0..00000000 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ /dev/null @@ -1,401 +0,0 @@ -# Matrix Appservice IRC is a Matrix <-> IRC bridge -# See: https://github.com/matrix-org/matrix-appservice-irc - -matrix_appservice_irc_enabled: true - -matrix_appservice_irc_container_self_build: false -matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" -matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" - -matrix_appservice_irc_version: release-0.31.0 -matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" -matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" - -matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" -matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config" -matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data" - -matrix_appservice_irc_homeserver_url: "{{ matrix_homeserver_container_url }}" -matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}' -matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}' -matrix_appservice_irc_homeserver_enablePresence: true -matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999' - -matrix_appservice_irc_database_engine: nedb -matrix_appservice_irc_database_username: matrix_appservice_irc -matrix_appservice_irc_database_password: ~ -matrix_appservice_irc_database_hostname: 'matrix-postgres' -matrix_appservice_irc_database_port: 5432 -matrix_appservice_irc_database_name: matrix_appservice_irc - -# This is just the Postgres connection string, if Postgres is used. -# Naming clashes with `matrix_appservice_irc_database_connectionString` somewhat. -matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode=disable' - -# This is what actually goes into `database.connectionString` for the bridge. -matrix_appservice_irc_database_connectionString: "{{ - { - 'nedb': 'nedb:///data', - 'postgres': matrix_appservice_irc_database_connection_string, - }[matrix_appservice_irc_database_engine] -}}" - -matrix_appservice_irc_ircService_servers: [] - -# Example of `matrix_appservice_irc_ircService_servers` with one server (and all its options): -# -# matrix_appservice_irc_ircService_servers: -# # The address of the server to connect to. -# irc.example.com: -# # A human-readable short name. This is used to label IRC status rooms -# # where matrix users control their connections. -# # E.g. 'ExampleNet IRC Bridge status'. -# # It is also used in the Third Party Lookup API as the instance `desc` -# # property, where each server is an instance. -# name: "ExampleNet" - -# additionalAddresses: [ "irc2.example.com" ] -# # -# # [DEPRECATED] Use `name`, above, instead. -# # A human-readable description string -# # description: "Example.com IRC network" - -# # An ID for uniquely identifying this server amongst other servers being bridged. -# # networkId: "example" - -# # URL to an icon used as the network icon whenever this network appear in -# # a network list. (Like in the riot room directory, for instance.) -# # icon: https://example.com/images/hash.png - -# # The port to connect to. Optional. -# port: 6697 -# # Whether to use SSL or not. Default: false. -# ssl: true -# # Whether or not IRC server is using a self-signed cert or not providing CA Chain -# sslselfsign: false -# # Should the connection attempt to identify via SASL (if a server or user password is given) -# # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. -# sasl: false -# # Whether to allow expired certs when connecting to the IRC server. -# # Usually this should be off. Default: false. -# allowExpiredCerts: false -# # A specific CA to trust instead of the default CAs. Optional. -# #ca: | -# # -----BEGIN CERTIFICATE----- -# # ... -# # -----END CERTIFICATE----- - -# # -# # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. -# # password: 'pa$$w0rd' -# # -# # Whether or not to send connection/error notices to real Matrix users. Default: true. -# sendConnectionMessages: true - -# quitDebounce: -# # Whether parts due to net-splits are debounced for delayMs, to allow -# # time for the netsplit to resolve itself. A netsplit is detected as being -# # a QUIT rate higher than quitsPerSecond. Default: false. -# enabled: false -# # The maximum number of quits per second acceptable above which a netsplit is -# # considered ongoing. Default: 5. -# quitsPerSecond: 5 -# # The time window in which to wait before bridging a QUIT to Matrix that occurred during -# # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS -# # is not sent many requests to leave rooms all at once if a netsplit occurs and many -# # people to not rejoin. -# # If the user with the same IRC nick as the one who sent the quit rejoins a channel -# # they are considered back online and the quit is not bridged, so long as the rejoin -# # occurs before the randomly-jittered timeout is not reached. -# # Default: 3600000, = 1h -# delayMinMs: 3600000 # 1h -# # Default: 7200000, = 2h -# delayMaxMs: 7200000 # 2h - -# # A map for conversion of IRC user modes to Matrix power levels. This enables bridging -# # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has -# # been given multiple modes, the one that maps to the highest power level will be used. -# modePowerMap: -# o: 50 - -# botConfig: -# # Enable the presence of the bot in IRC channels. The bot serves as the entity -# # which maps from IRC -> Matrix. You can disable the bot entirely which -# # means IRC -> Matrix chat will be shared by active "M-Nick" connections -# # in the room. If there are no users in the room (or if there are users -# # but their connections are not on IRC) then nothing will be bridged to -# # Matrix. If you're concerned about the bot being treated as a "logger" -# # entity, then you may want to disable the bot. If you want IRC->Matrix -# # but don't want to have TCP connections to IRC unless a Matrix user speaks -# # (because your client connection limit is low), then you may want to keep -# # the bot enabled. Default: true. -# # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned -# # on, else there will be no users and no bot in a channel (meaning no -# # messages to Matrix!) until a Matrix user speaks which makes a client -# # join the target IRC channel. -# # NBB: The bridge bot IRC client will still join the target IRC network so -# # it can service bridge-specific queries from the IRC-side e.g. so -# # real IRC clients have a way to change their Matrix display name. -# # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 -# enabled: true -# # The nickname to give the AS bot. -# nick: "MatrixBot" -# # The password to give to NickServ or IRC Server for this nick. Optional. -# # password: "helloworld" -# # -# # Join channels even if there are no Matrix users on the other side of -# # the bridge. Set to false to prevent the bot from joining channels which have no -# # real matrix users in them, even if there is a mapping for the channel. -# # Default: true -# joinChannelsIfNoUsers: true - -# # Configuration for PMs / private 1:1 communications between users. -# privateMessages: -# # Enable the ability for PMs to be sent to/from IRC/Matrix. -# # Default: true. -# enabled: true -# # Prevent Matrix users from sending PMs to the following IRC nicks. -# # Optional. Default: []. -# # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED - -# # Should created Matrix PM rooms be federated? If false, only users on the -# # HS attached to this AS will be able to interact with this room. -# # Optional. Default: true. -# federate: true - -# # Configuration for mappings not explicitly listed in the 'mappings' -# # section. -# dynamicChannels: -# # Enable the ability for Matrix users to join *any* channel on this IRC -# # network. -# # Default: false. -# enabled: true -# # Should the AS create a room alias for the new Matrix room? The form of -# # the alias can be modified via 'aliasTemplate'. Default: true. -# createAlias: true -# # Should the AS publish the new Matrix room to the public room list so -# # anyone can see it? Default: true. -# published: true -# # What should the join_rule be for the new Matrix room? If 'public', -# # anyone can join the room. If 'invite', only users with an invite can -# # join the room. Note that if an IRC channel has +k or +i set on it, -# # join_rules will be set to 'invite' until these modes are removed. -# # Default: "public". -# joinRule: public -# # This will set the m.room.related_groups state event in newly created rooms -# # with the given groupId. This means flares will show up on IRC users in those rooms. -# # This should be set to the same thing as namespaces.users.group_id in irc_registration. -# # This does not alter existing rooms. -# # Leaving this option empty will not set the event. -# groupId: +myircnetwork:localhost -# # Should created Matrix rooms be federated? If false, only users on the -# # HS attached to this AS will be able to interact with this room. -# # Default: true. -# federate: true -# # The room alias template to apply when creating new aliases. This only -# # applies if createAlias is 'true'. The following variables are exposed: -# # $SERVER => The IRC server address (e.g. "irc.example.com") -# # $CHANNEL => The IRC channel (e.g. "#python") -# # This MUST have $CHANNEL somewhere in it. -# # Default: '#irc_$SERVER_$CHANNEL' -# aliasTemplate: "#irc_$CHANNEL" -# # A list of user IDs which the AS bot will send invites to in response -# # to a !join. Only applies if joinRule is 'invite'. Default: [] -# # whitelist: -# # - "@foo:example.com" -# # - "@bar:example.com" -# # -# # Prevent the given list of channels from being mapped under any -# # circumstances. -# # exclude: ["#foo", "#bar"] - -# # Configuration for controlling how Matrix and IRC membership lists are -# # synced. -# membershipLists: -# # Enable the syncing of membership lists between IRC and Matrix. This -# # can have a significant effect on performance on startup as the lists are -# # synced. This must be enabled for anything else in this section to take -# # effect. Default: false. -# enabled: false - -# # Syncing membership lists at startup can result in hundreds of members to -# # process all at once. This timer drip feeds membership entries at the -# # specified rate. Default: 10000. (10s) -# floodDelayMs: 10000 - -# global: -# ircToMatrix: -# # Get a snapshot of all real IRC users on a channel (via NAMES) and -# # join their virtual matrix clients to the room. -# initial: false -# # Make virtual matrix clients join and leave rooms as their real IRC -# # counterparts join/part channels. Default: false. -# incremental: false - -# matrixToIrc: -# # Get a snapshot of all real Matrix users in the room and join all of -# # them to the mapped IRC channel on startup. Default: false. -# initial: false -# # Make virtual IRC clients join and leave channels as their real Matrix -# # counterparts join/leave rooms. Make sure your 'maxClients' value is -# # high enough! Default: false. -# incremental: false - -# # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. -# rooms: -# - room: "!fuasirouddJoxtwfge:localhost" -# matrixToIrc: -# initial: false -# incremental: false - -# # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. -# channels: -# - channel: "#foo" -# ircToMatrix: -# initial: false -# incremental: false - -# mappings: -# # 1:many mappings from IRC channels to room IDs on this IRC server. -# # The matrix room must already exist. Your matrix client should expose -# # the room ID in a "settings" page for the room. -# "#thepub": -# roomIds: ["!kieouiJuedJoxtVdaG:localhost"] -# # Channel key/password to use. Optional. If provided, matrix users do -# # not need to know the channel key in order to join the channel. -# # key: "secret" - -# # Configuration for virtual matrix users. The following variables are -# # exposed: -# # $NICK => The IRC nick -# # $SERVER => The IRC server address (e.g. "irc.example.com") -# matrixClients: -# # The user ID template to use when creating virtual matrix users. This -# # MUST have $NICK somewhere in it. -# # Optional. Default: "@$SERVER_$NICK". -# # Example: "@irc.example.com_Alice:example.com" -# userTemplate: "@irc_$NICK" -# # The display name to use for created matrix clients. This should have -# # $NICK somewhere in it if it is specified. Can also use $SERVER to -# # insert the IRC domain. -# # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)" -# displayName: "$NICK (IRC)" -# # Number of tries a client can attempt to join a room before the request -# # is discarded. You can also use -1 to never retry or 0 to never give up. -# # Optional. Default: -1 -# joinAttempts: -1 - -# # Configuration for virtual IRC users. The following variables are exposed: -# # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) -# # $USERID => The user ID -# # $DISPLAY => The display name of this user, with excluded characters -# # (e.g. space) removed. If the user has no display name, this -# # falls back to $LOCALPART. -# ircClients: -# # The template to apply to every IRC client nick. This MUST have either -# # $DISPLAY or $USERID or $LOCALPART somewhere in it. -# # Optional. Default: "M-$DISPLAY". Example: "M-Alice". -# nickTemplate: "$DISPLAY[m]" -# # True to allow virtual IRC clients to change their nick on this server -# # by issuing !nick commands to the IRC AS bot. -# # This is completely freeform: it will NOT follow the nickTemplate. -# allowNickChanges: true -# # The max number of IRC clients that will connect. If the limit is -# # reached, the client that spoke the longest time ago will be -# # disconnected and replaced. -# # Optional. Default: 30. -# maxClients: 30 -# # IPv6 configuration. -# ipv6: -# # Optional. Set to true to force IPv6 for outgoing connections. -# only: false -# # Optional. The IPv6 prefix to use for generating unique addresses for each -# # connected user. If not specified, all users will connect from the same -# # (default) address. This may require additional OS-specific work to allow -# # for the node process to bind to multiple different source addresses -# # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library -# # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt. -# # prefix: "2001:0db8:85a3::" # modify appropriately -# # -# # The maximum amount of time in seconds that the client can exist -# # without sending another message before being disconnected. Use 0 to -# # not apply an idle timeout. This value is ignored if this IRC server is -# # mirroring matrix membership lists to IRC. Default: 172800 (48 hours) -# idleTimeout: 10800 -# # The number of millseconds to wait between consecutive reconnections if a -# # client gets disconnected. Setting to 0 will cause the scheduling to be -# # disabled, i.e. it will be scheduled immediately (with jitter. -# # Otherwise, the scheduling interval will be used such that one client -# # reconnect for this server will be handled every reconnectIntervalMs ms using -# # a FIFO queue. -# # Default: 5000 (5 seconds) -# reconnectIntervalMs: 5000 -# # The number of concurrent reconnects if a user has been disconnected unexpectedly -# # (e.g. a netsplit). You should set this to a reasonably high number so that -# # bridges are not waiting an eternity to reconnect all its clients if -# # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs -# # setting above which is for connecting on restart of the bridge. Set to 0 to -# # immediately try to reconnect all users. -# # Default: 50 -# concurrentReconnectLimit: 50 -# # The number of lines to allow being sent by the IRC client that has received -# # a large block of text to send from matrix. If the number of lines that would -# # be sent is > lineLimit, the text will instead be uploaded to matrix and the -# # resulting URI is treated as a file. As such, a link will be sent to the IRC -# # side instead of potentially spamming IRC and getting the IRC client kicked. -# # Default: 3. -# lineLimit: 3 -# # A list of user modes to set on every IRC client. For example, "RiG" would set -# # +R, +i and +G on every IRC connection when they have successfully connected. -# # User modes vary wildly depending on the IRC network you're connecting to, -# # so check before setting this value. Some modes may not work as intended -# # through the bridge e.g. caller ID as there is no way to /ACCEPT. -# # Default: "" (no user modes) -# # userModes: "R" - -# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9999"), or empty string to not expose. -matrix_appservice_irc_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_appservice_irc_container_extra_arguments: [] - -# List of systemd services that matrix-appservice-irc.service depends on. -matrix_appservice_irc_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-appservice-irc.service wants -matrix_appservice_irc_systemd_wanted_services_list: [] - -matrix_appservice_irc_appservice_token: '' -matrix_appservice_irc_homeserver_token: '' - -matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_appservice_irc_configuration_extension_yaml: | - # Your custom YAML configuration for Appservice IRC servers goes here. - # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_appservice_irc_configuration_yaml`. - -matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}" - -matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" - -# The original registration.yaml file generated by AppService IRC is merged with this config override, -# to produce the final registration.yaml file ultimately used by both the bridge and the homeserver. -# -# We do this to ensure consistency: -# - always having an up-to-date registration.yaml file (synced with the configuration file) -# - always having the same AS/HS token and appservice id in the registration.yaml file -# -# Learn more about this in `setup_install.yml` -matrix_appservice_irc_registration_override_yaml: | - id: appservice-irc - as_token: "{{ matrix_appservice_irc_appservice_token }}" - hs_token: "{{ matrix_appservice_irc_homeserver_token }}" - -matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml deleted file mode 100644 index e1355796..00000000 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ /dev/null @@ -1,31 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build and matrix_appservice_irc_enabled" - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. - when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}" - when: matrix_appservice_irc_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-irc-registration.yaml"] }} - when: matrix_appservice_irc_enabled|bool diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml deleted file mode 100644 index da92ecf0..00000000 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_irc_enabled|bool" - tags: - - setup-all - - setup-appservice-irc - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_irc_enabled|bool" - tags: - - setup-all - - setup-appservice-irc - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_irc_enabled|bool" - tags: - - setup-all - - setup-appservice-irc diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml deleted file mode 100644 index 6b39ac62..00000000 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ /dev/null @@ -1,70 +0,0 @@ -- name: Fail if Postgres not enabled - fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled|bool" - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" - -# Actual import work - -- name: Ensure matrix-postgres is started - service: - name: matrix-postgres - state: started - daemon_reload: yes - register: matrix_postgres_service_start_result - -- name: Wait a bit, so that Postgres can start - wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - when: "matrix_postgres_service_start_result.changed|bool" - -- name: Check existence of matrix-appservice-irc service - stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" - register: matrix_appservice_irc_service_stat - -- name: Ensure matrix-appservice-irc is stopped - service: - name: matrix-appservice-irc - state: stopped - when: "matrix_appservice_irc_service_stat.stat.exists" - -- name: Import appservice-irc NeDB database into Postgres - command: - cmd: >- - {{ matrix_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data - --entrypoint=/bin/sh - {{ matrix_appservice_irc_docker_image }} - -c - '/usr/local/bin/node /app/lib/scripts/migrate-db-to-pgres.js --dbdir /data --privateKey /data/passkey.pem --connectionString {{ matrix_appservice_irc_database_connection_string }}' - -- name: Archive NeDB database files - command: - cmd: "mv {{ matrix_appservice_irc_data_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}.backup" - with_items: - - rooms.db - - users.db - -- name: Inject result - set_fact: - matrix_playbook_runtime_results: | - {{ - matrix_playbook_runtime_results|default([]) - + - [ - "NOTE: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_irc_data_path }}/*.db` to `{{ matrix_appservice_irc_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." - ] - }} diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml deleted file mode 100644 index 75af882a..00000000 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ /dev/null @@ -1,194 +0,0 @@ ---- - -- name: Ensure Appservice IRC paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_appservice_irc_base_path }}", when: true } - - { path: "{{ matrix_appservice_irc_config_path }}", when: true } - - { path: "{{ matrix_appservice_irc_data_path }}", when: true } - - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_self_build }}" } - when: item.when|bool - -- name: Check if an old passkey file already exists - stat: - path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" - register: matrix_appservice_irc_stat_passkey - -- block: - - name: (Data relocation) Ensure matrix-appservice-irc.service is stopped - service: - name: matrix-appservice-irc - state: stopped - daemon_reload: yes - failed_when: false - - - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory - command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" - - - name: (Data relocation) Move AppService IRC database files to ./data directory - command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" - with_items: - - rooms.db - - users.db - failed_when: false - when: "matrix_appservice_irc_stat_passkey.stat.exists" - -- set_fact: - matrix_appservice_irc_requires_restart: false - -- block: - - name: Check if a nedb database already exists - stat: - path: "{{ matrix_appservice_irc_data_path }}/users.db" - register: matrix_appservice_irc_nedb_database_path_local_stat_result - - - block: - - import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - - - set_fact: - matrix_appservice_irc_requires_restart: true - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists|bool" - when: "matrix_appservice_irc_database_engine == 'postgres'" - -- name: Ensure Appservice IRC image is pulled - docker_image: - name: "{{ matrix_appservice_irc_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" - when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_self_build|bool" - -- name: Ensure matrix-appservice-irc repository is present when self-building - git: - repo: "{{ matrix_appservice_irc_docker_repo }}" - dest: "{{ matrix_appservice_irc_docker_src_files_path }}" - force: "yes" - register: matrix_appservice_irc_git_pull_results - when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool" - -- name: Ensure matrix-appservice-irc Docker image is built - docker_image: - name: "{{ matrix_appservice_irc_docker_image }}" - source: build - force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_appservice_irc_docker_src_files_path }}" - pull: yes - when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool and matrix_appservice_irc_git_pull_results.changed" - -- name: Ensure Matrix Appservice IRC config installed - copy: - content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}" - dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Check if Appservice IRC passkey exists - stat: - path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" - register: irc_passkey_file - -- name: Generate Appservice IRC passkey if it doesn't exist - shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" - become: true - become_user: "{{ matrix_user_username }}" - when: "not irc_passkey_file.stat.exists" - -# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay. -# Fix it. -- name: (Migration) Ensure Appservice IRC passkey permissions are okay - file: - path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -# Ideally, we'd like to generate the final registration.yaml file by ourselves. -# -# However, the IRC bridge supports multiple servers, which leads to multiple -# users/aliases/rooms rules in the registration file. -# -# Generating a proper file by ourselves is complicated and may lead to deviation -# from what the bridge is doing. -# -# Instead, we do another hacky thing - asking the bridge to generate a template, -# and then we parse it and fix it up with our own AS/HS token. -# We need to do this, because: -# - we'd like to have an up-to-date registration file -# - we can achieve this by asking the bridge to rebuild it each time -# - however, the bridge insists on regenerating all tokens each time -# - .. which is not friendly for integrating with the homeserver -# -# So we have a hybrid approach. We ask the bridge to always generate -# an up-to-date file, and we fix it up with some static values later on, -# to produce a final registration.yaml file, as we desire. -- name: Generate Appservice IRC registration-template.yaml - shell: >- - {{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - -v {{ matrix_appservice_irc_config_path }}:/config:z - -v {{ matrix_appservice_irc_data_path }}:/data:z - --entrypoint=/bin/bash - {{ matrix_appservice_irc_docker_image }} - -c - 'node app.js - -r - -f /config/registration-template.yaml - -u "http://matrix-appservice-irc:9999" - -c /config/config.yaml - -l irc_bot' - changed_when: false - -- name: Read Appservice IRC registration-template.yaml - slurp: - src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml" - register: matrix_appservice_irc_registration_template_slurp - -- name: Remove unnecessary Appservice IRC registration-template.yaml - file: - path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml" - state: absent - changed_when: false - -- name: Parse registration-template.yaml - set_fact: - matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}" - -- name: Combine registration-template.yaml and own registration override config - set_fact: - matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}" - -- name: Ensure Appservice IRC registration.yaml installed - copy: - content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}" - dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-appservice-irc.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" - mode: 0644 - register: matrix_appservice_irc_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-irc.service installation - service: - daemon_reload: yes - when: "matrix_appservice_irc_systemd_service_result.changed" - -- name: Ensure matrix-appservice-irc.service restarted, if necessary - service: - name: "matrix-appservice-irc.service" - state: restarted - when: "matrix_appservice_irc_requires_restart|bool" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml deleted file mode 100644 index 2b5e5dfd..00000000 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-appservice-irc service - stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" - register: matrix_appservice_irc_service_stat - -- name: Ensure matrix-appservice-irc is stopped - service: - name: matrix-appservice-irc - state: stopped - daemon_reload: yes - when: "matrix_appservice_irc_service_stat.stat.exists" - -- name: Ensure matrix-appservice-irc.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" - state: absent - when: "matrix_appservice_irc_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-irc.service removal - service: - daemon_reload: yes - when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml deleted file mode 100644 index bd08427c..00000000 --- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_appservice_irc_appservice_token" - - "matrix_appservice_irc_homeserver_token" - -# Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to -# let the playbook run without errors. -# -# Unless the final configuration (`matrix_appservice_irc_configuration`) contains an `ircService` definition, -# we'd fail generating the registration.yaml file with a non-helpful error. -# -# This is a safety check to ensure we fail earlier and in a nicer way. -- name: Fail if no additional configuration provided - fail: - msg: >- - Your Appservice IRC configuration is incomplete (lacking an `ircService.servers` configuration). - You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers` - or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`. - Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility. - when: "matrix_appservice_irc_configuration.ircService.servers|length == 0" - -- name: (Deprecation) Catch and report renamed appservice-irc variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': ''} diff --git a/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 deleted file mode 100644 index 94bbda7b..00000000 --- a/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 +++ /dev/null @@ -1,134 +0,0 @@ -#jinja2: lstrip_blocks: True -homeserver: - # The URL to the home server for client-server API calls, also used to form the - # media URLs as displayed in bridged IRC channels: - url: {{ matrix_appservice_irc_homeserver_url }} - # - # The URL of the homeserver hosting media files. This is only used to transform - # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By - # default, this is the homeserver URL, specified above. - # - media_url: {{ matrix_appservice_irc_homeserver_media_url }} - - # Drop Matrix messages which are older than this number of seconds, according to - # the event's origin_server_ts. - # If the bridge is down for a while, the homeserver will attempt to send all missed - # events on reconnection. These events may be hours old, which can be confusing to - # IRC users if they are then bridged. This option allows these old messages to be - # dropped. - # CAUTION: This is a very coarse heuristic. Federated homeservers may have different - # clock times and hence produce different origin_server_ts values, which may be old - # enough to cause *all* events from the homeserver to be dropped. - # Default: 0 (don't ever drop) - # dropMatrixMessagesAfterSecs: 300 # 5 minutes - - # The 'domain' part for user IDs on this home server. Usually (but not always) - # is the "domain name" part of the HS URL. - domain: {{ matrix_appservice_irc_homeserver_domain }} - - # Should presence be enabled for matrix clients on this bridge. If disabled on the - # homeserver then it should also be disabled here to avoid excess traffic. - # Default: true - enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} - -ircService: - # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot - # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in - # the database. - # - # To generate a .pem file: - # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 - # - # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords - # for storage in the database. Passwords are stored by using the admin room command - # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of - # the Matrix user, this password will be sent as the server password (PASS command). - passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification - - # Config for Matrix -> IRC bridging - matrixHandler: - # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). - eventCacheSize: 4096 - - servers: {{ matrix_appservice_irc_ircService_servers|to_json }} - - # Configuration for an ident server. If you are running a public bridge it is - # advised you setup an ident server so IRC mods can ban specific matrix users - # rather than the application service itself. - ident: - # True to listen for Ident requests and respond with the - # matrix user's user_id (converted to ASCII, respecting RFC 1413). - # Default: false. - enabled: false - # The port to listen on for incoming ident requests. - # Ports below 1024 require root to listen on, and you may not want this to - # run as root. Instead, you can get something like an Apache to yank up - # incoming requests to 113 to a high numbered port. Set the port to listen - # on instead of 113 here. - # Default: 113. - port: 1113 - # The address to listen on for incoming ident requests. - # Default: 0.0.0.0 - address: "::" - - # Configuration for logging. Optional. Default: console debug level logging - # only. - logging: - # Level to log on console/logfile. One of error|warn|info|debug - level: "debug" - # The file location to log to. This is relative to the project directory. - #logfile: "debug.log" - # The file location to log errors to. This is relative to the project - # directory. - #errfile: "errors.log" - # Whether to log to the console or not. - toConsole: true - # The max number of files to keep. Files will be overwritten eventually due - # to rotations. - maxFiles: 5 - - # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: - # $ npm install prom-client@6.3.0 - # Metrics will then be available via GET /metrics on the bridge listening port (-p). - metrics: - # Whether to actually enable the metric endpoint. Default: false - enabled: true - # When collecting remote user active times, which "buckets" should be used. Defaults are given below. - # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). - remoteUserAgeBuckets: - - "1h" - - "1d" - - "1w" - - # Configuration for the provisioning API. - # - # GET /_matrix/provision/link - # GET /_matrix/provision/unlink - # GET /_matrix/provision/listlinks - # - provisioning: - # True to enable the provisioning HTTP endpoint. Default: false. - enabled: false - # The number of seconds to wait before giving up on getting a response from - # an IRC channel operator. If the channel operator does not respond within the - # allotted time period, the provisioning request will fail. - # Default: 300 seconds (5 mins) - requestTimeoutSeconds: 300 - -# Options here are generally only applicable to large-scale bridges and may have -# consequences greater than other options in this configuration file. -advanced: - # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited - # however for large bridges it is important to rate limit the bridge to avoid - # accidentally overloading the homeserver. Defaults to 1000, which should be - # enough for the vast majority of use cases. - maxHttpSockets: 1000 - -# Use an external database to store bridge state. -database: - # database engine (must be 'postgres' or 'nedb'). Default: nedb - engine: {{ matrix_appservice_irc_database_engine|to_json }} - # Either a PostgreSQL connection string, or a path to the NeDB storage directory. - # For postgres, it must start with postgres:// - # For NeDB, it must start with nedb://. The path is relative to the project directory. - connectionString: {{ matrix_appservice_irc_database_connectionString|to_json }} diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 deleted file mode 100644 index 8650bd8d..00000000 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Appservice IRC bridge -{% for service in matrix_appservice_irc_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_appservice_irc_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_appservice_irc_container_http_host_bind_port %} - -p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \ - {% endif %} - -v {{ matrix_appservice_irc_config_path }}:/config:z \ - -v {{ matrix_appservice_irc_data_path }}:/data:z \ - {% for arg in matrix_appservice_irc_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --entrypoint=/bin/bash \ - {{ matrix_appservice_irc_docker_image }} \ - -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-appservice-irc - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml deleted file mode 100644 index 10b3d7b4..00000000 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ /dev/null @@ -1,118 +0,0 @@ -# matrix-appservice-slack is a Matrix <-> Slack bridge -# See: https://github.com/matrix-org/matrix-appservice-slack - -matrix_appservice_slack_enabled: true - -matrix_appservice_slack_container_self_build: false -matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git" -matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src" - -matrix_appservice_slack_version: release-1.8.0 -matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}" -matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" - -matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack" -matrix_appservice_slack_config_path: "{{ matrix_appservice_slack_base_path }}/config" -matrix_appservice_slack_data_path: "{{ matrix_appservice_slack_base_path }}/data" - -matrix_appservice_slack_public_endpoint: /appservice-slack -matrix_appservice_slack_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_slack_public_endpoint }}" - -# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source -matrix_appservice_slack_control_room_id: '' -matrix_appservice_slack_bot_name: 'slackbot' -matrix_appservice_slack_user_prefix: 'slack_' - -# Controls the SLACK_PORT and MATRIX_PORT of the installation -matrix_appservice_slack_matrix_port: 9004 -matrix_appservice_slack_slack_port: 9003 - -# Controls whether the appservice-slack container exposes its HTTP port (tcp/9003 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9999"), or empty string to not expose. -matrix_appservice_slack_container_http_host_bind_port: '' - -matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_slack_homeserver_url: "http://matrix-synapse:8008" -matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}" -matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack' - -# A list of extra arguments to pass to the container -matrix_appservice_slack_container_extra_arguments: [] - -# List of systemd services that matrix-appservice-slack.service depends on. -matrix_appservice_slack_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-appservice-slack.service wants -matrix_appservice_slack_systemd_wanted_services_list: [] - -matrix_appservice_slack_appservice_token: '' -matrix_appservice_slack_homeserver_token: '' -matrix_appservice_slack_id_token: '' - -matrix_appservice_slack_database_engine: nedb -matrix_appservice_slack_database_username: matrix_appservice_slack -matrix_appservice_slack_database_password: ~ -matrix_appservice_slack_database_hostname: 'matrix-postgres' -matrix_appservice_slack_database_port: 5432 -matrix_appservice_slack_database_name: matrix_appservice_slack - -# This is just the Postgres connection string, if Postgres is used. -# Naming clashes with `matrix_appservice_slack_database_connectionString` somewhat. -matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode=disable' - -# This is what actually goes into `database.connectionString` for the bridge. -matrix_appservice_slack_database_connectionString: "{{ - { - 'nedb': 'nedb:///data', - 'postgres': matrix_appservice_slack_database_connection_string, - }[matrix_appservice_slack_database_engine] -}}" - - -matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_appservice_slack_configuration_extension_yaml: | - #slack_hook_port: 9898 - #inbound_uri_prefix: "https://my.server.here:9898/" - #bot_username: "slackbot" - #username_prefix: "slack_" - # Optional - #slack_master_token: "abc-123-def" - # Optional - #matrix_admin_room: "!aBcDeF:matrix.org" - #homeserver: - # url: http://localhost:8008 - # server_name: my.server - # Optional - #tls: - # key_file: /path/to/tls.key - # crt_file: /path/to/tls.crt - #logging: - # console: "info" - # files: - # - "./debug.log": "info" - #- "./error.log": "error" - -matrix_appservice_slack_configuration_extension: "{{ matrix_appservice_slack_configuration_extension_yaml|from_yaml if matrix_appservice_slack_configuration_extension_yaml|from_yaml else {} }}" - -matrix_appservice_slack_configuration: "{{ matrix_appservice_slack_configuration_yaml|from_yaml|combine(matrix_appservice_slack_configuration_extension, recursive=True) }}" - -matrix_appservice_slack_registration_yaml: | - id: "{{ matrix_appservice_slack_id_token }}" - as_token: "{{ matrix_appservice_slack_appservice_token }}" - hs_token: "{{ matrix_appservice_slack_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '@{{ matrix_appservice_slack_user_prefix }}.*' - aliases: - - exclusive: false - regex: '#{{ matrix_appservice_slack_user_prefix }}.*' - rooms: [] - url: "{{matrix_appservice_slack_appservice_url}}:{{ matrix_appservice_slack_matrix_port }}" - sender_localpart: slackbot - rate_limited: true - protocols: null - -matrix_appservice_slack_registration: "{{ matrix_appservice_slack_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml deleted file mode 100644 index 0584e624..00000000 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ /dev/null @@ -1,86 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build and matrix_appservice_slack_enabled" - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}" - when: matrix_appservice_slack_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-slack-registration.yaml"] }} - when: matrix_appservice_slack_enabled|bool - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; - {% endif %} - } - - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_slack_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_appservice_slack_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ something }}` - URL endpoint to the matrix-appservice-slack container. - You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/matrix-bridge-appservice-slack/tasks/main.yml deleted file mode 100644 index acd03fff..00000000 --- a/roles/matrix-bridge-appservice-slack/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_slack_enabled|bool" - tags: - - setup-all - - setup-appservice-slack - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_slack_enabled|bool" - tags: - - setup-all - - setup-appservice-slack - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_slack_enabled|bool" - tags: - - setup-all - - setup-appservice-slack diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml deleted file mode 100644 index fedad977..00000000 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ /dev/null @@ -1,66 +0,0 @@ -- name: Fail if Postgres not enabled - fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled|bool" - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time|default('') == ''" - -# Actual import work - -- name: Ensure matrix-postgres is started - service: - name: matrix-postgres - state: started - daemon_reload: yes - register: matrix_postgres_service_start_result - -- name: Wait a bit, so that Postgres can start - wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - when: "matrix_postgres_service_start_result.changed|bool" - -- name: Ensure matrix-appservice-slack is stopped - service: - name: matrix-appservice-slack - state: stopped - -- name: Import appservice-slack NeDB database into Postgres - command: - cmd: >- - {{ matrix_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --mount type=bind,src={{ matrix_appservice_slack_data_path }},dst=/data - --entrypoint=/bin/sh - {{ matrix_appservice_slack_docker_image }} - -c - '/usr/local/bin/node /usr/src/app/lib/scripts/migrateToPostgres.js --dbdir /data --connectionString {{ matrix_appservice_slack_database_connection_string }}' - -- name: Archive NeDB database files - command: - cmd: "mv {{ matrix_appservice_slack_data_path }}/{{ item }} {{ matrix_appservice_slack_data_path }}/{{ item }}.backup" - with_items: - - teams.db - - room-store.db - - user-store.db - - event-store.db - -- name: Inject result - set_fact: - matrix_playbook_runtime_results: | - {{ - matrix_playbook_runtime_results|default([]) - + - [ - "NOTE: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_slack_data_path }}/*.db` to `{{ matrix_appservice_slack_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." - ] - }} diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml deleted file mode 100644 index b170fcb8..00000000 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- - -- name: Ensure AppService Slack paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_appservice_slack_base_path }}", when: true } - - { path: "{{ matrix_appservice_slack_config_path }}", when: true } - - { path: "{{ matrix_appservice_slack_data_path }}", when: true } - - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_self_build }}" } - when: item.when|bool - -- set_fact: - matrix_appservice_slack_requires_restart: false - -- block: - - name: Check if a nedb database already exists - stat: - path: "{{ matrix_appservice_slack_data_path }}/teams.db" - register: matrix_appservice_slack_nedb_database_path_local_stat_result - - - block: - - import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - - - set_fact: - matrix_appservice_slack_requires_restart: true - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists|bool" - when: "matrix_appservice_slack_database_engine == 'postgres'" - -- name: Ensure Appservice Slack image is pulled - docker_image: - name: "{{ matrix_appservice_slack_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" - when: "not matrix_appservice_slack_container_self_build|bool" - -- name: Ensure matrix-appservice-slack repository is present when self-building - git: - repo: "{{ matrix_appservice_slack_docker_repo }}" - dest: "{{ matrix_appservice_slack_docker_src_files_path }}" - force: "yes" - register: matrix_appservice_slack_git_pull_results - when: "matrix_appservice_slack_container_self_build|bool" - -- name: Ensure matrix-appservice-slack Docker image is built - docker_image: - name: "{{ matrix_appservice_slack_docker_image }}" - source: build - force_source: "{{ matrix_appservice_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_appservice_slack_docker_src_files_path }}" - pull: yes - when: "matrix_appservice_slack_container_self_build|bool and matrix_appservice_slack_git_pull_results.changed" - -- name: Ensure Matrix Appservice Slack config installed - copy: - content: "{{ matrix_appservice_slack_configuration|to_nice_yaml }}" - dest: "{{ matrix_appservice_slack_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure appservice-slack registration.yaml installed - copy: - content: "{{ matrix_appservice_slack_registration|to_nice_yaml }}" - dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-appservice-slack.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" - mode: 0644 - register: matrix_appservice_slack_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-slack.service installation - service: - daemon_reload: yes - when: "matrix_appservice_slack_systemd_service_result.changed" - -- name: Ensure matrix-appservice-slack.service restarted, if necessary - service: - name: "matrix-appservice-slack.service" - state: restarted - when: "matrix_appservice_slack_requires_restart|bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml deleted file mode 100644 index 0b83d02e..00000000 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-appservice-slack service - stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" - register: matrix_appservice_slack_service_stat - -- name: Ensure matrix-appservice-slack is stopped - service: - name: matrix-appservice-slack - state: stopped - daemon_reload: yes - when: "matrix_appservice_slack_service_stat.stat.exists" - -- name: Ensure matrix-appservice-slack.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" - state: absent - when: "matrix_appservice_slack_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-slack.service removal - service: - daemon_reload: yes - when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml deleted file mode 100644 index 8af10f2f..00000000 --- a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_appservice_slack_control_room_id" - - "matrix_appservice_slack_appservice_token" - - "matrix_appservice_slack_homeserver_token" - - "matrix_appservice_slack_id_token" diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 deleted file mode 100644 index bf8072c1..00000000 --- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -#jinja2: lstrip_blocks: True -slack_hook_port: {{ matrix_appservice_slack_slack_port }} -inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}" -bot_username: "{{ matrix_appservice_slack_bot_name }}" -username_prefix: {{ matrix_appservice_slack_user_prefix }} - -homeserver: - media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" - url: "{{ matrix_appservice_slack_homeserver_url }}" - server_name: "{{ matrix_domain }}" - -{% if matrix_appservice_slack_database_engine == 'nedb' %} -dbdir: "/data" -{% else %} -db: - engine: {{ matrix_appservice_slack_database_engine|to_json }} - connectionString: {{ matrix_appservice_slack_database_connectionString|to_json }} -{% endif %} - -matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}" diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 deleted file mode 100644 index 21ba27ef..00000000 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Appservice Slack bridge -{% for service in matrix_appservice_slack_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_appservice_slack_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_appservice_slack_container_http_host_bind_port %} - -p {{ matrix_appservice_slack_container_http_host_bind_port }}:{{matrix_appservice_slack_slack_port}} \ - {% endif %} - -v {{ matrix_appservice_slack_config_path }}:/config:z \ - -v {{ matrix_appservice_slack_data_path }}:/data:z \ - {% for arg in matrix_appservice_slack_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_appservice_slack_docker_image }} \ - node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-appservice-slack - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml deleted file mode 100644 index 2b9fe310..00000000 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ /dev/null @@ -1,84 +0,0 @@ -# matrix-appservice-webhooks is a Matrix <-> webhook bridge -# See: https://github.com/turt2live/matrix-appservice-webhooks - -matrix_appservice_webhooks_enabled: true - -matrix_appservice_webhooks_container_image_self_build: false -matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/turt2live/matrix-appservice-webhooks" -matrix_appservice_webhooks_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_webhooks_version == 'latest' else matrix_appservice_webhooks_version }}" -matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path: "Dockerfile" - -matrix_appservice_webhooks_version: latest -matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}" -matrix_appservice_webhooks_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_webhooks_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}" - -matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks" -matrix_appservice_webhooks_config_path: "{{ matrix_appservice_webhooks_base_path }}/config" -matrix_appservice_webhooks_data_path: "{{ matrix_appservice_webhooks_base_path }}/data" -matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks_base_path }}/docker-src" - -# If nginx-proxy is disabled, the bridge itself expects its endpoint to be on its own domain (e.g. "localhost:6789") -matrix_appservice_webhooks_public_endpoint: /appservice-webhooks -matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}" - -# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source -matrix_appservice_webhooks_control_room_id: '' -matrix_appservice_webhooks_bot_name: 'webhookbot' -matrix_appservice_webhooks_user_prefix: '_webhook' - -# Controls the webhooks_PORT and MATRIX_PORT of the installation -matrix_appservice_webhooks_matrix_port: 6789 - -# Controls whether the appservice-webhooks container exposes its HTTP port (tcp/6789 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9999"), or empty string to not expose. -matrix_appservice_webhooks_container_http_host_bind_port: '' - -matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008" -matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}" -matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks' - -# A list of extra arguments to pass to the container -matrix_appservice_webhooks_container_extra_arguments: [] - -# List of systemd services that matrix-appservice-webhooks.service depends on. -matrix_appservice_webhooks_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] - -# List of systemd services that matrix-appservice-webhooks.service wants -matrix_appservice_webhooks_systemd_wanted_services_list: [] - -matrix_appservice_webhooks_appservice_token: '' -matrix_appservice_webhooks_homeserver_token: '' -matrix_appservice_webhooks_id_token: '' -matrix_appservice_webhooks_api_secret: '' - -# Logging information (info and verbose is available) default is: info -matrix_appservice_webhooks_log_level: 'info' - -matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_appservice_webhooks_configuration_extension_yaml: | - # - -matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml|from_yaml if matrix_appservice_webhooks_configuration_extension_yaml|from_yaml else {} }}" - -matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml|from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}" - -matrix_appservice_webhooks_registration_yaml: | - id: "{{ matrix_appservice_webhooks_id_token }}" - hs_token: "{{ matrix_appservice_webhooks_homeserver_token }}" - as_token: "{{ matrix_appservice_webhooks_appservice_token }}" - namespaces: - users: - - exclusive: true - regex: '^@{{ matrix_appservice_webhooks_user_prefix | regex_escape }}.*:{{ matrix_domain | regex_escape }}$' - aliases: [] - rooms: [] - url: "{{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}" - sender_localpart: _webhook - rate_limited: false - protocols: null - -matrix_appservice_webhooks_registration: "{{ matrix_appservice_webhooks_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml deleted file mode 100644 index a42e14c9..00000000 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ /dev/null @@ -1,81 +0,0 @@ -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}" - when: matrix_appservice_webhooks_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-appservice-webhooks-registration.yaml"] }} - when: matrix_appservice_webhooks_enabled|bool - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_appservice_webhooks_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; - } - {% endif %} - - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_appservice_webhooks_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` - URL endpoint to the matrix-appservice-webhooks container. - You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. - when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml deleted file mode 100644 index 216905f3..00000000 --- a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool" - tags: - - setup-all - - setup-appservice-webhooks - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool" - tags: - - setup-all - - setup-appservice-webhooks - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_appservice_webhooks_enabled|bool" - tags: - - setup-all - - setup-appservice-webhooks diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml deleted file mode 100644 index 1b276efc..00000000 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- - -- name: Ensure AppService webhooks paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_appservice_webhooks_base_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_config_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_data_path }}", when: true } - - { path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"} - when: "item.when|bool" - -- name: Ensure Appservice webhooks image is pulled - docker_image: - name: "{{ matrix_appservice_webhooks_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" - when: "not matrix_appservice_webhooks_container_image_self_build|bool" - -- block: - - name: Ensure Appservice webhooks repository is present on self-build - git: - repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}" - dest: "{{ matrix_appservice_webhooks_docker_src_files_path }}" - version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}" - force: "yes" - register: matrix_appservice_webhooks_git_pull_results - - - name: Ensure Appservice webhooks Docker image is built - docker_image: - name: "{{ matrix_appservice_webhooks_docker_image }}" - source: build - force_source: "{{ matrix_appservice_webhooks_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_git_pull_results.changed }}" - build: - dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" - path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" - pull: yes - when: "matrix_appservice_webhooks_container_image_self_build|bool" - -- name: Ensure Matrix Appservice webhooks config is installed - copy: - content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml }}" - dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure Matrix Appservice webhooks schema.yml template exists - template: - src: "{{ role_path }}/templates/schema.yml.j2" - dest: "{{ matrix_appservice_webhooks_config_path }}/schema.yml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure Matrix Appservice webhooks database.json template exists - template: - src: "{{ role_path }}/templates/database.json.j2" - dest: "{{ matrix_appservice_webhooks_data_path }}/database.json" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure appservice-webhooks registration.yaml installed - copy: - content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml }}" - dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-appservice-webhooks.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" - mode: 0644 - register: matrix_appservice_webhooks_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation - service: - daemon_reload: yes - when: "matrix_appservice_webhooks_systemd_service_result.changed" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml deleted file mode 100644 index d8e973ce..00000000 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-appservice-webhooks service - stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" - register: matrix_appservice_webhooks_service_stat - -- name: Ensure matrix-appservice-webhooks is stopped - service: - name: matrix-appservice-webhooks - state: stopped - daemon_reload: yes - when: "matrix_appservice_webhooks_service_stat.stat.exists" - -- name: Ensure matrix-appservice-webhooks.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" - state: absent - when: "matrix_appservice_webhooks_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal - service: - daemon_reload: yes - when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml deleted file mode 100644 index b92a0eb9..00000000 --- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_appservice_webhooks_appservice_token" - - "matrix_appservice_webhooks_homeserver_token" - - "matrix_appservice_webhooks_id_token" - - "matrix_appservice_webhooks_api_secret" diff --git a/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 deleted file mode 100644 index 49751624..00000000 --- a/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#jinja2: lstrip_blocks: True -# Configuration specific to the application service. All fields (unless otherwise marked) are required. -homeserver: - # The domain for the client-server API calls. - url: "{{ matrix_appservice_webhooks_homeserver_url }}" - - # The domain part for user IDs on this home server. Usually, but not always, this is the same as the - # home server's URL. - domain: "{{ matrix_domain }}" - -# Configuration specific to the bridge. All fields (unless otherwise marked) are required. -webhookBot: - # The localpart to use for the bot. May require re-registering the application service. - localpart: "_webhook" - -# Provisioning API options -provisioning: - # Your secret for the API. Required for all provisioning API requests. - secret: '{{ matrix_appservice_webhooks_api_secret }}' - -# Configuration related to the web portion of the bridge. Handles the inbound webhooks -web: - hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}" - -logging: - console: true - consoleLevel: {{ matrix_appservice_webhooks_log_level }} - writeFiles: false diff --git a/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 b/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 deleted file mode 100644 index e70f1d83..00000000 --- a/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 +++ /dev/null @@ -1,13 +0,0 @@ -{ - "defaultEnv": { - "ENV": "NODE_ENV" - }, - "development": { - "driver": "sqlite3", - "filename": "/data/development.db" - }, - "production": { - "driver": "sqlite3", - "filename": "/data/production.db" - } -} diff --git a/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 b/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 deleted file mode 100644 index e999555d..00000000 --- a/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 +++ /dev/null @@ -1,54 +0,0 @@ -"$schema": "http://json-schema.org/draft-04/schema#" -type: "object" -properties: - provisioning: - type: "object" - properties: - secret: - type: "string" - homeserver: - type: "object" - properties: - domain: - type: "string" - url: - type: "string" - mediaUrl: - type: "string" - web: - type: "object" - properties: - hookUrlBase: - type: "string" - webhookBot: - type: "object" - properties: - localpart: - type: "string" - appearance: - type: "object" - properties: - displayName: - type: "string" - avatarUrl: - type: "string" - logging: - type: "object" - properties: - file: - type: "string" - console: - type: "boolean" - consoleLevel: - type: "string" - fileLevel: - type: "string" - writeFiles: - type: "boolean" - rotate: - type: "object" - properties: - size: - type: "number" - count: - type: "number" diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 deleted file mode 100644 index f27111b3..00000000 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Appservice webhooks bridge -{% for service in matrix_appservice_webhooks_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_appservice_webhooks_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_appservice_webhooks_container_http_host_bind_port %} - -p {{ matrix_appservice_webhooks_container_http_host_bind_port }}:{{matrix_appservice_webhooks_matrix_port}} \ - {% endif %} - -v {{ matrix_appservice_webhooks_config_path }}:/config:z \ - -v {{ matrix_appservice_webhooks_data_path }}:/data:z \ - {% for arg in matrix_appservice_webhooks_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_appservice_webhooks_docker_image }} \ - node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-appservice-webhooks - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml deleted file mode 100644 index 8df6c38f..00000000 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ /dev/null @@ -1,100 +0,0 @@ -# beeper-linkedin is a Matrix <-> LinkedIn bridge -# See: https://gitlab.com/beeper/linkedin - -matrix_beeper_linkedin_enabled: true - -matrix_beeper_linkedin_version: v0.5.1 -# See: https://gitlab.com/beeper/linkedin/container_registry -matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64" -matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}" - -matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin" -matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config" -matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data" - -matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" -matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" - -# A list of extra arguments to pass to the container -matrix_beeper_linkedin_container_extra_arguments: [] - -# List of systemd services that matrix-beeper-linkedin.service depends on. -matrix_beeper_linkedin_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-beeper-linkedin.service wants -matrix_beeper_linkedin_systemd_wanted_services_list: [] - -matrix_beeper_linkedin_appservice_token: "" -matrix_beeper_linkedin_homeserver_token: "" - -matrix_beeper_linkedin_appservice_bot_username: linkedinbot - - -# Database-related configuration fields. -# Only Postgres is supported. -matrix_beeper_linkedin_database_engine: "postgres" - -matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' -matrix_beeper_linkedin_database_password: "" -matrix_beeper_linkedin_database_hostname: 'matrix-postgres' -matrix_beeper_linkedin_database_port: 5432 -matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' - -matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable' - -matrix_beeper_linkedin_appservice_database_type: "{{ - { - 'postgres':'postgres', - }[matrix_beeper_linkedin_database_engine] -}}" - -matrix_beeper_linkedin_appservice_database_uri: "{{ - { - 'postgres': matrix_beeper_linkedin_database_connection_string, - }[matrix_beeper_linkedin_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_beeper_linkedin_login_shared_secret: '' - -# Default beeper-linkedin configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_beeper_linkedin_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_beeper_linkedin_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_beeper_linkedin_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_beeper_linkedin_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_beeper_linkedin_configuration_yaml`. - -matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`. -matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" - -matrix_beeper_linkedin_registration_yaml: | - id: linkedin - url: {{ matrix_beeper_linkedin_appservice_address }} - as_token: "{{ matrix_beeper_linkedin_appservice_token }}" - hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" - - sender_localpart: _bot_{{ matrix_beeper_linkedin_appservice_bot_username }} - rate_limited: false - namespaces: - users: - - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' - exclusive: true - - exclusive: true - regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' - de.sorunome.msc2409.push_ephemeral: true - -matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml deleted file mode 100644 index 755ac2f5..00000000 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ /dev/null @@ -1,16 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" - when: matrix_beeper_linkedin_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-beeper-linkedin-registration.yaml"] }} - when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml deleted file mode 100644 index 79c54f1a..00000000 --- a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool" - tags: - - setup-all - - setup-beeper-linkedin - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_beeper_linkedin_enabled" - tags: - - setup-all - - setup-beeper-linkedin - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_beeper_linkedin_enabled" - tags: - - setup-all - - setup-beeper-linkedin diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml deleted file mode 100644 index 97d05a45..00000000 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure Beeper LinkedIn image is pulled - docker_image: - name: "{{ matrix_beeper_linkedin_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" - -- name: Ensure Beeper LinkedIn paths exists - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_beeper_linkedin_base_path }}" - - "{{ matrix_beeper_linkedin_config_path }}" - - "{{ matrix_beeper_linkedin_data_path }}" - -- name: Ensure beeper-linkedin config.yaml installed - copy: - content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" - dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure beeper-linkedin registration.yaml installed - copy: - content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}" - dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-beeper-linkedin.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" - mode: 0644 - register: matrix_beeper_linkedin_systemd_service_result - -- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation - service: - daemon_reload: yes - when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml deleted file mode 100644 index 004b788e..00000000 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-beeper-linkedin service - stat: - path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" - register: matrix_beeper_linkedin_service_stat - -- name: Ensure matrix-beeper-linkedin is stopped - service: - name: matrix-beeper-linkedin - state: stopped - daemon_reload: yes - when: "matrix_beeper_linkedin_service_stat.stat.exists" - -- name: Ensure matrix-beeper-linkedin.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" - state: absent - when: "matrix_beeper_linkedin_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal - service: - daemon_reload: yes - when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml deleted file mode 100644 index fe33defa..00000000 --- a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_beeper_linkedin_appservice_token" - - "matrix_beeper_linkedin_homeserver_token" - diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 deleted file mode 100644 index 4fb6b055..00000000 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ /dev/null @@ -1,267 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details. -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_beeper_linkedin_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_beeper_linkedin_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - # Whether or not the homeserver supports asmux-specific endpoints, - # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically - # updating m.direct. - asmux: false - # Number of retries for all HTTP requests if the homeserver isn't reachable. - http_retry_count: 4 - - -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_beeper_linkedin_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29319 - - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. Only Postgres is currently supported. - database: {{ matrix_beeper_linkedin_appservice_database_uri|to_json }} - # Additional arguments for asyncpg.create_pool() - # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool - database_opts: - min_size: 5 - max_size: 10 - - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). - provisioning: - # Whether or not the provisioning API should be enabled. - enabled: true - # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. - shared_secret: generate - - # The unique ID of this appservice. - id: beeper_linkedin - # Appservice bot details. - bot: - # Username of the appservice bot. - username: {{ matrix_beeper_linkedin_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: LinkedIn bridge bot - avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB - - # Whether or not to receive ephemeral events via appservice transactions. - # Requires MSC2409 support (i.e. Synapse 1.22+). - # You should disable bridge -> sync_with_custom_puppets when this is enabled. - ephemeral_events: false - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "{{ matrix_beeper_linkedin_appservice_token }}" - hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" - - -# Prometheus telemetry config. Requires prometheus-client to be installed. -metrics: - enabled: false - listen_port: 8000 - -# Manhole config. -manhole: - # Whether or not opening the manhole is allowed. - enabled: false - # The path for the unix socket. - path: /var/tmp/linkedin-matrix.manhole - # The list of UIDs who can be added to the whitelist. - # If empty, any UIDs can be specified in the open-manhole command. - whitelist: - - 0 - - -# Bridge config -bridge: - # Localpart template of MXIDs for LinkedIn users. - username_template: "linkedin_{userid}" - # Displayname template for LinkedIn users. - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # (Note that, by default, non-admins might not have your homeserver's permission to create - # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.) - # `linkedin_{localpart}={server}` is a good value. - community_template: null - - # Displayname template for LinkedIn users. - # {displayname} is replaced with the display name of the LinkedIn user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: "{displayname} (LinkedIn)" - - # Number of chats to sync (and create portals for) on startup/login. - # Set 0 to disable automatic syncing. - initial_chat_sync: 10 - - # Whether or not the LinkedIn users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications - # when double puppeting is enabled - sync_with_custom_puppets: true - # Whether or not to update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # Servers to always allow double puppeting from - double_puppet_server_map: {} - # example.com: https://example.com - # Allow using double puppeting from any server with a valid client .well-known file. - - # Maximum number of seconds since last message in chat to skip - # syncing the chat in any case. This setting will take priority - # over both recovery_chat_sync_limit and initial_chat_sync_count. - # Default is 3 days = 259200 seconds - sync_max_chat_age: 259200 - - # Whether or not to sync with custom puppets to receive EDUs that - # are not normally sent to appservices. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_beeper_linkedin_login_shared_secret|to_json }} - - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - - # Whether or not to bridge presence in both directions. LinkedIn allows users not to broadcast - # presence, but then it won't send other users' presence to the client. - presence: {{ matrix_beeper_linkedin_bridge_presence|to_json }} - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - - - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Options for automatic key sharing. - key_sharing: - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow: false - # Require the requesting device to have a valid cross-signing signature? - # This doesn't require that the bridge has verified the device, only that the user has verified it. - # Not yet implemented. - require_cross_signing: false - # Require devices to be verified by the bridge? - # Verification by the bridge is not yet implemented. - require_verification: true - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to LinkedIn. - delivery_receipts: false - # Whether to allow inviting arbitrary mxids to portal rooms - allow_invites: false - - # Settings for backfilling messages from LinkedIn. - backfill: - # Whether or not the LinkedIn users of logged in Matrix users should be - # invited to private chats when backfilling history from LinkedIn. This is - # usually needed to prevent rate limits and to allow timestamp massaging. - invite_own_puppet: true - # Maximum number of messages to backfill initially. - # Set to 0 to disable backfilling when creating portal. - initial_limit: 0 - # Maximum number of messages to backfill if messages were missed while - # the bridge was disconnected. - # Set to 0 to disable backfilling missed messages. - missed_limit: 1000 - # If using double puppeting, should notifications be disabled - # while the initial backfill is in progress? - disable_notifications: false - periodic_reconnect: - # TODO needed? - # Interval in seconds in which to automatically reconnect all users. - # This can be used to automatically mitigate the bug where Linkedin stops sending messages. - # Set to -1 to disable periodic reconnections entirely. - interval: -1 - # What to do in periodic reconnects. Either "refresh" or "reconnect" - mode: refresh - # Should even disconnected users be reconnected? - always: false - # The number of seconds that a disconnection can last without triggering an automatic re-sync - # and missed message backfilling when reconnecting. - # Set to 0 to always re-sync, or -1 to never re-sync automatically. - resync_max_disconnected_time: 5 - # Whether or not temporary disconnections should send notices to the notice room. - # If this is false, disconnections will never send messages and connections will only send - # messages if it was disconnected for more than resync_max_disconnected_time seconds. - temporary_disconnect_notices: true - # Whether or not the bridge should try to "refresh" the connection if a normal reconnection - # attempt fails. - refresh_on_reconnection_fail: false - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, - # except if the config file is not writable. - resend_bridge_info: false - # When using double puppeting, should muted chats be muted in Matrix? - mute_bridging: false - # Whether or not mute status and tags should only be bridged when the portal room is created. - tag_only_on_create: true - - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!li" - - # Permissions for using the bridge. - # Permitted values: - # user - Access to use the bridge to chat with a Linkedin account. - # admin - User level and some additional administration tools - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "{{ matrix_beeper_linkedin_homeserver_domain }}": user - - - -# Logging config. -logging: - version: 1 - formatters: - colored: - (): mautrix.util.logging.color.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - paho: - level: INFO - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [ console] - diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 deleted file mode 100644 index 4498b4f0..00000000 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Beeper Linkedin bridge -{% for service in matrix_beeper_linkedin_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_beeper_linkedin_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_beeper_linkedin_config_path }}:/data:z \ - --workdir=/opt/linkedin-matrix \ - {% for arg in matrix_beeper_linkedin_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_beeper_linkedin_docker_image }} \ - python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-beeper-linkedin - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml deleted file mode 100644 index 2f9380df..00000000 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ /dev/null @@ -1,47 +0,0 @@ -# heisenbridge is a bouncer-style Matrix IRC bridge -# See: https://github.com/hifi/heisenbridge - -matrix_heisenbridge_enabled: true - -matrix_heisenbridge_version: 1.2.1 -matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" -matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" - -# Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one -matrix_heisenbridge_owner: "" - -# Enabling identd will bind to host port 113/TCP -matrix_heisenbridge_identd_enabled: false - -matrix_heisenbridge_base_path: "{{ matrix_base_data_path }}/heisenbridge" - -# A list of extra arguments to pass to the container -matrix_heisenbridge_container_extra_arguments: [] - -# List of systemd services that service depends on. -matrix_heisenbridge_systemd_required_services_list: ['docker.service'] - -# List of systemd services that service wants -matrix_heisenbridge_systemd_wanted_services_list: [] - -matrix_heisenbridge_homeserver_url: "{{ matrix_homeserver_container_url }}" - -matrix_heisenbridge_appservice_token: '' -matrix_heisenbridge_homeserver_token: '' - -# Default registration file -matrix_heisenbridge_registration_yaml: - id: heisenbridge - url: http://matrix-heisenbridge:9898 - as_token: "{{ matrix_heisenbridge_appservice_token }}" - hs_token: "{{ matrix_heisenbridge_homeserver_token }}" - rate_limited: false - sender_localpart: heisenbridge - namespaces: - users: - - regex: '@hbirc_.*' - exclusive: true - aliases: [] - rooms: [] - -matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml deleted file mode 100644 index 18e89b68..00000000 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ /dev/null @@ -1,24 +0,0 @@ -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role. - when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}" - when: matrix_heisenbridge_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/heisenbridge-registration.yaml"] }} - when: matrix_heisenbridge_enabled|bool diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/matrix-bridge-heisenbridge/tasks/main.yml deleted file mode 100644 index 1358709d..00000000 --- a/roles/matrix-bridge-heisenbridge/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_heisenbridge_enabled|bool" - tags: - - setup-all - - setup-heisenbridge - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_heisenbridge_enabled|bool" - tags: - - setup-all - - setup-heisenbridge diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml deleted file mode 100644 index 03cf9ec3..00000000 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -- name: Ensure heisenbridge image is pulled - docker_image: - name: "{{ matrix_heisenbridge_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" - -- name: Ensure heisenbridge paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_heisenbridge_base_path }}" - -- name: Ensure heisenbridge registration.yaml installed if provided - copy: - content: "{{ matrix_heisenbridge_registration|to_nice_yaml }}" - dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-heisenbridge.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" - mode: 0644 - register: matrix_heisenbridge_systemd_service_result - -- name: Ensure systemd reloaded after matrix-heisenbridge.service installation - service: - daemon_reload: yes - when: matrix_heisenbridge_systemd_service_result.changed diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml deleted file mode 100644 index 853faf7a..00000000 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-heisenbridge service - stat: - path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" - register: matrix_heisenbridge_service_stat - -- name: Ensure matrix-heisenbridge is stopped - service: - name: matrix-heisenbridge - state: stopped - daemon_reload: yes - when: "matrix_heisenbridge_service_stat.stat.exists" - -- name: Ensure matrix-heisenbridge.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" - state: absent - when: "matrix_heisenbridge_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-heisenbridge.service removal - service: - daemon_reload: yes - when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 deleted file mode 100644 index e27b88f1..00000000 --- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ /dev/null @@ -1,51 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=a bouncer-style Matrix IRC bridge -{% for service in matrix_heisenbridge_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_heisenbridge_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-heisenbridge - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_heisenbridge_identd_enabled %} - -p 113:13113 \ - {% endif %} - -v {{ matrix_heisenbridge_base_path }}:/config:z \ - {% for arg in matrix_heisenbridge_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_heisenbridge_docker_image }} \ - {% if matrix_heisenbridge_identd_enabled %} - --identd \ - --identd-port 13113 \ - {% endif %} - {% if matrix_heisenbridge_owner %} - -o {{ matrix_heisenbridge_owner }} \ - {% endif %} - --config /config/registration.yaml \ - --listen-address 0.0.0.0 \ - --listen-port 9898 \ - {{ matrix_heisenbridge_homeserver_url }} - -ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-heisenbridge - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml deleted file mode 100644 index 6c1d6b69..00000000 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ /dev/null @@ -1,114 +0,0 @@ -# mautrix-facebook is a Matrix <-> Facebook bridge -# See: https://github.com/mautrix/facebook - -matrix_mautrix_facebook_enabled: true - -matrix_mautrix_facebook_container_image_self_build: false -matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" - -matrix_mautrix_facebook_version: v0.3.1 -matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" -matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" -matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" - -matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" -matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/config" -matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" -matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" - -matrix_mautrix_facebook_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319' - -# A list of extra arguments to pass to the container -matrix_mautrix_facebook_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-facebook.service depends on. -matrix_mautrix_facebook_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-facebook.service wants -matrix_mautrix_facebook_systemd_wanted_services_list: [] - -matrix_mautrix_facebook_appservice_token: '' -matrix_mautrix_facebook_homeserver_token: '' - - -# Database-related configuration fields. -# -# To use SQLite: -# - change the engine (`matrix_mautrix_facebook_database_engine: 'sqlite'`) -# - change to the last bridge version that supported SQLite: -# `matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:da1b4ec596e334325a1589e70829dea46e73064b"` -# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future). -# -# To use Postgres: -# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables -matrix_mautrix_facebook_database_engine: 'postgres' - -matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db" -matrix_mautrix_facebook_sqlite_database_path_in_container: "/data/mautrix-facebook.db" - -matrix_mautrix_facebook_database_username: 'matrix_mautrix_facebook' -matrix_mautrix_facebook_database_password: 'some-password' -matrix_mautrix_facebook_database_hostname: 'matrix-postgres' -matrix_mautrix_facebook_database_port: 5432 -matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook' - -matrix_mautrix_facebook_database_connection_string: 'postgres://{{ matrix_mautrix_facebook_database_username }}:{{ matrix_mautrix_facebook_database_password }}@{{ matrix_mautrix_facebook_database_hostname }}:{{ matrix_mautrix_facebook_database_port }}/{{ matrix_mautrix_facebook_database_name }}' - -matrix_mautrix_facebook_appservice_database: "{{ - { - 'sqlite': ('sqlite:///' + matrix_mautrix_facebook_sqlite_database_path_in_container), - 'postgres': matrix_mautrix_facebook_database_connection_string, - }[matrix_mautrix_facebook_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_facebook_login_shared_secret: '' - -matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}" - -matrix_mautrix_facebook_appservice_bot_username: facebookbot - -matrix_mautrix_facebook_bridge_presence: true - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_facebook_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_facebook_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_facebook_configuration_yaml`. - -matrix_mautrix_facebook_configuration_extension: "{{ matrix_mautrix_facebook_configuration_extension_yaml|from_yaml if matrix_mautrix_facebook_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_facebook_configuration_yaml`. -matrix_mautrix_facebook_configuration: "{{ matrix_mautrix_facebook_configuration_yaml|from_yaml|combine(matrix_mautrix_facebook_configuration_extension, recursive=True) }}" - -matrix_mautrix_facebook_registration_yaml: | - id: facebook - as_token: "{{ matrix_mautrix_facebook_appservice_token }}" - hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$' - - exclusive: true - regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$' - url: {{ matrix_mautrix_facebook_appservice_address }} - # See https://github.com/mautrix/signal/issues/43 - sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }} - rate_limited: false - de.sorunome.msc2409.push_ephemeral: true - -matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml deleted file mode 100644 index cf67f227..00000000 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ /dev/null @@ -1,23 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}" - when: matrix_mautrix_facebook_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-facebook-registration.yaml"] }} - when: matrix_mautrix_facebook_enabled|bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml deleted file mode 100644 index 54fb6f9d..00000000 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" - tags: - - setup-all - - setup-mautrix-facebook - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" - tags: - - setup-all - - setup-mautrix-facebook - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_facebook_enabled|bool" - tags: - - setup-all - - setup-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml deleted file mode 100644 index fb9dcca4..00000000 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ /dev/null @@ -1,129 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_mautrix_facebook_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" - register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" - dst: "{{ matrix_mautrix_facebook_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mautrix_facebook_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mautrix-facebook.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mautrix_facebook_requires_restart: true - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mautrix_facebook_database_engine == 'postgres'" - -- name: Ensure Mautrix Facebook image is pulled - docker_image: - name: "{{ matrix_mautrix_facebook_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" - when: not matrix_mautrix_facebook_container_image_self_build - -- name: Ensure Mautrix Facebook paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mautrix_facebook_base_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_config_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_data_path }}", when: true } - - { path: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}" } - when: item.when|bool - -- name: Ensure Mautrix Facebook repository is present on self-build - git: - repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}" - dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" - version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_mautrix_facebook_git_pull_results - when: "matrix_mautrix_facebook_container_image_self_build|bool" - -- name: Ensure Mautrix Facebook Docker image is built - docker_image: - name: "{{ matrix_mautrix_facebook_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_facebook_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_facebook_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_facebook_container_image_self_build|bool" - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db" - register: matrix_mautrix_facebook_stat_database - -- name: (Data relocation) Ensure matrix-mautrix-facebook.service is stopped - service: - name: matrix-mautrix-facebook - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mautrix_facebook_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-facebook database file to ./data directory - command: "mv {{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db {{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db" - when: "matrix_mautrix_facebook_stat_database.stat.exists" - -- name: Ensure mautrix-facebook config.yaml installed - copy: - content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_facebook_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-facebook registration.yaml installed - copy: - content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_facebook_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-facebook.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" - mode: 0644 - register: matrix_mautrix_facebook_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_facebook_systemd_service_result.changed" - -- name: Ensure matrix-mautrix-facebook.service restarted, if necessary - service: - name: "matrix-mautrix-facebook.service" - state: restarted - when: "matrix_mautrix_facebook_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml deleted file mode 100644 index efc8aa74..00000000 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mautrix-facebook service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" - register: matrix_mautrix_facebook_service_stat - -- name: Ensure matrix-mautrix-facebook is stopped - service: - name: matrix-mautrix-facebook - state: stopped - daemon_reload: yes - when: "matrix_mautrix_facebook_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-facebook.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" - state: absent - when: "matrix_mautrix_facebook_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml deleted file mode 100644 index 0879bad9..00000000 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_facebook_appservice_token" - - "matrix_mautrix_facebook_homeserver_token" - -- block: - - name: Fail if on SQLite, unless on the last version supporting SQLite - fail: - msg: >- - You're trying to use the mautrix-facebook bridge with an SQLite database. - Going forward, this bridge only supports Postgres. - To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database - when: "not matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" - - - name: Inject warning if still on SQLite - set_fact: - matrix_playbook_runtime_results: | - {{ - matrix_playbook_runtime_results|default([]) - + - [ - "NOTE: Your mautrix-facebook bridge setup is still on SQLite. Your bridge is not getting any updates and will likely stop working at some point. To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database" - ] - }} - when: "matrix_mautrix_facebook_database_engine == 'sqlite'" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 deleted file mode 100644 index 628db713..00000000 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ /dev/null @@ -1,227 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_facebook_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_facebook_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - # Whether or not the homeserver supports asmux-specific endpoints, - # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically - # updating m.direct. - asmux: false - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_facebook_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29319 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. Only Postgres is currently supported. - database: {{ matrix_mautrix_facebook_appservice_database|to_json }} - - # Public part of web server for out-of-Matrix interaction with the bridge. - public: - # Whether or not the public-facing endpoints should be enabled. - enabled: false - # The prefix to use in the public-facing endpoints. - prefix: /public - # The base URL where the public-facing endpoints are available. The prefix is not added - # implicitly. - external: https://example.com/public - # Shared secret for integration managers such as mautrix-manager. - # If set to "generate", a random string will be generated on the next startup. - # If null, integration manager access to the API will not be possible. - shared_secret: generate - - # The unique ID of this appservice. - id: facebook - # Username of the appservice bot. - bot_username: {{ matrix_mautrix_facebook_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Facebook bridge bot - bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_facebook_appservice_token }}" - hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}" - -# Prometheus telemetry config. Requires prometheus-client to be installed. -metrics: - enabled: false - listen_port: 8000 - -# Bridge config -bridge: - # Localpart template of MXIDs for Facebook users. - # {userid} is replaced with the user ID of the Facebook user. - username_template: "facebook_{userid}" - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # - # `facebook_{localpart}={server}` is a good value. - community_template: null - # Displayname template for Facebook users. - # {displayname} is replaced with the display name of the Facebook user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: '{displayname} (FB)' - # Available keys: - # "name" (full name) - # "first_name" - # "last_name" - # "nickname" - # "own_nickname" (user-specific!) - displayname_preference: - - name - - first_name - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" - - # Number of chats to sync (and create portals for) on startup/login. - # Set 0 to disable automatic syncing. - initial_chat_sync: 10 - # Whether or not the Facebook users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications - # when double puppeting is enabled - sync_with_custom_puppets: true - # Whether or not to update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # Servers to always allow double puppeting from - double_puppet_server_map: {} - # example.com: https://example.com - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - # If using this for other servers than the bridge's server, - # you must also set the URL in the double_puppet_server_map. - login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }} - presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }} - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Options for automatic key sharing. - key_sharing: - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow: false - # Require the requesting device to have a valid cross-signing signature? - # This doesn't require that the bridge has verified the device, only that the user has verified it. - # Not yet implemented. - require_cross_signing: false - # Require devices to be verified by the bridge? - # Verification by the bridge is not yet implemented. - require_verification: true - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Facebook. - delivery_receipts: false - # Whether to allow inviting arbitrary mxids to portal rooms - allow_invites: false - # Settings for backfilling messages from Facebook. - backfill: - # Whether or not the Facebook users of logged in Matrix users should be - # invited to private chats when backfilling history from Facebook. This is - # usually needed to prevent rate limits and to allow timestamp massaging. - invite_own_puppet: true - # Maximum number of messages to backfill initially. - # Set to 0 to disable backfilling when creating portal. - initial_limit: 0 - # Maximum number of messages to backfill if messages were missed while - # the bridge was disconnected. - # Set to 0 to disable backfilling missed messages. - missed_limit: 1000 - # If using double puppeting, should notifications be disabled - # while the initial backfill is in progress? - disable_notifications: false - periodic_reconnect: - # Interval in seconds in which to automatically reconnect all users. - # This can be used to automatically mitigate the bug where Facebook stops sending messages. - # Set to -1 to disable periodic reconnections entirely. - interval: -1 - # What to do in periodic reconnects. Either "refresh" or "reconnect" - mode: refresh - # Should even disconnected users be reconnected? - always: false - # The number of seconds that a disconnection can last without triggering an automatic re-sync - # and missed message backfilling when reconnecting. - # Set to 0 to always re-sync, or -1 to never re-sync automatically. - resync_max_disconnected_time: 5 - # Whether or not temporary disconnections should send notices to the notice room. - # If this is false, disconnections will never send messages and connections will only send - # messages if it was disconnected for more than resync_max_disconnected_time seconds. - temporary_disconnect_notices: true - # Whether or not the bridge should try to "refresh" the connection if a normal reconnection - # attempt fails. - refresh_on_reconnection_fail: false - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, - # except if the config file is not writable. - resend_bridge_info: false - - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_facebook_homeserver_domain }}': user - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - colored: - (): mautrix_facebook.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - paho: - level: INFO - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 deleted file mode 100644 index f3af4b9f..00000000 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Facebook bridge -{% for service in matrix_mautrix_facebook_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mautrix_facebook_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_facebook_config_path }}:/config:z \ - -v {{ matrix_mautrix_facebook_data_path }}:/data:z \ - {% for arg in matrix_mautrix_facebook_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_facebook_docker_image }} \ - python3 -m mautrix_facebook -c /config/config.yaml --no-update - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-facebook - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml deleted file mode 100644 index 22f863ff..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ /dev/null @@ -1,115 +0,0 @@ -# mautrix-googlechat is a Matrix <-> googlechat bridge -# See: https://github.com/mautrix/googlechat - -matrix_mautrix_googlechat_enabled: true - -matrix_mautrix_googlechat_container_image_self_build: false -matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" - -matrix_mautrix_googlechat_version: latest -# See: https://mau.dev/mautrix/googlechat/container_registry -matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" -matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" -matrix_mautrix_googlechat_docker_image_force_pull: "{{ matrix_mautrix_googlechat_docker_image.endswith(':latest') }}" - -matrix_mautrix_googlechat_base_path: "{{ matrix_base_data_path }}/mautrix-googlechat" -matrix_mautrix_googlechat_config_path: "{{ matrix_mautrix_googlechat_base_path }}/config" -matrix_mautrix_googlechat_data_path: "{{ matrix_mautrix_googlechat_base_path }}/data" -matrix_mautrix_googlechat_docker_src_files_path: "{{ matrix_mautrix_googlechat_base_path }}/docker-src" - -matrix_mautrix_googlechat_public_endpoint: '/mautrix-googlechat' - -matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080' - -# Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. -matrix_mautrix_googlechat_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_mautrix_googlechat_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-googlechat.service depends on. -matrix_mautrix_googlechat_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-googlechat.service wants -matrix_mautrix_googlechat_systemd_wanted_services_list: [] - -matrix_mautrix_googlechat_appservice_token: '' -matrix_mautrix_googlechat_homeserver_token: '' - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables -matrix_mautrix_googlechat_database_engine: 'sqlite' - -matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db" -matrix_mautrix_googlechat_sqlite_database_path_in_container: "/data/mautrix-googlechat.db" - -matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat' -matrix_mautrix_googlechat_database_password: 'some-password' -matrix_mautrix_googlechat_database_hostname: 'matrix-postgres' -matrix_mautrix_googlechat_database_port: 5432 -matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat' - -matrix_mautrix_googlechat_database_connection_string: 'postgres://{{ matrix_mautrix_googlechat_database_username }}:{{ matrix_mautrix_googlechat_database_password }}@{{ matrix_mautrix_googlechat_database_hostname }}:{{ matrix_mautrix_googlechat_database_port }}/{{ matrix_mautrix_googlechat_database_name }}' - -matrix_mautrix_googlechat_appservice_database: "{{ - { - 'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container), - 'postgres': matrix_mautrix_googlechat_database_connection_string, - }[matrix_mautrix_googlechat_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_googlechat_login_shared_secret: '' - -matrix_mautrix_googlechat_appservice_bot_username: googlechatbot - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_googlechat_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_googlechat_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_googlechat_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_googlechat_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_googlechat_configuration_yaml`. - -matrix_mautrix_googlechat_configuration_extension: "{{ matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml if matrix_mautrix_googlechat_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_googlechat_configuration_yaml`. -matrix_mautrix_googlechat_configuration: "{{ matrix_mautrix_googlechat_configuration_yaml|from_yaml|combine(matrix_mautrix_googlechat_configuration_extension, recursive=True) }}" - -matrix_mautrix_googlechat_registration_yaml: | - id: googlechat - as_token: "{{ matrix_mautrix_googlechat_appservice_token }}" - hs_token: "{{ matrix_mautrix_googlechat_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '^@googlechat_.+:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$' - - exclusive: true - regex: '^@{{ matrix_mautrix_googlechat_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_googlechat_homeserver_domain|regex_escape }}$' - url: {{ matrix_mautrix_googlechat_appservice_address }} - # See https://github.com/mautrix/signal/issues/43 - sender_localpart: _bot_{{ matrix_mautrix_googlechat_appservice_bot_username }} - rate_limited: false - de.sorunome.msc2409.push_ephemeral: true - -matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml deleted file mode 100644 index c12fcd3c..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ /dev/null @@ -1,69 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}" - when: matrix_mautrix_googlechat_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-googlechat-registration.yaml"] }} - when: matrix_mautrix_googlechat_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-googlechat:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_mautrix_googlechat_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` - URL endpoint to the matrix-mautrix-googlechat container. - You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. - when: "matrix_mautrix_googlechat_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml deleted file mode 100644 index defcd58a..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool" - tags: - - setup-all - - setup-mautrix-googlechat - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_googlechat_enabled|bool" - tags: - - setup-all - - setup-mautrix-googlechat - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_googlechat_enabled|bool" - tags: - - setup-all - - setup-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml deleted file mode 100644 index f68ee505..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_mautrix_googlechat_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" - register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" - dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mautrix_googlechat_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mautrix_googlechat_requires_restart: true - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mautrix_googlechat_database_engine == 'postgres'" - -- name: Ensure Mautrix googlechat image is pulled - docker_image: - name: "{{ matrix_mautrix_googlechat_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" - when: not matrix_mautrix_googlechat_container_image_self_build - -- name: Ensure Mautrix googlechat paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mautrix_googlechat_base_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_config_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_data_path }}", when: true } - - { path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}", when: "{{ matrix_mautrix_googlechat_container_image_self_build }}" } - when: "item.when|bool" - -- name: Ensure Mautrix Hangots repository is present on self build - git: - repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}" - dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" - force: "yes" - register: matrix_mautrix_googlechat_git_pull_results - when: "matrix_mautrix_googlechat_container_image_self_build|bool" - -- name: Ensure Mautrix googlechat Docker image is built - docker_image: - name: "{{ matrix_mautrix_googlechat_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_googlechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_googlechat_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_googlechat_container_image_self_build|bool" - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db" - register: matrix_mautrix_googlechat_stat_database - -- name: (Data relocation) Ensure matrix-mautrix-googlechat.service is stopped - service: - name: matrix-mautrix-googlechat - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mautrix_googlechat_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-googlechat database file to ./data directory - command: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db" - when: "matrix_mautrix_googlechat_stat_database.stat.exists" - -- name: Ensure mautrix-googlechat config.yaml installed - copy: - content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-googlechat registration.yaml installed - copy: - content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-googlechat.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" - mode: 0644 - register: matrix_mautrix_googlechat_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_googlechat_systemd_service_result.changed" - -- name: Ensure matrix-mautrix-googlechat.service restarted, if necessary - service: - name: "matrix-mautrix-googlechat.service" - state: restarted - when: "matrix_mautrix_googlechat_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml deleted file mode 100644 index d3adb7e2..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mautrix-googlechat service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" - register: matrix_mautrix_googlechat_service_stat - -- name: Ensure matrix-mautrix-googlechat is stopped - service: - name: matrix-mautrix-googlechat - state: stopped - daemon_reload: yes - when: "matrix_mautrix_googlechat_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-googlechat.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" - state: absent - when: "matrix_mautrix_googlechat_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml deleted file mode 100644 index 7aa42870..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_googlechat_public_endpoint" - - "matrix_mautrix_googlechat_appservice_token" - - "matrix_mautrix_googlechat_homeserver_token" -- debug: - msg: - - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 deleted file mode 100644 index c54ffac2..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ /dev/null @@ -1,145 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_googlechat_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_googlechat_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_googlechat_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: {{ matrix_mautrix_googlechat_appservice_database|to_json }} - - # The unique ID of this appservice. - id: googlechat - # Username of the appservice bot. - bot_username: {{ matrix_mautrix_googlechat_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: googlechat bridge bot - bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_googlechat_appservice_token }}" - hs_token: "{{ matrix_mautrix_googlechat_homeserver_token }}" - -# Bridge config -bridge: - # Localpart template of MXIDs for googlechat users. - # {userid} is replaced with the user ID of the googlechat user. - username_template: "googlechat_{userid}" - # Displayname template for googlechat users. - # {displayname} is replaced with the display name of the googlechat user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: '{full_name} (googlechat)' - # Available keys: - # "name" (full name) - # "first_name" - # "last_name" - # "nickname" - # "own_nickname" (user-specific!) - displayname_preference: - - name - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" - - # Number of chats to sync (and create portals for) on startup/login. - # Maximum 20, set 0 to disable automatic syncing. - initial_chat_sync: 20 - # Whether or not the googlechat users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your googlechat account. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_googlechat_login_shared_secret|to_json }} - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - - # Public website and API configs - web: - # Auth server config - auth: - # Publicly accessible base URL for the login endpoints. - # The prefix below is not implicitly added. This URL and all subpaths should be proxied - # or otherwise pointed to the appservice's webserver to the path specified below (prefix). - # This path should usually include a trailing slash. - # Internal prefix in the appservice web server for the login endpoints. - public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_googlechat_public_endpoint }}/login" - prefix: "{{ matrix_mautrix_googlechat_public_endpoint }}/login" - - - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - colored: - (): mautrix_googlechat.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - hangups: - level: DEBUG - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 deleted file mode 100644 index c56473be..00000000 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix googlechat bridge -{% for service in matrix_mautrix_googlechat_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mautrix_googlechat_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-googlechat \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_mautrix_googlechat_container_http_host_bind_port %} - -p {{ matrix_mautrix_googlechat_container_http_host_bind_port }}:8080 \ - {% endif %} - -v {{ matrix_mautrix_googlechat_config_path }}:/config:z \ - -v {{ matrix_mautrix_googlechat_data_path }}:/data:z \ - {% for arg in matrix_mautrix_googlechat_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_googlechat_docker_image }} \ - python3 -m mautrix_googlechat -c /config/config.yaml --no-update - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-googlechat - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml deleted file mode 100644 index fa46d33c..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ /dev/null @@ -1,115 +0,0 @@ -# mautrix-hangouts is a Matrix <-> Hangouts bridge -# See: https://github.com/mautrix/hangouts - -matrix_mautrix_hangouts_enabled: true - -matrix_mautrix_hangouts_container_image_self_build: false -matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/mautrix/hangouts.git" - -matrix_mautrix_hangouts_version: latest -# See: https://mau.dev/mautrix/hangouts/container_registry -matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}mautrix/hangouts:{{ matrix_mautrix_hangouts_version }}" -matrix_mautrix_hangouts_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_hangouts_container_image_self_build else 'dock.mau.dev/' }}" -matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}" - -matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts" -matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config" -matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data" -matrix_mautrix_hangouts_docker_src_files_path: "{{ matrix_mautrix_hangouts_base_path }}/docker-src" - -matrix_mautrix_hangouts_public_endpoint: '/mautrix-hangouts' - -matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' - -# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. -matrix_mautrix_hangouts_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_mautrix_hangouts_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-hangouts.service depends on. -matrix_mautrix_hangouts_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-hangouts.service wants -matrix_mautrix_hangouts_systemd_wanted_services_list: [] - -matrix_mautrix_hangouts_appservice_token: '' -matrix_mautrix_hangouts_homeserver_token: '' - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables -matrix_mautrix_hangouts_database_engine: 'sqlite' - -matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" -matrix_mautrix_hangouts_sqlite_database_path_in_container: "/data/mautrix-hangouts.db" - -matrix_mautrix_hangouts_database_username: 'matrix_mautrix_hangouts' -matrix_mautrix_hangouts_database_password: 'some-password' -matrix_mautrix_hangouts_database_hostname: 'matrix-postgres' -matrix_mautrix_hangouts_database_port: 5432 -matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts' - -matrix_mautrix_hangouts_database_connection_string: 'postgres://{{ matrix_mautrix_hangouts_database_username }}:{{ matrix_mautrix_hangouts_database_password }}@{{ matrix_mautrix_hangouts_database_hostname }}:{{ matrix_mautrix_hangouts_database_port }}/{{ matrix_mautrix_hangouts_database_name }}' - -matrix_mautrix_hangouts_appservice_database: "{{ - { - 'sqlite': ('sqlite:///' + matrix_mautrix_hangouts_sqlite_database_path_in_container), - 'postgres': matrix_mautrix_hangouts_database_connection_string, - }[matrix_mautrix_hangouts_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_hangouts_login_shared_secret: '' - -matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_hangouts_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_hangouts_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_hangouts_configuration_yaml`. - -matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml if matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_hangouts_configuration_yaml`. -matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml|from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" - -matrix_mautrix_hangouts_registration_yaml: | - id: hangouts - as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" - hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' - - exclusive: true - regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' - url: {{ matrix_mautrix_hangouts_appservice_address }} - # See https://github.com/mautrix/signal/issues/43 - sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }} - rate_limited: false - de.sorunome.msc2409.push_ephemeral: true - -matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml deleted file mode 100644 index 6cc194fe..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ /dev/null @@ -1,69 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}" - when: matrix_mautrix_hangouts_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} - when: matrix_mautrix_hangouts_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-hangouts:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_mautrix_hangouts_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` - URL endpoint to the matrix-mautrix-hangouts container. - You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. - when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml deleted file mode 100644 index 0df0d0e3..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" - tags: - - setup-all - - setup-mautrix-hangouts - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" - tags: - - setup-all - - setup-mautrix-hangouts - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_hangouts_enabled|bool" - tags: - - setup-all - - setup-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml deleted file mode 100644 index d5373134..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_mautrix_hangouts_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" - register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" - dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mautrix_hangouts_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mautrix_hangouts_requires_restart: true - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mautrix_hangouts_database_engine == 'postgres'" - -- name: Ensure Mautrix Hangouts image is pulled - docker_image: - name: "{{ matrix_mautrix_hangouts_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" - when: not matrix_mautrix_hangouts_container_image_self_build - -- name: Ensure Mautrix Hangouts paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mautrix_hangouts_base_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_config_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_data_path }}", when: true } - - { path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}" } - when: "item.when|bool" - -- name: Ensure Mautrix Hangots repository is present on self build - git: - repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}" - dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" - force: "yes" - register: matrix_mautrix_hangouts_git_pull_results - when: "matrix_mautrix_hangouts_container_image_self_build|bool" - -- name: Ensure Mautrix Hangouts Docker image is built - docker_image: - name: "{{ matrix_mautrix_hangouts_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_hangouts_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_hangouts_container_image_self_build|bool" - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db" - register: matrix_mautrix_hangouts_stat_database - -- name: (Data relocation) Ensure matrix-mautrix-hangouts.service is stopped - service: - name: matrix-mautrix-hangouts - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mautrix_hangouts_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-hangouts database file to ./data directory - command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" - when: "matrix_mautrix_hangouts_stat_database.stat.exists" - -- name: Ensure mautrix-hangouts config.yaml installed - copy: - content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-hangouts registration.yaml installed - copy: - content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-hangouts.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" - mode: 0644 - register: matrix_mautrix_hangouts_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_hangouts_systemd_service_result.changed" - -- name: Ensure matrix-mautrix-hangouts.service restarted, if necessary - service: - name: "matrix-mautrix-hangouts.service" - state: restarted - when: "matrix_mautrix_hangouts_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml deleted file mode 100644 index 14413e94..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mautrix-hangouts service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" - register: matrix_mautrix_hangouts_service_stat - -- name: Ensure matrix-mautrix-hangouts is stopped - service: - name: matrix-mautrix-hangouts - state: stopped - daemon_reload: yes - when: "matrix_mautrix_hangouts_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-hangouts.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" - state: absent - when: "matrix_mautrix_hangouts_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml deleted file mode 100644 index 8922bef4..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_hangouts_public_endpoint" - - "matrix_mautrix_hangouts_appservice_token" - - "matrix_mautrix_hangouts_homeserver_token" -- debug: - msg: - - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 deleted file mode 100644 index 7ff7d539..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ /dev/null @@ -1,145 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_hangouts_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_hangouts_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_hangouts_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: {{ matrix_mautrix_hangouts_appservice_database|to_json }} - - # The unique ID of this appservice. - id: hangouts - # Username of the appservice bot. - bot_username: {{ matrix_mautrix_hangouts_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Hangouts bridge bot - bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" - hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" - -# Bridge config -bridge: - # Localpart template of MXIDs for Hangouts users. - # {userid} is replaced with the user ID of the Hangouts user. - username_template: "hangouts_{userid}" - # Displayname template for Hangouts users. - # {displayname} is replaced with the display name of the Hangouts user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: '{full_name} (Hangouts)' - # Available keys: - # "name" (full name) - # "first_name" - # "last_name" - # "nickname" - # "own_nickname" (user-specific!) - displayname_preference: - - name - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" - - # Number of chats to sync (and create portals for) on startup/login. - # Maximum 20, set 0 to disable automatic syncing. - initial_chat_sync: 20 - # Whether or not the Hangouts users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your Hangouts account. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - - # Public website and API configs - web: - # Auth server config - auth: - # Publicly accessible base URL for the login endpoints. - # The prefix below is not implicitly added. This URL and all subpaths should be proxied - # or otherwise pointed to the appservice's webserver to the path specified below (prefix). - # This path should usually include a trailing slash. - # Internal prefix in the appservice web server for the login endpoints. - public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" - prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" - - - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - colored: - (): mautrix_hangouts.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - hangups: - level: DEBUG - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 deleted file mode 100644 index 60f0e055..00000000 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ /dev/null @@ -1,54 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Hangouts bridge -{% for service in matrix_mautrix_hangouts_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mautrix_hangouts_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' -ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ - -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ - {{ matrix_mautrix_hangouts_docker_image }} \ - alembic -x config=/config/config.yaml upgrade head - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_mautrix_hangouts_container_http_host_bind_port %} - -p {{ matrix_mautrix_hangouts_container_http_host_bind_port }}:8080 \ - {% endif %} - -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ - -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ - {% for arg in matrix_mautrix_hangouts_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_hangouts_docker_image }} \ - python3 -m mautrix_hangouts -c /config/config.yaml --no-update - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-hangouts - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml deleted file mode 100644 index a648018e..00000000 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ /dev/null @@ -1,105 +0,0 @@ -# mautrix-instagram is a Matrix <-> Instagram bridge -# See: https://github.com/mautrix/instagram - -matrix_mautrix_instagram_enabled: true - -matrix_mautrix_instagram_container_image_self_build: false -matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" - -matrix_mautrix_instagram_version: latest -# See: https://mau.dev/tulir/mautrix-instagram/container_registry -matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" -matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" -matrix_mautrix_instagram_docker_image_force_pull: "{{ matrix_mautrix_instagram_docker_image.endswith(':latest') }}" - -matrix_mautrix_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-instagram" -matrix_mautrix_instagram_config_path: "{{ matrix_mautrix_instagram_base_path }}/config" -matrix_mautrix_instagram_data_path: "{{ matrix_mautrix_instagram_base_path }}/data" -matrix_mautrix_instagram_docker_src_files_path: "{{ matrix_mautrix_instagram_base_path }}/docker-src" - -matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330' - -# A list of extra arguments to pass to the container -matrix_mautrix_instagram_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-instagram.service depends on. -matrix_mautrix_instagram_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-instagram.service wants -matrix_mautrix_instagram_systemd_wanted_services_list: [] - -matrix_mautrix_instagram_appservice_token: '' -matrix_mautrix_instagram_homeserver_token: '' - - -# Database-related configuration fields. -# -# To use Postgres: -# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables -matrix_mautrix_instagram_database_engine: 'postgres' - -matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram' -matrix_mautrix_instagram_database_password: 'some-password' -matrix_mautrix_instagram_database_hostname: 'matrix-postgres' -matrix_mautrix_instagram_database_port: 5432 -matrix_mautrix_instagram_database_name: 'matrix_mautrix_instagram' - -matrix_mautrix_instagram_database_connection_string: 'postgres://{{ matrix_mautrix_instagram_database_username }}:{{ matrix_mautrix_instagram_database_password }}@{{ matrix_mautrix_instagram_database_hostname }}:{{ matrix_mautrix_instagram_database_port }}/{{ matrix_mautrix_instagram_database_name }}' - -matrix_mautrix_instagram_appservice_database: "{{ - { - 'postgres': matrix_mautrix_instagram_database_connection_string, - }[matrix_mautrix_instagram_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_instagram_login_shared_secret: '' - -matrix_mautrix_instagram_bridge_login_shared_secret_map: "{{ {matrix_mautrix_instagram_homeserver_domain: matrix_mautrix_instagram_login_shared_secret} if matrix_mautrix_instagram_login_shared_secret else {} }}" - -matrix_mautrix_instagram_appservice_bot_username: instagrambot - -matrix_mautrix_instagram_bridge_presence: true - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_instagram_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_instagram_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_instagram_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_instagram_configuration_yaml`. - -matrix_mautrix_instagram_configuration_extension: "{{ matrix_mautrix_instagram_configuration_extension_yaml|from_yaml if matrix_mautrix_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_instagram_configuration_yaml`. -matrix_mautrix_instagram_configuration: "{{ matrix_mautrix_instagram_configuration_yaml|from_yaml|combine(matrix_mautrix_instagram_configuration_extension, recursive=True) }}" - -matrix_mautrix_instagram_registration_yaml: | - id: instagram - as_token: "{{ matrix_mautrix_instagram_appservice_token }}" - hs_token: "{{ matrix_mautrix_instagram_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '^@instagram_.+:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$' - - exclusive: true - regex: '^@{{ matrix_mautrix_instagram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$' - url: {{ matrix_mautrix_instagram_appservice_address }} - # See https://github.com/mautrix/signal/issues/43 - sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }} - rate_limited: false - de.sorunome.msc2409.push_ephemeral: true - -matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml deleted file mode 100644 index c44855d8..00000000 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ /dev/null @@ -1,23 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}" - when: matrix_mautrix_instagram_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-instagram-registration.yaml"] }} - when: matrix_mautrix_instagram_enabled|bool diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/matrix-bridge-mautrix-instagram/tasks/main.yml deleted file mode 100644 index 7326e22d..00000000 --- a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_instagram_enabled|bool" - tags: - - setup-all - - setup-mautrix-instagram - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_instagram_enabled|bool" - tags: - - setup-all - - setup-mautrix-instagram - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_instagram_enabled|bool" - tags: - - setup-all - - setup-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml deleted file mode 100644 index 38a7f62e..00000000 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure Mautrix instagram image is pulled - docker_image: - name: "{{ matrix_mautrix_instagram_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" - when: not matrix_mautrix_instagram_container_image_self_build - -- name: Ensure Mautrix instagram paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mautrix_instagram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_instagram_data_path }}", when: true } - - { - path: "{{ matrix_mautrix_instagram_docker_src_files_path }}", - when: "{{ matrix_mautrix_instagram_container_image_self_build }}", - } - when: item.when|bool - -- name: Ensure Mautrix instagram repository is present on self-build - git: - repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}" - dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}" - force: "yes" - register: matrix_mautrix_instagram_git_pull_results - when: "matrix_mautrix_instagram_container_image_self_build|bool" - -- name: Ensure Mautrix instagram Docker image is built - docker_image: - name: "{{ matrix_mautrix_instagram_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_instagram_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_instagram_container_image_self_build|bool" - -- name: Ensure mautrix-instagram config.yaml installed - copy: - content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-instagram registration.yaml installed - copy: - content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-instagram.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" - mode: 0644 - register: matrix_mautrix_instagram_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_instagram_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml deleted file mode 100644 index c5c8a3e6..00000000 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Check existence of matrix-mautrix-instagram service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" - register: matrix_mautrix_instagram_service_stat - -- name: Ensure matrix-mautrix-instagram is stopped - service: - name: matrix-mautrix-instagram - state: stopped - daemon_reload: yes - when: "matrix_mautrix_instagram_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-instagram.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" - state: absent - when: "matrix_mautrix_instagram_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml deleted file mode 100644 index 24992ff5..00000000 --- a/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_instagram_appservice_token" - - "matrix_mautrix_instagram_homeserver_token" diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 deleted file mode 100644 index db57bd0d..00000000 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ /dev/null @@ -1,234 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_instagram_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_instagram_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - # Whether or not the homeserver supports asmux-specific endpoints, - # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically - # updating m.direct. - asmux: false - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_instagram_appservice_address }} - # When using https:// the TLS certificate and key files for the address. - tls_cert: false - tls_key: false - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29330 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. Only Postgres is currently supported. - database: {{ matrix_mautrix_instagram_appservice_database|to_json }} - # Additional arguments for asyncpg.create_pool() - # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool - database_opts: - min_size: 5 - max_size: 10 - - # The unique ID of this appservice. - id: instagram - # Username of the appservice bot. - bot_username: {{ matrix_mautrix_instagram_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: instagram bridge bot - bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv - - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+instagram:example.com". Set to false to disable. - community_id: false - - # Whether or not to receive ephemeral events via appservice transactions. - # Requires MSC2409 support (i.e. Synapse 1.22+). - # You should disable bridge -> sync_with_custom_puppets when this is enabled. - ephemeral_events: false - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_instagram_appservice_token }}" - hs_token: "{{ matrix_mautrix_instagram_homeserver_token }}" - -# Prometheus telemetry config. Requires prometheus-client to be installed. -metrics: - enabled: false - listen_port: 8000 - -instagram: - # Seed for generating devices. This is secret because the seed is used to generate - # device IDs, which can apparently be used to bypass two-factor authentication after - # logging out, because Instagram is insecure. - device_seed: generate - -# Bridge config -bridge: - # Localpart template of MXIDs for Instagram users. - # {userid} is replaced with the user ID of the Instagram user. - username_template: "instagram_{userid}" - # Displayname template for Instagram users. - # {displayname} is replaced with the display name of the Instagram user. - # {username} is replaced with the username of the Instagram user. - displayname_template: "{username} (Instagram)" - - # Maximum length of displayname - displayname_max_length: 100 - - # Maximum number of seconds since the last activity in a chat to automatically create portals. - portal_create_max_age: 86400 - # Maximum number of chats to fetch for startup sync - chat_sync_limit: 100 - # Whether or not to use /sync to get read receipts and typing notifications - # when double puppeting is enabled - sync_with_custom_puppets: true - # Whether or not to update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. - double_puppet_server_map: {} - # example.com: https://example.com - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - # If using this for other servers than the bridge's server, - # you must also set the URL in the double_puppet_server_map. - login_shared_secret_map: - {{ matrix_mautrix_instagram_bridge_login_shared_secret_map|to_json }} - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - # Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - # Settings for backfilling messages from Instagram. - backfill: - # Whether or not the Instagram users of logged in Matrix users should be - # invited to private chats when backfilling history from Instagram. This is - # usually needed to prevent rate limits and to allow timestamp massaging. - invite_own_puppet: true - # Maximum number of messages to backfill initially. - # Set to 0 to disable backfilling when creating portal. - initial_limit: 0 - # Maximum number of messages to backfill if messages were missed while - # the bridge was disconnected. - # Set to 0 to disable backfilling missed messages. - missed_limit: 1000 - # If using double puppeting, should notifications be disabled - # while the initial backfill is in progress? - disable_notifications: false - periodic_reconnect: - # Interval in seconds in which to automatically reconnect all users. - # This can be used to automatically mitigate the bug where Instagram stops sending messages. - # Set to -1 to disable periodic reconnections entirely. - interval: -1 - # Whether or not the bridge should backfill chats when reconnecting. - resync: true - # Should even disconnected users be reconnected? - always: false - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Options for automatic key sharing. - key_sharing: - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow: false - # Require the requesting device to have a valid cross-signing signature? - # This doesn't require that the bridge has verified the device, only that the user has verified it. - # Not yet implemented. - require_cross_signing: false - # Require devices to be verified by the bridge? - # Verification by the bridge is not yet implemented. - require_verification: true - # Whether or not to explicitly set the avatar and room name for private - # chat portal rooms. This will be implicitly enabled if encryption.default is true. - private_chat_portal_meta: false - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Instagram. - delivery_receipts: false - # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, - # except if the config file is not writable. - resend_bridge_info: false - # Whether or not unimportant bridge notices should be sent to the user. - # (e.g. connected, disconnected but will retry) - unimportant_bridge_notices: true - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!ig" - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "{{ matrix_mautrix_instagram_homeserver_domain }}": user - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). - provisioning: - # Whether or not the provisioning API should be enabled. - enabled: true - # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. - shared_secret: generate - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - colored: - (): mautrix_instagram.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - mauigpapi: - level: DEBUG - paho: - level: INFO - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 deleted file mode 100644 index 33a5bab3..00000000 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Instagram bridge -{% for service in matrix_mautrix_instagram_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mautrix_instagram_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instagram \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_instagram_config_path }}:/config:z \ - -v {{ matrix_mautrix_instagram_data_path }}:/data:z \ - {% for arg in matrix_mautrix_instagram_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_instagram_docker_image }} \ - python3 -m mautrix_instagram -c /config/config.yaml --no-update - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-instagram - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml deleted file mode 100644 index 93993fa1..00000000 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ /dev/null @@ -1,123 +0,0 @@ -# mautrix-signal is a Matrix <-> Signal bridge -# See: https://github.com/mautrix/signal - -matrix_mautrix_signal_enabled: true - -matrix_mautrix_signal_container_self_build: false -matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" -matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" - -matrix_mautrix_signal_version: latest -matrix_mautrix_signal_daemon_version: latest -# See: https://mau.dev/mautrix/signal/container_registry -matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" -matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" - -matrix_mautrix_signal_daemon_container_self_build: false -matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" -matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" - -matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}" -matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" - -matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" -matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" -matrix_mautrix_signal_daemon_path: "{{ matrix_mautrix_signal_base_path }}/signald" - -matrix_mautrix_signal_homeserver_address: '' -matrix_mautrix_signal_homeserver_domain: '' -matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' - -# Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. -matrix_mautrix_signal_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_mautrix_signal_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-signal.service depends on. -matrix_mautrix_signal_systemd_required_services_list: - - 'docker.service' - - 'matrix-mautrix-signal-daemon.service' - -# List of systemd services that matrix-mautrix-signal.service wants -matrix_mautrix_signal_systemd_wanted_services_list: [] - -# List of systemd services that matrix-mautrix-signal-daemon.service depends on. -matrix_mautrix_signal_daemon_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-signal-daemon.service wants -matrix_mautrix_signal_daemon_systemd_wanted_services_list: [] - -matrix_mautrix_signal_appservice_token: '' -matrix_mautrix_signal_homeserver_token: '' - -matrix_mautrix_signal_appservice_bot_username: signalbot - -# Database-related configuration fields -# -# This bridge only supports postgres. -# -matrix_mautrix_signal_database_engine: 'postgres' - -matrix_mautrix_signal_database_username: 'matrix_mautrix_signal' -matrix_mautrix_signal_database_password: 'some-password' -matrix_mautrix_signal_database_hostname: 'matrix-postgres' -matrix_mautrix_signal_database_port: 5432 -matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' - -matrix_mautrix_signal_database_connection_string: 'postgres://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}' - -matrix_mautrix_signal_appservice_database: "{{ - { - 'postgres': matrix_mautrix_signal_database_connection_string, - }[matrix_mautrix_signal_database_engine] - }}" - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_signal_login_shared_secret: '' - -# Enable bridge relay bot functionality -matrix_mautrix_signal_relaybot_enabled: false - -# Permissions for using the bridge. -# Permitted values: -# relay - Allowed to be relayed through the bridge, no access to commands. -# user - Use the bridge with puppeting. -# admin - Use and administrate the bridge. -# Permitted keys: -# * - All Matrix users -# domain - All users on that homeserver -# mxid - Specific user -matrix_mautrix_signal_bridge_permissions: | - '*': relay - '{{ matrix_mautrix_signal_homeserver_domain }}': user - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_signal_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_signal_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_signal_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_signal_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_signal_configuration_yaml`. - -matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml|from_yaml if matrix_mautrix_signal_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`. -matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" - -matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}" - -matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}" - -matrix_mautrix_signal_log_level: 'DEBUG' diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml deleted file mode 100644 index 6133e865..00000000 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ /dev/null @@ -1,16 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" - when: matrix_mautrix_signal_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-signal-registration.yaml"] }} - when: matrix_mautrix_signal_enabled|bool diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/matrix-bridge-mautrix-signal/tasks/main.yml deleted file mode 100644 index edca20e6..00000000 --- a/roles/matrix-bridge-mautrix-signal/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_signal_enabled|bool" - tags: - - setup-all - - setup-mautrix-signal - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_signal_enabled|bool" - tags: - - setup-all - - setup-mautrix-signal - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_signal_enabled|bool" - tags: - - setup-all - - setup-mautrix-signal diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml deleted file mode 100644 index 88710868..00000000 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ /dev/null @@ -1,118 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure Mautrix Signal image is pulled - docker_image: - name: "{{ matrix_mautrix_signal_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" - when: "not matrix_mautrix_signal_container_self_build|bool" - - -- name: Ensure Mautrix Signal repository is present on self-build - git: - repo: "{{ matrix_mautrix_signal_docker_repo }}" - dest: "{{ matrix_mautrix_signal_docker_src_files_path }}" - force: "yes" - register: matrix_mautrix_signal_git_pull_results - when: "matrix_mautrix_signal_container_self_build|bool" - -- name: Ensure Mautrix Signal image is built - docker_image: - name: "{{ matrix_mautrix_signal_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_signal_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_signal_container_self_build|bool" - - -- name: Ensure Mautrix Signal Daemon image is pulled - docker_image: - name: "{{ matrix_mautrix_signal_daemon_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}" - when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_self_build|bool - register: matrix_mautrix_signal_daemon_pull_results - -- name: Ensure Mautrix Signal Daemon repository is present on self-build - git: - repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}" - dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" - force: "yes" - register: matrix_mautrix_signal_daemon_git_pull_results - when: "matrix_mautrix_signal_daemon_container_self_build|bool" - -- name: Ensure Mautrix Signal Daemon image is built - docker_image: - name: "{{ matrix_mautrix_signal_daemon_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_signal_daemon_container_self_build|bool" - -- name: Ensure Mautrix Signal paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_mautrix_signal_base_path }}" - - "{{ matrix_mautrix_signal_config_path }}" - - "{{ matrix_mautrix_signal_daemon_path }}" - - "{{ matrix_mautrix_signal_daemon_path }}/avatars" - - "{{ matrix_mautrix_signal_daemon_path }}/attachments" - - "{{ matrix_mautrix_signal_daemon_path }}/data" - -- name: Ensure mautrix-signal config.yaml installed - copy: - content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-signal registration.yaml installed - copy: - content: "{{ matrix_mautrix_signal_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-signal-daemon.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" - mode: 0644 - register: matrix_mautrix_signal_daemon_systemd_service_result - -- name: Ensure matrix-mautrix-signal.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" - mode: 0644 - register: matrix_mautrix_signal_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-signal.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml deleted file mode 100644 index 2ca6a9a9..00000000 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -# Signal daemon service -- name: Check existence of matrix-mautrix-signal-daemon service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" - register: matrix_mautrix_signal_daemon_service_stat - -- name: Ensure matrix-mautrix-signal-daemon is stopped - service: - name: matrix-mautrix-signal-daemon - state: stopped - daemon_reload: yes - when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-signal-daemon.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" - state: absent - when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" - -# Bridge service -- name: Check existence of matrix-mautrix-signal service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" - register: matrix_mautrix_signal_service_stat - -- name: Ensure matrix-mautrix-signal is stopped - service: - name: matrix-mautrix-signal - state: stopped - daemon_reload: yes - when: "matrix_mautrix_signal_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-signal.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" - state: absent - when: "matrix_mautrix_signal_service_stat.stat.exists" - -# All services -- name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml deleted file mode 100644 index 100af3f8..00000000 --- a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_signal_homeserver_domain" - - "matrix_mautrix_signal_homeserver_address" - - "matrix_mautrix_signal_homeserver_token" - - "matrix_mautrix_signal_appservice_token" - -- name: (Deprecation) Catch and report renamed Signal variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_mautrix_signal_container_exposed_port_number', 'new': ''} - - {'old': 'matrix_mautrix_signal_db_user', 'new': 'matrix_mautrix_signal_database_username'} - - {'old': 'matrix_mautrix_signal_db_password', 'new': 'matrix_mautrix_signal_database_password'} - - {'old': 'matrix_mautrix_signal_db_database', 'new': 'matrix_mautrix_signal_database_name'} - - {'old': 'matrix_mautrix_signal_db_host', 'new': 'matrix_mautrix_signal_database_hostname'} - - {'old': 'matrix_mautrix_signal_db_port', 'new': 'matrix_mautrix_signal_database_port'} - - {'old': 'matrix_mautrix_signal_db_url', 'new': 'matrix_mautrix_signal_database_connection_string'} - - {'old': 'matrix_mautrix_signal_configuration_permissions', 'new': ''} diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 deleted file mode 100644 index 19c3ba05..00000000 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ /dev/null @@ -1,239 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_signal_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_signal_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - asmux: false - # Number of retries for all HTTP requests if the homeserver isn't reachable. - http_retry_count: 4 - # The URL to push real-time bridge status to. - # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. - # The bridge will use the appservice as_token to authorize requests. - status_endpoint: null - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_signal_appservice_address }} - # When using https:// the TLS certificate and key files for the address. - tls_cert: false - tls_key: false - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29328 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. Only Postgres is currently supported. - database: {{ matrix_mautrix_signal_database_connection_string }} - # Additional arguments for asyncpg.create_pool() - # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool - database_opts: - min_size: 5 - max_size: 10 - - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). - provisioning: - # Whether or not the provisioning API should be enabled. - enabled: true - # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. - shared_secret: generate - - # The unique ID of this appservice. - id: signal - # Username of the appservice bot. - bot_username: {{ matrix_mautrix_signal_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Signal bridge bot - bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+signal:example.com". Set to false to disable. - community_id: false - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_signal_appservice_token }}" - hs_token: "{{ matrix_mautrix_signal_homeserver_token }}" - -# Prometheus telemetry config. Requires prometheus-client to be installed. -metrics: - enabled: false - listen_port: 8000 - -signal: - # Path to signald unix socket - socket_path: /signald/signald.sock - # Directory for temp files when sending files to Signal. This should be an - # absolute path that signald can read. For attachments in the other direction, - # make sure signald is configured to use an absolute path as the data directory. - outgoing_attachment_dir: /signald/attachments - # Directory where signald stores avatars for groups. - avatar_dir: /signald/avatars - # Directory where signald stores auth data. Used to delete data when logging out. - data_dir: /signald/data - # Whether or not unknown signald accounts should be deleted when the bridge is started. - # When this is enabled, any UserInUse errors should be resolved by restarting the bridge. - delete_unknown_accounts_on_start: false - # Whether or not message attachments should be removed from disk after they're bridged. - remove_file_after_handling: true - -# Bridge config -bridge: - # Localpart template of MXIDs for Signal users. - # {userid} is replaced with an identifier for the Signal user. - username_template: "signal_{userid}" - # Displayname template for Signal users. - # {displayname} is replaced with the displayname of the Signal user, which is the first - # available variable in displayname_preference. The variables in displayname_preference - # can also be used here directly. - displayname_template: "{displayname} (Signal)" - # Possible values: disallow, allow, prefer - # - # Multi-user instances are recommended to disallow contact list names, as otherwise there can - # be conflicts between names from different users' contact lists. - contact_list_names: disallow - # Available variables: full_name, first_name, last_name, phone, uuid - displayname_preference: - - full_name - - phone - - # Whether or not to create portals for all groups on login/connect. - autocreate_group_portal: true - # Whether or not to create portals for all contacts on login/connect. - autocreate_contact_portal: false - # Whether or not to use /sync to get read receipts and typing notifications - # when double puppeting is enabled - sync_with_custom_puppets: true - # Whether or not to update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. - double_puppet_server_map: {} - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - # If using this for other servers than the bridge's server, - # you must also set the URL in the double_puppet_server_map. - login_shared_secret_map: - {{ matrix_mautrix_signal_homeserver_domain }}: {{ matrix_mautrix_signal_login_shared_secret|to_json }} - # Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - # End-to-bridge encryption support options. You must install the e2be optional dependency for - # this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Options for automatic key sharing. - key_sharing: - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow: false - # Require the requesting device to have a valid cross-signing signature? - # This doesn't require that the bridge has verified the device, only that the user has verified it. - # Not yet implemented. - require_cross_signing: false - # Require devices to be verified by the bridge? - # Verification by the bridge is not yet implemented. - require_verification: true - # Whether or not to explicitly set the avatar and room name for private - # chat portal rooms. This will be implicitly enabled if encryption.default is true. - private_chat_portal_meta: false - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Signal. This let's you check manually whether the bridge is receiving your - # messages. - # Note that this is not related to Signal delivery receipts. - delivery_receipts: false - # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) - delivery_error_reports: false - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, - # except if the config file is not writable. - resend_bridge_info: false - # Interval at which to resync contacts. - periodic_sync: 0 - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!signal" - - # Permissions for using the bridge. - # Permitted values: - # relay - Allowed to be relayed through the bridge, no access to commands. - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - - relay: - # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any - # authenticated user into a relaybot for that chat. - enabled: {{ matrix_mautrix_signal_relaybot_enabled }} - # The formats to use when sending messages to Signal via a relay user. - # - # Available variables: - # $sender_displayname - The display name of the sender (e.g. Example User) - # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) - # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) - # $message - The message content - message_formats: - m.text: '$sender_displayname: $message' - m.notice: '$sender_displayname: $message' - m.emote: '* $sender_displayname $message' - m.file: '$sender_displayname sent a file' - m.image: '$sender_displayname sent an image' - m.audio: '$sender_displayname sent an audio file' - m.video: '$sender_displayname sent a video' - m.location: '$sender_displayname sent a location' - - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - colored: - (): mautrix_signal.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: {{ matrix_mautrix_signal_log_level }} - aiohttp: - level: INFO - root: - level: {{ matrix_mautrix_signal_log_level }} - handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 deleted file mode 100644 index 32e913a1..00000000 --- a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ -#jinja2: lstrip_blocks: "True" -id: signal -as_token: "{{ matrix_mautrix_signal_appservice_token }}" -hs_token: "{{ matrix_mautrix_signal_homeserver_token }}" -namespaces: - users: - - exclusive: true - regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' - - exclusive: true - regex: '^@{{ matrix_mautrix_signal_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' - aliases: - - exclusive: true - regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' -url: {{ matrix_mautrix_signal_appservice_address }} -# See https://github.com/mautrix/signal/issues/43 -sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }} -rate_limited: false -de.sorunome.msc2409.push_ephemeral: true diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 deleted file mode 100644 index 6f128da3..00000000 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ /dev/null @@ -1,41 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Signal daemon - -{% for service in matrix_mautrix_signal_daemon_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} - -{% for service in matrix_mautrix_signal_daemon_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" - -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -# We can't use `--read-only` for this bridge. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ - {{ matrix_mautrix_signal_daemon_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' - -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-signal-daemon - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 deleted file mode 100644 index e3e02424..00000000 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ /dev/null @@ -1,48 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Signal server - -{% for service in matrix_mautrix_signal_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} - -{% for service in matrix_mautrix_signal_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% if matrix_mautrix_signal_container_http_host_bind_port %} - -p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \ - {% endif %} - -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ - -v {{ matrix_mautrix_signal_config_path }}:/config:z \ - {% for arg in matrix_mautrix_signal_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_signal_docker_image }} \ - python3 -m mautrix_signal -c /config/config.yaml --no-update - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' - -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-signal - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml deleted file mode 100644 index a105621a..00000000 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ /dev/null @@ -1,132 +0,0 @@ -# mautrix-telegram is a Matrix <-> Telegram bridge -# See: https://github.com/mautrix/telegram - -matrix_mautrix_telegram_enabled: true - -matrix_telegram_lottieconverter_container_self_build: false -matrix_telegram_lottieconverter_container_self_build_mask_arch: false -matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" -matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram - -matrix_mautrix_telegram_container_self_build: false -matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" -matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" - -matrix_mautrix_telegram_version: v0.10.1 -# See: https://mau.dev/mautrix/telegram/container_registry -matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" -matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" - -matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" -matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config" -matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data" - -# Get your own API keys at https://my.telegram.org/apps -matrix_mautrix_telegram_api_id: '' -matrix_mautrix_telegram_api_hash: '' -matrix_mautrix_telegram_bot_token: disabled - -# Mautrix telegram public endpoint to log in to telegram -# Use an uuid so it's not easily discoverable. -# Example: /741a0483-ba17-4682-9900-30bd7269f1cc -matrix_mautrix_telegram_public_endpoint: '' - -matrix_mautrix_telegram_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' -matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}' - -matrix_mautrix_telegram_appservice_bot_username: telegrambot - -# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. -matrix_mautrix_telegram_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_mautrix_telegram_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-telegram.service depends on. -matrix_mautrix_telegram_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-telegram.service wants -matrix_mautrix_telegram_systemd_wanted_services_list: [] - -matrix_mautrix_telegram_appservice_token: '' -matrix_mautrix_telegram_homeserver_token: '' - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables -matrix_mautrix_telegram_database_engine: 'sqlite' - -matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db" -matrix_mautrix_telegram_sqlite_database_path_in_container: "/data/mautrix-telegram.db" - -matrix_mautrix_telegram_database_username: 'matrix_mautrix_telegram' -matrix_mautrix_telegram_database_password: 'some-password' -matrix_mautrix_telegram_database_hostname: 'matrix-postgres' -matrix_mautrix_telegram_database_port: 5432 -matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram' - -matrix_mautrix_telegram_database_connection_string: 'postgres://{{ matrix_mautrix_telegram_database_username }}:{{ matrix_mautrix_telegram_database_password }}@{{ matrix_mautrix_telegram_database_hostname }}:{{ matrix_mautrix_telegram_database_port }}/{{ matrix_mautrix_telegram_database_name }}' - -matrix_mautrix_telegram_appservice_database: "{{ - { - 'sqlite': ('sqlite:///' + matrix_mautrix_telegram_sqlite_database_path_in_container), - 'postgres': matrix_mautrix_telegram_database_connection_string, - }[matrix_mautrix_telegram_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_telegram_login_shared_secret: '' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_telegram_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_telegram_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_telegram_configuration_yaml`. - -matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_configuration_extension_yaml|from_yaml if matrix_mautrix_telegram_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`. -matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" - -matrix_mautrix_telegram_registration_yaml: | - id: telegram - as_token: "{{ matrix_mautrix_telegram_appservice_token }}" - hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' - - exclusive: true - regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' - aliases: - - exclusive: true - regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' - # See https://github.com/mautrix/signal/issues/43 - sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} - url: {{ matrix_mautrix_telegram_appservice_address }} - rate_limited: false - de.sorunome.msc2409.push_ephemeral: true - -matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml deleted file mode 100644 index 84ac86d0..00000000 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ /dev/null @@ -1,70 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build and matrix_mautrix_telegram_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}" - when: matrix_mautrix_telegram_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-telegram-registration.yaml"] }} - when: matrix_mautrix_telegram_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-telegram:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9006; - {% endif %} - } - - - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_mautrix_telegram_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` - URL endpoint to the matrix-mautrix-telegram container. - You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "matrix_mautrix_telegram_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml deleted file mode 100644 index 8a218ed8..00000000 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool" - tags: - - setup-all - - setup-mautrix-telegram - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool" - tags: - - setup-all - - setup-mautrix-telegram - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mautrix_telegram_enabled|bool" - tags: - - setup-all - - setup-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml deleted file mode 100644 index e2e583f2..00000000 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ /dev/null @@ -1,150 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_mautrix_telegram_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" - register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" - dst: "{{ matrix_mautrix_telegram_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mautrix_telegram_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mautrix-telegram.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mautrix_telegram_requires_restart: true - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mautrix_telegram_database_engine == 'postgres'" - -- name: Ensure Mautrix Telegram paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mautrix_telegram_base_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_config_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_data_path }}", when: true } - - { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_self_build }}" } - when: item.when|bool - -- name: Ensure Mautrix Telegram image is pulled - docker_image: - name: "{{ matrix_mautrix_telegram_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" - when: "not matrix_mautrix_telegram_container_self_build|bool" - -- name: Ensure lottieconverter is present when self-building - git: - repo: "{{ matrix_telegram_lottieconverter_docker_repo }}" - dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" - force: "yes" - register: matrix_telegram_lottieconverter_git_pull_results - when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_mautrix_telegram_container_self_build|bool" - -- name: Ensure lottieconverter Docker image is built - docker_image: - name: "{{ matrix_telegram_lottieconverter_docker_image }}" - source: build - force_source: "{{ matrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_telegram_lottieconverter_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}" - pull: yes - when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_self_build|bool" - -- name: Ensure matrix-mautrix-telegram repository is present when self-building - git: - repo: "{{ matrix_mautrix_telegram_docker_repo }}" - dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}" - force: "yes" - register: matrix_mautrix_telegram_git_pull_results - when: "matrix_mautrix_telegram_container_self_build|bool" - -- name: Ensure matrix-mautrix-telegram Docker image is built - docker_image: - name: "{{ matrix_mautrix_telegram_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_telegram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_telegram_docker_src_files_path }}" - pull: "{{ not matrix_telegram_lottieconverter_container_self_build_mask_arch|bool }}" - args: - TARGETARCH: "" - when: "matrix_mautrix_telegram_container_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed" - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db" - register: matrix_mautrix_telegram_stat_database - -- name: (Data relocation) Ensure matrix-mautrix-telegram.service is stopped - service: - name: matrix-mautrix-telegram - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mautrix_telegram_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-telegram database file to ./data directory - command: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db" - when: "matrix_mautrix_telegram_stat_database.stat.exists" - -- name: Ensure mautrix-telegram config.yaml installed - copy: - content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_telegram_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-telegram registration.yaml installed - copy: - content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_telegram_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-telegram.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" - mode: 0644 - register: matrix_mautrix_telegram_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_telegram_systemd_service_result.changed" - -- name: Ensure matrix-mautrix-telegram.service restarted, if necessary - service: - name: "matrix-mautrix-telegram.service" - state: restarted - when: "matrix_mautrix_telegram_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml deleted file mode 100644 index b14bd737..00000000 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mautrix-telegram service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" - register: matrix_mautrix_telegram_service_stat - -- name: Ensure matrix-mautrix-telegram is stopped - service: - name: matrix-mautrix-telegram - state: stopped - daemon_reload: yes - when: "matrix_mautrix_telegram_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-telegram.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" - state: absent - when: "matrix_mautrix_telegram_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml deleted file mode 100644 index 5b1f3b00..00000000 --- a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_telegram_api_id" - - "matrix_mautrix_telegram_api_hash" - - "matrix_mautrix_telegram_public_endpoint" - - "matrix_mautrix_telegram_appservice_token" - - "matrix_mautrix_telegram_homeserver_token" - -- name: (Deprecation) Catch and report renamed Telegram variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': ''} diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 deleted file mode 100644 index 39a18462..00000000 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ /dev/null @@ -1,419 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_telegram_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_telegram_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_telegram_appservice_address|to_json }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: {{ matrix_mautrix_telegram_appservice_database|to_json }} - - # Public part of web server for out-of-Matrix interaction with the bridge. - # Used for things like login if the user wants to make sure the 2FA password isn't stored in - # the HS database. - public: - # Whether or not the public-facing endpoints should be enabled. - enabled: true - # The prefix to use in the public-facing endpoints. - prefix: {{ matrix_mautrix_telegram_public_endpoint|to_json }} - # The base URL where the public-facing endpoints are available. The prefix is not added - # implicitly. - external: {{ matrix_mautrix_telegram_appservice_public_external|to_json }} - - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like Dimension (https://dimension.t2bot.io/). - provisioning: - # Whether or not the provisioning API should be enabled. - enabled: false - # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. - shared_secret: generate - - # The unique ID of this appservice. - id: telegram - # Username of the appservice bot. - bot_username: {{ matrix_mautrix_telegram_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Telegram bridge bot - bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX - - # Authentication tokens for AS <-> HS communication. - as_token: {{ matrix_mautrix_telegram_appservice_token|to_json }} - hs_token: {{ matrix_mautrix_telegram_homeserver_token|to_json }} - -# Bridge config -bridge: - # Localpart template of MXIDs for Telegram users. - # {userid} is replaced with the user ID of the Telegram user. - username_template: "telegram_{userid}" - # Localpart template of room aliases for Telegram portal rooms. - # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) - alias_template: "telegram_{groupname}" - # Displayname template for Telegram users. - # {displayname} is replaced with the display name of the Telegram user. - displayname_template: "{displayname} (Telegram)" - - # Set the preferred order of user identifiers which to use in the Matrix puppet display name. - # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user - # ID is used. - # - # If the bridge is working properly, a phone number or an username should always be known, but - # the other one can very well be empty. - # - # Valid keys: - # "full name" (First and/or last name) - # "full name reversed" (Last and/or first name) - # "first name" - # "last name" - # "username" - # "phone number" - displayname_preference: - - full name - - username - - phone number - # Maximum length of displayname - displayname_max_length: 100 - - # Maximum number of members to sync per portal when starting up. Other members will be - # synced when they send messages. The maximum is 10000, after which the Telegram server - # will not send any more members. - # Defaults to no local limit (-> limited to 10000 by server) - max_initial_member_sync: -1 - # Whether or not to sync the member list in channels. - # If no channel admins have logged into the bridge, the bridge won't be able to sync the member - # list regardless of this setting. - sync_channel_members: true - # Whether or not to skip deleted members when syncing members. - skip_deleted_members: true - # Whether or not to automatically synchronize contacts and chats of Matrix users logged into - # their Telegram account at startup. - startup_sync: true - # Number of most recently active dialogs to check when syncing chats. - # Dialogs include groups and private chats, but only groups are synced. - # Set to 0 to remove limit. - sync_dialog_limit: 30 - # Whether or not to sync and create portals for direct chats at startup. - sync_direct_chats: false - # The maximum number of simultaneous Telegram deletions to handle. - # A large number of simultaneous redactions could put strain on your homeserver. - max_telegram_delete: 10 - # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) - # at startup and when creating a bridge. - sync_matrix_state: true - # Allow logging in within Matrix. If false, users can only log in using login-qr or the - # out-of-Matrix login website (see appservice.public config section) - allow_matrix_login: true - # Whether or not to bridge plaintext highlights. - # Only enable this if your displayname_template has some static part that the bridge can use to - # reliably identify what is a plaintext highlight. - plaintext_highlights: false - # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. - public_portals: true - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your Telegram account. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }} - # Set to false to disable link previews in messages sent to Telegram. - telegram_link_preview: true - # Use inline images instead of a separate message for the caption. - # N.B. Inline images are not supported on all clients (e.g. Element iOS). - inline_images: false - # Maximum size of image in megabytes before sending to Telegram as a document. - image_as_file_size: 10 - # Maximum size of Telegram documents in megabytes to bridge. - max_document_size: 100 - # Enable experimental parallel file transfer, which makes uploads/downloads much faster by - # streaming from/to Matrix and using many connections for Telegram. - # Note that generating HQ thumbnails for videos is not possible with streamed transfers. - parallel_file_transfer: false - # Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - # Settings for converting animated stickers. - animated_sticker: - # Format to which animated stickers should be converted. - # disable - No conversion, send as-is (gzipped lottie) - # png - converts to non-animated png (fastest), - # gif - converts to animated gif, but loses transparency - # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support - target: gif - # Arguments for converter. All converters take width and height. - # GIF converter takes background as a hex color. - args: - width: 256 - height: 256 - background: "020202" # only for gif - fps: 30 # only for webm - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Database for the encryption data. Currently only supports Postgres and an in-memory - # store that's persisted as a pickle. - # If set to `default`, will use the appservice postgres database - # or a pickle file if the appservice database is sqlite. - # - # Format examples: - # Pickle: pickle:///filename.pickle - # Postgres: postgres://username:password@hostname/dbname - database: default - - # Whether or not to explicitly set the avatar and room name for private - # chat portal rooms. This will be implicitly enabled if encryption.default is true. - private_chat_portal_meta: false - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Telegram. - delivery_receipts: false - # Whether or not delivery errors should be reported as messages in the Matrix room. - delivery_error_reports: false - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, - # except if the config file is not writable. - resend_bridge_info: false - - # Overrides for base power levels. - initial_power_level_overrides: - user: {} - group: {} - - # Whether to bridge Telegram bot messages as m.notices or m.texts. - bot_messages_as_notices: true - bridge_notices: - # Whether or not Matrix bot messages (type m.notice) should be bridged. - default: false - # List of user IDs for whom the previous flag is flipped. - # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but - # notices from users listed here will be bridged. - exceptions: [] - - # Some config options related to Telegram message deduplication. - # The default values are usually fine, but some debug messages/warnings might recommend you - # change these. - deduplication: - # Whether or not to check the database if the message about to be sent is a duplicate. - pre_db_check: false - # The number of latest events to keep when checking for duplicates. - # You might need to increase this on high-traffic bridge instances. - cache_queue_length: 20 - - - # The formats to use when sending messages to Telegram via the relay bot. - # - # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users. - # - # Available variables: - # $sender_displayname - The display name of the sender (e.g. Example User) - # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) - # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) - # $message - The message content as HTML - message_formats: - m.text: "$sender_displayname: $message" - m.notice: "$sender_displayname: $message" - m.emote: "* $sender_displayname $message" - m.file: "$sender_displayname sent a file: $message" - m.image: "$sender_displayname sent an image: $message" - m.audio: "$sender_displayname sent an audio file: $message" - m.video: "$sender_displayname sent a video: $message" - m.location: "$sender_displayname sent a location: $message" - # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated - # users are sent to telegram. All fields in message_formats are supported. Additionally, the - # Telegram user info is available in the following variables: - # $displayname - Telegram displayname - # $username - Telegram username (may not exist) - # $mention - Telegram @username or displayname mention (depending on which exists) - emote_format: "* $mention $formatted_body" - - # The formats to use when sending state events to Telegram via the relay bot. - # - # Variables from `message_formats` that have the `sender_` prefix are available without the prefix. - # In name_change events, `$prev_displayname` is the previous displayname. - # - # Set format to an empty string to disable the messages for that event. - state_event_formats: - join: "$displayname joined the room." - leave: "$displayname left the room." - name_change: "$prev_displayname changed their name to $displayname" - - # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and - # `filter-mode` management commands. - # - # Filters do not affect direct chats. - # An empty blacklist will essentially disable the filter. - filter: - # Filter mode to use. Either "blacklist" or "whitelist". - # If the mode is "blacklist", the listed chats will never be bridged. - # If the mode is "whitelist", only the listed chats can be bridged. - mode: blacklist - # The list of group/channel IDs to filter. - list: [] - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tg" - - # Permissions for using the bridge. - # Permitted values: - # relaybot - Only use the bridge via the relaybot, no access to commands. - # user - Relaybot level + access to commands to create bridges. - # puppeting - User level + logging in with a Telegram account. - # full - Full access to use the bridge, i.e. previous levels + Matrix login. - # admin - Full access to use the bridge and some extra administration commands. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_telegram_homeserver_domain }}': full - - # Options related to the message relay Telegram bot. - relaybot: - private_chat: - # List of users to invite to the portal when someone starts a private chat with the bot. - # If empty, private chats with the bot won't create a portal. - invite: [] - # Whether or not to bridge state change messages in relaybot private chats. - state_changes: true - # When private_chat_invite is empty, this message is sent to users /starting the - # relaybot. Telegram's "markdown" is supported. - message: This is a Matrix bridge relaybot and does not support direct chats - # List of users to invite to all group chat portals created by the bridge. - group_chat_invite: [] - # Whether or not the relaybot should not bridge events in unbridged group chats. - # If false, portals will be created when the relaybot receives messages, just like normal - # users. This behavior is usually not desirable, as it interferes with manually bridging - # the chat to another room. - ignore_unbridged_group_chat: true - # Whether or not to allow creating portals from Telegram. - authless_portals: true - # Whether or not to allow Telegram group admins to use the bot commands. - whitelist_group_admins: true - # Whether or not to ignore incoming events sent by the relay bot. - ignore_own_incoming_events: true - # List of usernames/user IDs who are also allowed to use the bot commands. - whitelist: [] - -# Telegram config -telegram: - # Get your own API keys at https://my.telegram.org/apps - api_id: {{ matrix_mautrix_telegram_api_id|to_json }} - api_hash: {{ matrix_mautrix_telegram_api_hash|to_json }} - # (Optional) Create your own bot at https://t.me/BotFather - bot_token: {{ matrix_mautrix_telegram_bot_token|to_json }} - - # Telethon connection options. - connection: - # The timeout in seconds to be used when connecting. - timeout: 120 - # How many times the reconnection should retry, either on the initial connection or when - # Telegram disconnects us. May be set to a negative or null value for infinite retries, but - # this is not recommended, since the program can get stuck in an infinite loop. - retries: 5 - # The delay in seconds to sleep between automatic reconnections. - retry_delay: 1 - # The threshold below which the library should automatically sleep on flood wait errors - # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold - # is 20s, the library will sleep automatically. If the error was for 21s, it would raise - # the error instead. Values larger than a day (86400) will be changed to a day. - flood_sleep_threshold: 60 - # How many times a request should be retried. Request are retried when Telegram is having - # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when - # there's a migrate error. May take a negative or null value for infinite retries, but this - # is not recommended, since some requests can always trigger a call fail (such as searching - # for messages). - request_retries: 5 - - # Device info sent to Telegram. - device_info: - # "auto" = OS name+version. - device_model: auto - # "auto" = Telethon version. - system_version: auto - # "auto" = mautrix-telegram version. - app_version: auto - lang_code: en - system_lang_code: en - - # Custom server to connect to. - server: - # Set to true to use these server settings. If false, will automatically - # use production server assigned by Telegram. Set to false in production. - enabled: false - # The DC ID to connect to. - dc: 2 - # The IP to connect to. - ip: 149.154.167.40 - # The port to connect to. 443 may not work, 80 is better and both are equally secure. - port: 80 - - # Telethon proxy configuration. - # You must install PySocks from pip for proxies to work. - proxy: - # Allowed types: disabled, socks4, socks5, http - type: disabled - # Proxy IP address and port. - address: 127.0.0.1 - port: 1080 - # Whether or not to perform DNS resolving remotely. - rdns: true - # Proxy authentication (optional). - username: "" - password: "" - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - precise: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: precise - loggers: - mau: - level: DEBUG - telethon: - level: DEBUG - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 deleted file mode 100644 index ae1ac675..00000000 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ /dev/null @@ -1,54 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Telegram bridge -{% for service in matrix_mautrix_telegram_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mautrix_telegram_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' -ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_telegram_config_path }}:/config:z \ - -v {{ matrix_mautrix_telegram_data_path }}:/data:z \ - {{ matrix_mautrix_telegram_docker_image }} \ - alembic -x config=/config/config.yaml upgrade head - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_mautrix_telegram_container_http_host_bind_port %} - -p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \ - {% endif %} - -v {{ matrix_mautrix_telegram_config_path }}:/config:z \ - -v {{ matrix_mautrix_telegram_data_path }}:/data:z \ - {% for arg in matrix_mautrix_telegram_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_telegram_docker_image }} \ - python3 -m mautrix_telegram -c /config/config.yaml --no-update - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-telegram - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml deleted file mode 100644 index 7409fb4d..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ /dev/null @@ -1,116 +0,0 @@ -# mautrix-whatsapp is a Matrix <-> Whatsapp bridge -# See: https://github.com/mautrix/whatsapp - -matrix_mautrix_whatsapp_enabled: true - -matrix_mautrix_whatsapp_container_image_self_build: false -matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" -matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" - -matrix_mautrix_whatsapp_version: latest -# See: https://mau.dev/mautrix/whatsapp/container_registry -matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" -matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" - -matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" -matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config" -matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data" -matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_path }}/docker-src" - -matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" -matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" - -# A list of extra arguments to pass to the container -matrix_mautrix_whatsapp_container_extra_arguments: [] - -# List of systemd services that matrix-mautrix-whatsapp.service depends on. -matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-mautrix-whatsapp.service wants -matrix_mautrix_whatsapp_systemd_wanted_services_list: [] - -matrix_mautrix_whatsapp_appservice_token: '' -matrix_mautrix_whatsapp_homeserver_token: '' - -matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_mautrix_whatsapp_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_mautrix_whatsapp_postgres_*` variables -matrix_mautrix_whatsapp_database_engine: 'sqlite' - -matrix_mautrix_whatsapp_sqlite_database_path_local: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" -matrix_mautrix_whatsapp_sqlite_database_path_in_container: "/data/mautrix-whatsapp.db" - -matrix_mautrix_whatsapp_database_username: 'matrix_mautrix_whatsapp' -matrix_mautrix_whatsapp_database_password: 'some-password' -matrix_mautrix_whatsapp_database_hostname: 'matrix-postgres' -matrix_mautrix_whatsapp_database_port: 5432 -matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' - -matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode=disable' - -matrix_mautrix_whatsapp_appservice_database_type: "{{ - { - 'sqlite': 'sqlite3', - 'postgres':'postgres', - }[matrix_mautrix_whatsapp_database_engine] -}}" - -matrix_mautrix_whatsapp_appservice_database_uri: "{{ - { - 'sqlite': matrix_mautrix_whatsapp_sqlite_database_path_in_container, - 'postgres': matrix_mautrix_whatsapp_database_connection_string, - }[matrix_mautrix_whatsapp_database_engine] -}}" - - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_whatsapp_login_shared_secret: '' - -# Default mautrix-whatsapp configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mautrix_whatsapp_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mautrix_whatsapp_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mautrix_whatsapp_configuration_yaml`. - -matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml if matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_whatsapp_configuration_yaml`. -matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml|from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}" - -matrix_mautrix_whatsapp_registration_yaml: | - id: whatsapp - url: {{ matrix_mautrix_whatsapp_appservice_address }} - as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" - hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" - # See https://github.com/mautrix/signal/issues/43 - sender_localpart: _bot_{{ matrix_mautrix_whatsapp_appservice_bot_username }} - rate_limited: false - namespaces: - users: - - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$' - exclusive: true - - exclusive: true - regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$' - de.sorunome.msc2409.push_ephemeral: true - -matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml deleted file mode 100644 index f320bc74..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ /dev/null @@ -1,16 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" - when: matrix_mautrix_whatsapp_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }} - when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml deleted file mode 100644 index 188eae4a..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mautrix_whatsapp_enabled|bool" - tags: - - setup-all - - setup-mautrix-whatsapp - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_mautrix_whatsapp_enabled" - tags: - - setup-all - - setup-mautrix-whatsapp - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_mautrix_whatsapp_enabled" - tags: - - setup-all - - setup-mautrix-whatsapp diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml deleted file mode 100644 index f3dd0570..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_mautrix_whatsapp_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" - register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" - dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mautrix_whatsapp_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mautrix-whatsapp.service'] - pgloader_options: ['--with "quote identifiers"'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mautrix_whatsapp_requires_restart: true - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" - - -- name: Ensure Mautrix Whatsapp paths exists - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mautrix_whatsapp_base_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_config_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_data_path }}", when: true } - - { path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}", when: "{{ matrix_mautrix_whatsapp_container_image_self_build }}" } - when: item.when|bool - -- name: Ensure Mautrix Whatsapp image is pulled - docker_image: - name: "{{ matrix_mautrix_whatsapp_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" - when: not matrix_mautrix_whatsapp_container_image_self_build - -- name: Ensure Mautrix Whatsapp repository is present on self-build - git: - repo: "{{ matrix_mautrix_whatsapp_container_image_self_build_repo }}" - dest: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" - version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}" - force: "yes" - register: matrix_mautrix_whatsapp_git_pull_results - when: "matrix_mautrix_whatsapp_container_image_self_build|bool" - -- name: Ensure Mautrix Whatsapp Docker image is built - docker_image: - name: "{{ matrix_mautrix_whatsapp_docker_image }}" - source: build - force_source: "{{ matrix_mautrix_whatsapp_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}" - pull: yes - when: "matrix_mautrix_whatsapp_container_image_self_build|bool" - -- name: Check if an old database file exists - stat: - path: "{{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db" - register: matrix_mautrix_whatsapp_stat_database - -- name: Check if an old matrix state file exists - stat: - path: "{{ matrix_mautrix_whatsapp_base_path }}/mx-state.json" - register: matrix_mautrix_whatsapp_stat_mx_state - -- name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped - service: - name: matrix-mautrix-whatsapp - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mautrix_whatsapp_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-whatsapp database file to ./data directory - command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" - when: "matrix_mautrix_whatsapp_stat_database.stat.exists" - -- name: (Data relocation) Move mautrix-whatsapp mx-state file to ./data directory - command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json" - when: "matrix_mautrix_whatsapp_stat_mx_state.stat.exists" - -- name: Ensure mautrix-whatsapp config.yaml installed - copy: - content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mautrix-whatsapp registration.yaml installed - copy: - content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml }}" - dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mautrix-whatsapp.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" - mode: 0644 - register: matrix_mautrix_whatsapp_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation - service: - daemon_reload: yes - when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - -- name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary - service: - name: "matrix-mautrix-whatsapp.service" - state: restarted - when: "matrix_mautrix_whatsapp_requires_restart|bool" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml deleted file mode 100644 index 93f5c4c8..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mautrix-whatsapp service - stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" - register: matrix_mautrix_whatsapp_service_stat - -- name: Ensure matrix-mautrix-whatsapp is stopped - service: - name: matrix-mautrix-whatsapp - state: stopped - daemon_reload: yes - when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - -- name: Ensure matrix-mautrix-whatsapp.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" - state: absent - when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal - service: - daemon_reload: yes - when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml deleted file mode 100644 index 48314190..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_whatsapp_appservice_token" - - "matrix_mautrix_whatsapp_homeserver_token" - diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 deleted file mode 100644 index b3b1caf1..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ /dev/null @@ -1,169 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details. -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_whatsapp_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} -# Application service host/registration related details. -# Changing these values requires regeneration of the registration. - -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_whatsapp_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - - # Database config. - database: - # The database type. "sqlite3" and "postgres" are supported. - type: {{ matrix_mautrix_whatsapp_appservice_database_type|to_json }} - # The database URI. - # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database - uri: {{ matrix_mautrix_whatsapp_appservice_database_uri|to_json }} - # Maximum number of connections. Mostly relevant for Postgres. - max_open_conns: 20 - max_idle_conns: 2 - - # Path to the Matrix room state store. - state_store_path: ./mx-state.json - - # The unique ID of this appservice. - id: whatsapp - # Appservice bot details. - bot: - # Username of the appservice bot. - username: {{ matrix_mautrix_whatsapp_appservice_bot_username|to_json }} - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: WhatsApp bridge bot - avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" - hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" - -# Bridge config -bridge: - # Localpart template of MXIDs for WhatsApp users. - # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. - username_template: "{{ 'whatsapp_{{.}}' }}" - # Displayname template for WhatsApp users. - # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user - # {{ '{{.Jid}}' }} - phone number (international format) - # The following variables are also available, but will cause problems on multi-user instances: - # {{ '{{.Name}}' }} - display name from contact list - # {{ '{{.Short}}' }} - short display name from contact list - displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" - # WhatsApp connection timeout in seconds. - connection_timeout: 20 - # Maximum number of times to retry connecting on connection error. - max_connection_attempts: 3 - # Number of seconds to wait between connection attempts. - # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts - connection_retry_delay: -1 - # Whether or not the bridge should send a notice to the user's management room when it retries connecting. - # If false, it will only report when it stops retrying. - report_connection_retry: true - # Maximum number of seconds to wait for chats to be sent at startup. - # If this is too low and you have lots of chats, it could cause backfilling to fail. - chat_list_wait: 30 - # Maximum number of seconds to wait to sync portals before force unlocking message processing. - # If this is too low and you have lots of chats, it could cause backfilling to fail. - portal_sync_wait: 600 - - # Whether or not to send call start/end notices to Matrix. - call_notices: - start: true - end: true - - # Number of chats to sync for new users. - initial_chat_sync_count: 10 - # Number of old messages to fill when creating new portal rooms. - initial_history_fill_count: 20 - # Maximum number of chats to sync when recovering from downtime. - # Set to -1 to sync all new chats during downtime. - recovery_chat_sync_limit: -1 - # Whether or not to sync history when recovering from downtime. - recovery_history_backfill: true - # Maximum number of seconds since last message in chat to skip - # syncing the chat in any case. This setting will take priority - # over both recovery_chat_sync_limit and initial_chat_sync_count. - # Default is 3 days = 259200 seconds - sync_max_chat_age: 259200 - - # Whether or not to sync with custom puppets to receive EDUs that - # are not normally sent to appservices. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} - - # Whether or not to invite own WhatsApp user's Matrix puppet into private - # chat portals when backfilling if needed. - # This always uses the default puppet instead of custom puppets due to - # rate limits and timestamp massaging. - invite_own_puppet_for_backfilling: true - # Whether or not to explicitly set the avatar and room name for private - # chat portal rooms. This can be useful if the previous field works fine, - # but causes room avatar/name bugs. - private_chat_portal_meta: false - - # Allow invite permission for user. User can invite any bots to room with whatsapp - # users (private chat and groups) - allow_user_invite: false - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" - - # Permissions for using the bridge. - # Permitted values: - # user - Access to use the bridge to chat with a WhatsApp account. - # admin - User level and some additional administration tools - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - - relaybot: - # Whether or not relaybot support is enabled. - enabled: false - # The management room for the bot. This is where all status notifications are posted and - # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting - # the command prefix completely like in user management rooms is not possible. - management: '!foo:example.com' - # List of users to invite to all created rooms that include the relaybot. - invites: [] - # The formats to use when sending messages to WhatsApp via the relaybot. - message_formats: - m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" - m.notice: "{{ '{{ .Sender.Displayname }}' }}:: {{ '{{ .Message }}' }}" - m.emote: "* {{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" - m.file: "{{ '{{ .Sender.Displayname }}' }}: sent a file" - m.image: "{{ '{{ .Sender.Displayname }}' }}: sent an image" - m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" - m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" - m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" -# Logging config. -logging: - # The directory for log files. Will be created if not found. - directory: ./logs - # Available variables: .Date for the file date and .Index for different log files on the same day. - file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" - # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants - file_date_format: "2006-01-02" - # Log file permissions. - file_mode: 0600 - # Timestamp format for log entries in the Go time format. - timestamp_format: "Jan _2, 2006 15:04:05" - # Minimum severity for log messages. - # Options: debug, info, warn, error, fatal - print_level: debug diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 deleted file mode 100644 index 4a492492..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mautrix Whatsapp bridge -{% for service in matrix_mautrix_whatsapp_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mautrix_whatsapp_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_whatsapp_config_path }}:/config:z \ - -v {{ matrix_mautrix_whatsapp_data_path }}:/data:z \ - --workdir=/data \ - {% for arg in matrix_mautrix_whatsapp_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mautrix_whatsapp_docker_image }} \ - /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mautrix-whatsapp - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml deleted file mode 100644 index 1113bb1c..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ /dev/null @@ -1,110 +0,0 @@ -# Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://github.com/matrix-discord/mx-puppet-discord - -matrix_mx_puppet_discord_enabled: true - -matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/matrix-discord/mx-puppet-discord.git" - -# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. -matrix_mx_puppet_discord_container_http_host_bind_port: '' - -matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" -matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord" -matrix_mx_puppet_discord_config_path: "{{ matrix_mx_puppet_discord_base_path }}/config" -matrix_mx_puppet_discord_data_path: "{{ matrix_mx_puppet_discord_base_path }}/data" -matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_base_path }}/docker-src" - -matrix_mx_puppet_discord_appservice_port: "8432" - -matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' -matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_discord_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_discord_provisioning_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_discord_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-discord.service depends on. -matrix_mx_puppet_discord_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-discord.service wants -matrix_mx_puppet_discord_systemd_wanted_services_list: [] - -matrix_mx_puppet_discord_appservice_token: '' -matrix_mx_puppet_discord_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_discord_login_shared_secret: '' - -# Database configuration -matrix_mx_puppet_discord_database_engine: 'sqlite' - -matrix_mx_puppet_discord_sqlite_database_path_local: "{{ matrix_mx_puppet_discord_data_path }}/database.db" -matrix_mx_puppet_discord_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_discord_database_username: matrix_mx_puppet_discord -matrix_mx_puppet_discord_database_password: ~ -matrix_mx_puppet_discord_database_hostname: 'matrix-postgres' -matrix_mx_puppet_discord_database_port: 5432 -matrix_mx_puppet_discord_database_name: matrix_mx_puppet_discord - -matrix_mx_puppet_discord_database_connection_string: 'postgresql://{{ matrix_mx_puppet_discord_database_username }}:{{ matrix_mx_puppet_discord_database_password }}@{{ matrix_mx_puppet_discord_database_hostname }}:{{ matrix_mx_puppet_discord_database_port }}/{{ matrix_mx_puppet_discord_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_discord_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_discord_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_discord_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_discord_configuration_yaml`. - -matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`. -matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_discord_registration_yaml: | - as_token: "{{ matrix_mx_puppet_discord_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_discord_homeserver_token }}" - id: discord-puppet - namespaces: - users: - - exclusive: true - regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _discordpuppet_bot - url: {{ matrix_mx_puppet_discord_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml deleted file mode 100644 index 6fa43037..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ /dev/null @@ -1,23 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}" - when: matrix_mx_puppet_discord_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} - when: matrix_mx_puppet_discord_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml deleted file mode 100644 index 3ca32335..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-discord - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-discord - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml deleted file mode 100644 index f9985ed8..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Discord paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" } - when: matrix_mx_puppet_discord_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_discord_base_path }}/database.db" - register: matrix_mx_puppet_discord_stat_database - -- block: - - name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped - service: - name: matrix-mx-puppet-discord - state: stopped - daemon_reload: yes - failed_when: False - - - name: (Data relocation) Move mx-puppet-discord database file to ./data directory - command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" - when: "matrix_mx_puppet_discord_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_discord_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" - register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_discord_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_discord_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-discord.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_discord_requires_restart: true - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_discord_database_engine == 'postgres'" - -- name: Ensure MX Puppet Discord image is pulled - docker_image: - name: "{{ matrix_mx_puppet_discord_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" - when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build - -- name: Ensure MX Puppet Discord repository is present on self build - git: - repo: "{{ matrix_mx_puppet_discord_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_discord_git_pull_results - when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" - -- name: Ensure MX Puppet Discord Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_discord_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" - -- name: Ensure mx-puppet-discord config.yaml installed - copy: - content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-discord discord-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-discord.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-discord.service" - mode: 0644 - register: matrix_mx_puppet_discord_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_discord_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-discord.service restarted, if necessary - service: - name: "matrix-mx-puppet-discord.service" - state: restarted - when: "matrix_mx_puppet_discord_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml deleted file mode 100644 index b5b83c98..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-discord service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-discord.service" - register: matrix_mx_puppet_discord_service_stat - -- name: Ensure matrix-mx-puppet-discord is stopped - service: - name: matrix-mx-puppet-discord - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_discord_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-discord.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-discord.service" - state: absent - when: "matrix_mx_puppet_discord_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml deleted file mode 100644 index c253eda2..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_discord_appservice_token" - - "matrix_mx_puppet_discord_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 deleted file mode 100644 index 93c0a491..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 +++ /dev/null @@ -1,125 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_discord_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_discord_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }} - {% if matrix_mx_puppet_discord_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }} - {% endif %} - # Display name of the bridge bot - displayname: Discord Puppet Bridge - # Optionally specify a different media URL used for the media store - # - # This is where Discord will download user profile pictures and media - # from - #mediaUrl: https://external-url.org - -presence: - # Bridge Discord online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} - -relay: - # Regex of Matrix IDs who are allowed to use the bridge in relay mode. - # Relay mode is when a single Discord bot account relays messages of - # multiple Matrix users - # - # Same format as in provisioning - whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} - blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} - -selfService: - # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) - # - # Same format as in provisioning - whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }} - blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }} - -# Override the default name patterns for users, rooms and groups -# -# Variable names must be prefixed with a ':' -namePatterns: - # The default displayname for a bridged user - # - # Available variables: - # - # name: username of the user - # discriminator: hashtag of the user (ex. #1234) - user: :name - - # A user's guild-specific displayname - if they've set a custom nick in - # a guild - # - # Available variables: - # - # name: username of the user - # discriminator: hashtag of the user (ex. #1234) - # displayname: the user's custom group-specific nick - # channel: the name of the channel - # guild: the name of the guild - userOverride: :name - - # Room names for bridged Discord channels - # - # Available variables: - # - # name: name of the channel - # guild: name of the guild - room: :name - - # Group names for bridged Discord servers - # - # Available variables: - # - # name: name of the guide - group: :name - -database: -{% if matrix_mx_puppet_discord_database_engine == 'sqlite' %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_discord_sqlite_database_path_in_container|to_json }} -{% else %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_discord_database_connection_string|to_json }} -{% endif %} - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 deleted file mode 100644 index 6ffb87cd..00000000 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Discord bridge -{% for service in matrix_mx_puppet_discord_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_discord_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_discord_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_discord_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_discord_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_discord_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-discord - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml deleted file mode 100644 index 8b382605..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ /dev/null @@ -1,109 +0,0 @@ -# Mx Puppet GroupMe is a Matrix <-> GroupMe bridge -# See: https://gitlab.com/robintown/mx-puppet-groupme - -matrix_mx_puppet_groupme_enabled: true - -matrix_mx_puppet_groupme_container_image_self_build: false -matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme" - -# Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8437"), or empty string to not expose. -matrix_mx_puppet_groupme_container_http_host_bind_port: '' - -matrix_mx_puppet_groupme_version: latest -matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" -matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme" -matrix_mx_puppet_groupme_config_path: "{{ matrix_mx_puppet_groupme_base_path }}/config" -matrix_mx_puppet_groupme_data_path: "{{ matrix_mx_puppet_groupme_base_path }}/data" -matrix_mx_puppet_groupme_docker_src_files_path: "{{ matrix_mx_puppet_groupme_base_path }}/docker-src" - -matrix_mx_puppet_groupme_appservice_port: "8437" - -matrix_mx_puppet_groupme_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_groupme_homeserver_domain: '{{ matrix_domain }}' -matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ matrix_mx_puppet_groupme_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_groupme_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_groupme_provisioning_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_groupme_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-groupme.service depends on. -matrix_mx_puppet_groupme_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-groupme.service wants -matrix_mx_puppet_groupme_systemd_wanted_services_list: [] - -matrix_mx_puppet_groupme_appservice_token: '' -matrix_mx_puppet_groupme_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_groupme_login_shared_secret: '' - -matrix_mx_puppet_groupme_database_engine: sqlite - -matrix_mx_puppet_groupme_sqlite_database_path_local: "{{ matrix_mx_puppet_groupme_data_path }}/database.db" -matrix_mx_puppet_groupme_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_groupme_database_username: matrix_mx_puppet_groupme -matrix_mx_puppet_groupme_database_password: ~ -matrix_mx_puppet_groupme_database_hostname: 'matrix-postgres' -matrix_mx_puppet_groupme_database_port: 5432 -matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme - -matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_groupme_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_groupme_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_groupme_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_groupme_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_groupme_configuration_yaml`. - -matrix_mx_puppet_groupme_configuration_extension: "{{ matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml if matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_groupme_configuration_yaml`. -matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml|from_yaml|combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_groupme_registration_yaml: | - as_token: "{{ matrix_mx_puppet_groupme_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_groupme_homeserver_token }}" - id: groupme-puppet - namespaces: - users: - - exclusive: true - regex: '@_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _groupmepuppet_bot - url: {{ matrix_mx_puppet_groupme_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml deleted file mode 100644 index b4469ea1..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ /dev/null @@ -1,23 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}" - when: matrix_mx_puppet_groupme_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }} - when: matrix_mx_puppet_groupme_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml deleted file mode 100644 index 994e7e45..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-groupme - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-groupme - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_groupme_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml deleted file mode 100644 index b1d5f0b5..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Groupme paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}" } - when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_groupme_base_path }}/database.db" - register: matrix_mx_puppet_groupme_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-groupme.service is stopped - service: - name: matrix-mx-puppet-groupme - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mx_puppet_groupme_stat_database.stat.exists" - -- name: (Data relocation) Move mx-puppet-groupme database file to ./data directory - command: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db" - when: "matrix_mx_puppet_groupme_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_groupme_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" - register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_groupme_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-groupme.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_groupme_requires_restart: true - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" - -- name: Ensure MX Puppet Groupme image is pulled - docker_image: - name: "{{ matrix_mx_puppet_groupme_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" - when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build - -- name: Ensure MX Puppet Groupme repository is present on self build - git: - repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_groupme_git_pull_results - when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" - -- name: Ensure MX Puppet Groupme Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_groupme_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_groupme_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build" - -- name: Ensure mx-puppet-groupme config.yaml installed - copy: - content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-groupme groupme-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-groupme.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-groupme.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-groupme.service" - mode: 0644 - register: matrix_mx_puppet_groupme_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_groupme_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary - service: - name: "matrix-mx-puppet-groupme.service" - state: restarted - when: "matrix_mx_puppet_groupme_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml deleted file mode 100644 index cc4fdfa5..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-groupme service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" - register: matrix_mx_puppet_groupme_service_stat - -- name: Ensure matrix-mx-puppet-groupme is stopped - service: - name: matrix-mx-puppet-groupme - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-groupme.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" - state: absent - when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_groupme_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml deleted file mode 100644 index 5c5463ce..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_groupme_appservice_token" - - "matrix_mx_puppet_groupme_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 deleted file mode 100644 index a9ab7701..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 +++ /dev/null @@ -1,86 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_groupme_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_groupme_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_groupme_homeserver_address }} - {% if matrix_mx_puppet_groupme_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_groupme_login_shared_secret }} - {% endif %} - # Display name of the bridge bot - displayname: GroupMe Puppet Bridge - # Optionally specify a different media URL used for the media store - # - # This is where GroupMe will download user profile pictures and media - # from - #mediaUrl: https://external-url.org - -presence: - # Bridge GroupMe online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 5000 - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }} - -relay: - # Regex of Matrix IDs who are allowed to use the bridge in relay mode. - # Relay mode is when a single GroupMe bot account relays messages of - # multiple Matrix users - # - # Same format as in provisioning - whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }} - blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }} - -selfService: - # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) - # - # Same format as in provisioning - whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }} - blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }} - -database: -{% if matrix_mx_puppet_groupme_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_groupme_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_groupme_sqlite_database_path_in_container|to_json }} -{% endif %} - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 deleted file mode 100644 index dabafd18..00000000 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Groupme bridge -{% for service in matrix_mx_puppet_groupme_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_groupme_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_groupme_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_groupme_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_groupme_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_groupme_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-groupme - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml deleted file mode 100644 index 27210360..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ /dev/null @@ -1,103 +0,0 @@ -# mx-puppet-instagram bridges instagram DMs -# See: https://github.com/Sorunome/mx-puppet-instagram - -matrix_mx_puppet_instagram_enabled: true - -matrix_mx_puppet_instagram_container_image_self_build: false -matrix_mx_puppet_instagram_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-instagram.git" - -matrix_mx_puppet_instagram_version: latest -matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:{{ matrix_mx_puppet_instagram_version }}" -matrix_mx_puppet_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_instagram_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram" -matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config" -matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data" -matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src" - -matrix_mx_puppet_instagram_appservice_port: "8440" -matrix_mx_puppet_instagram_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}' -matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_instagram_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_instagram_provisioning_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_instagram_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-instagram.service depends on. -matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-instagram.service wants -matrix_mx_puppet_instagram_systemd_wanted_services_list: [] - -matrix_mx_puppet_instagram_appservice_token: '' -matrix_mx_puppet_instagram_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_instagram_login_shared_secret: '' - -matrix_mx_puppet_instagram_database_engine: sqlite - -matrix_mx_puppet_instagram_sqlite_database_path_local: "{{ matrix_mx_puppet_instagram_data_path }}/database.db" -matrix_mx_puppet_instagram_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_instagram_database_username: matrix_mx_puppet_instagram -matrix_mx_puppet_instagram_database_password: ~ -matrix_mx_puppet_instagram_database_hostname: 'matrix-postgres' -matrix_mx_puppet_instagram_database_port: 5432 -matrix_mx_puppet_instagram_database_name: matrix_mx_puppet_instagram - -matrix_mx_puppet_instagram_database_connection_string: 'postgresql://{{ matrix_mx_puppet_instagram_database_username }}:{{ matrix_mx_puppet_instagram_database_password }}@{{ matrix_mx_puppet_instagram_database_hostname }}:{{ matrix_mx_puppet_instagram_database_port }}/{{ matrix_mx_puppet_instagram_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_instagram_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`. - -matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`. -matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_instagram_registration_yaml: | - as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}" - id: instagram-puppet - namespaces: - users: - - exclusive: true - regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _instagrampuppet_bot - url: {{ matrix_mx_puppet_instagram_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml deleted file mode 100644 index a12885e7..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ /dev/null @@ -1,24 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}" - when: matrix_mx_puppet_instagram_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} - when: matrix_mx_puppet_instagram_enabled|bool - diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml deleted file mode 100644 index d0fe90e4..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-instagram - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-instagram - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml deleted file mode 100644 index cdbaa18e..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - - -- set_fact: - matrix_mx_puppet_instagram_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" - register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_instagram_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-instagram.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_instagram_requires_restart: true - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" - -- name: Ensure mx-puppet-instagram image is pulled - docker_image: - name: "{{ matrix_mx_puppet_instagram_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" - when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build - -- name: Ensure mx-puppet-instagram paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } - when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool - -- name: Ensure mx-puppet-instagram repository is present on self build - git: - repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_instagram_git_pull_results - when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" - -- name: Ensure mx-puppet-instagram Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_instagram_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool" - -- name: Ensure mx-puppet-instagram config.yaml installed - copy: - content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-instagram-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-instagram.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service" - mode: 0644 - register: matrix_mx_puppet_instagram_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_instagram_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary - service: - name: "matrix-mx-puppet-instagram.service" - state: restarted - when: "matrix_mx_puppet_instagram_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml deleted file mode 100644 index 4b5e67ac..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-instagram service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" - register: matrix_mx_puppet_instagram_service_stat - -- name: Ensure matrix-mx-puppet-instagram is stopped - service: - name: matrix-mx-puppet-instagram - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-instagram.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" - state: absent - when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml deleted file mode 100644 index b6d9d994..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_instagram_appservice_token" - - "matrix_mx_puppet_instagram_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 deleted file mode 100644 index 1c4bb1bd..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 +++ /dev/null @@ -1,69 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_instagram_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_instagram_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }} - {% if matrix_mx_puppet_instagram_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }} - {% endif %} - -presence: - # Bridge Instagram online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }} - - # Shared secret for the provisioning API for use by integration managers. - # If this is not set, the provisioning API will not be enabled. - #sharedSecret: random string - # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. - apiPrefix: /_matrix/provision - -database: -{% if matrix_mx_puppet_instagram_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_instagram_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_instagram_sqlite_database_path_in_container|to_json }} -{% endif %} - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 deleted file mode 100644 index 965bb41c..00000000 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Instagram bridge -{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_instagram_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_instagram_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-instagram - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml deleted file mode 100644 index 8dcb2faf..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ /dev/null @@ -1,111 +0,0 @@ -# Mx Puppet Skype is a Matrix <-> Skype bridge -# See: https://github.com/Sorunome/mx-puppet-skype - -matrix_mx_puppet_skype_enabled: true - -matrix_mx_puppet_skype_container_image_self_build: false -matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git" - -matrix_mx_puppet_skype_version: latest -matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:{{ matrix_mx_puppet_skype_version }}" -matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_skype_base_path: "{{ matrix_base_data_path }}/mx-puppet-skype" -matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/config" -matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data" -matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src" - -matrix_mx_puppet_skype_appservice_port: "8438" - -matrix_mx_puppet_skype_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_skype_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_skype_provisioning_blacklist: [] - -# Same as provisioning -matrix_mx_puppet_skype_relay_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Same as provisioning -matrix_mx_puppet_skype_relay_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_skype_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-skype.service depends on. -matrix_mx_puppet_skype_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-skype.service wants -matrix_mx_puppet_skype_systemd_wanted_services_list: [] - -matrix_mx_puppet_skype_appservice_token: '' -matrix_mx_puppet_skype_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_skype_login_shared_secret: '' - -# Database configuration, role default is `sqlite` but playbook default is `postgres` -matrix_mx_puppet_skype_database_engine: sqlite - -matrix_mx_puppet_skype_sqlite_database_path_local: "{{ matrix_mx_puppet_skype_data_path }}/database.db" -matrix_mx_puppet_skype_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_skype_database_username: matrix_mx_puppet_skype -matrix_mx_puppet_skype_database_password: ~ -matrix_mx_puppet_skype_database_hostname: 'matrix-postgres' -matrix_mx_puppet_skype_database_port: 5432 -matrix_mx_puppet_skype_database_name: matrix_mx_puppet_skype - -matrix_mx_puppet_skype_database_connection_string: 'postgresql://{{ matrix_mx_puppet_skype_database_username }}:{{ matrix_mx_puppet_skype_database_password }}@{{ matrix_mx_puppet_skype_database_hostname }}:{{ matrix_mx_puppet_skype_database_port }}/{{ matrix_mx_puppet_skype_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_skype_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_skype_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_skype_configuration_yaml`. - -matrix_mx_puppet_skype_configuration_extension: "{{ matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml if matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_skype_configuration_yaml`. -matrix_mx_puppet_skype_configuration: "{{ matrix_mx_puppet_skype_configuration_yaml|from_yaml|combine(matrix_mx_puppet_skype_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_skype_registration_yaml: | - as_token: "{{ matrix_mx_puppet_skype_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_skype_homeserver_token }}" - id: skype-puppet - namespaces: - users: - - exclusive: true - regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _skypepuppet_bot - url: {{ matrix_mx_puppet_skype_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_skype_registration: "{{ matrix_mx_puppet_skype_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml deleted file mode 100644 index 5618821b..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ /dev/null @@ -1,23 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}" - when: matrix_mx_puppet_skype_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-skype-registration.yaml"] }} - when: matrix_mx_puppet_skype_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml deleted file mode 100644 index 01ddd7d8..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_skype_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml deleted file mode 100644 index 997a6317..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-skype role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Skype paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_skype_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}" } - when: matrix_mx_puppet_skype_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_skype_base_path }}/database.db" - register: matrix_mx_puppet_skype_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-skype.service is stopped - service: - name: matrix-mx-puppet-skype - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mx_puppet_skype_stat_database.stat.exists" - -- name: (Data relocation) Move mx-puppet-skype database file to ./data directory - command: "mv {{ matrix_mx_puppet_skype_base_path }}/database.db {{ matrix_mx_puppet_skype_data_path }}/database.db" - when: "matrix_mx_puppet_skype_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_skype_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}" - register: matrix_mx_puppet_skype_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_skype_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_skype_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-skype.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_skype_requires_restart: true - when: "matrix_mx_puppet_skype_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_skype_database_engine == 'postgres'" - -- name: Ensure MX Puppet Skype image is pulled - docker_image: - name: "{{ matrix_mx_puppet_skype_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" - when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build - -- name: Ensure MX Puppet Skype repository is present on self build - git: - repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_skype_git_pull_results - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - -- name: Ensure MX Puppet Skype Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_skype_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_skype_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool" - -- name: Ensure mx-puppet-skype config.yaml installed - copy: - content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_skype_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-skype skype-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_skype_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-skype.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-skype.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-skype.service" - mode: 0644 - register: matrix_mx_puppet_skype_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_skype_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-skype.service restarted, if necessary - service: - name: "matrix-mx-puppet-skype.service" - state: restarted - when: "matrix_mx_puppet_skype_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml deleted file mode 100644 index 72b3a945..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-skype service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-skype.service" - register: matrix_mx_puppet_skype_service_stat - -- name: Ensure matrix-mx-puppet-skype is stopped - service: - name: matrix-mx-puppet-skype - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_skype_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-skype.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-skype.service" - state: absent - when: "matrix_mx_puppet_skype_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml deleted file mode 100644 index 7ed433b1..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_skype_appservice_token" - - "matrix_mx_puppet_skype_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 deleted file mode 100644 index 1d6d4828..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 +++ /dev/null @@ -1,118 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Address for the bridge to bind to; if running as a Docker container, you - # probably want 0.0.0.0 here - bindAddress: 0.0.0.0 - # Port to host the bridge on which your homeserver will connect to - port: {{ matrix_mx_puppet_skype_appservice_port }} - # Name of your homeserver - domain: {{ matrix_domain }} - # URL where the bridge can connect to your homeserver - homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} - # Optionally specify a different media URL used for the media store - mediaURL: https://{{ matrix_server_fqn_matrix }} - # This enabled automatic double-puppeting: - # A map for shared secrets of the homeserver URL to the shared secret - # See https://github.com/devture/matrix-synapse-shared-secret-auth - #loginSharedSecretMap: - # yourserver.com: supersecretsharedsecret - {% if matrix_mx_puppet_skype_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} - {% endif %} - # optionally override the display name of the bridge bot - #displayname: Protocol Bot - # optionally set the avatar of the bridge bot - #avatarUrl: mxc://yourserver.com/somefile - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Optionally, you can apply filters to the console logging - #console: - # level: info - # enabled: - # - Store - # disabled: - # - PresenceHandler - - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] - -database: -{% if matrix_mx_puppet_skype_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_skype_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_skype_sqlite_database_path_in_container|to_json }} -{% endif %} - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} - -presence: - # Bridge online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - # if the im.vector.user_status state setting should be diabled - #disableStatusState: false - # A blacklist of remote user IDs for the im.vector.user_status state setting - #statusStateBlacklist: - # - baduser - -relay: - # Regex of Matrix IDs to allow to use the relay mode - # Same format as in provisioning - #whitelist: - #- "@.*:yourserver\\.com" - whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} - - #blacklist: - #- "@user:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} - -# Map certain homeserver URLs to the C-S API endpoint -# Useful for double-puppeting if .well-known is unavailable for some reason -#homeserverUrlMap: -# yourserver.com: http://localhost:1234 - -namePatterns: - # Override the protocols set default name patterns - # Which variables are available depends on protocol implementation - user: :name - room: :name - -limits: - # Up to how many users should be auto-joined on room creation? -1 to disable - # Defaults to 200 - maxAutojoinUsers: 200 - # How long the delay between two autojoin users should be, in millisectonds. - # Defaults to 5000 - roomUserAutojoinDelay: 5000 diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 deleted file mode 100644 index 9a7986e4..00000000 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Skype bridge -{% for service in matrix_mx_puppet_skype_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_skype_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_skype_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_skype_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_skype_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_skype_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-skype - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml deleted file mode 100644 index 30d42475..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ /dev/null @@ -1,113 +0,0 @@ -# Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack - -matrix_mx_puppet_slack_enabled: true - -matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" - -# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. -matrix_mx_puppet_slack_container_http_host_bind_port: '' - -matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" -matrix_mx_puppet_slack_config_path: "{{ matrix_mx_puppet_slack_base_path }}/config" -matrix_mx_puppet_slack_data_path: "{{ matrix_mx_puppet_slack_base_path }}/data" -matrix_mx_puppet_slack_docker_src_files_path: "{{ matrix_mx_puppet_slack_base_path }}/docker-src" - -matrix_mx_puppet_slack_appservice_port: "8432" - -matrix_mx_puppet_slack_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}' -matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}' - -matrix_mx_puppet_slack_redirect_path: '/slack/oauth' -matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_slack_redirect_path }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_slack_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_slack_provisioning_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_slack_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-slack.service depends on. -matrix_mx_puppet_slack_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-slack.service wants -matrix_mx_puppet_slack_systemd_wanted_services_list: [] - -matrix_mx_puppet_slack_appservice_token: '' -matrix_mx_puppet_slack_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_slack_login_shared_secret: '' - -# Database configuration, role uses 'sqlite' per default but playbook sets up postgres by default -matrix_mx_puppet_slack_database_engine: sqlite - -matrix_mx_puppet_slack_sqlite_database_path_local: "{{ matrix_mx_puppet_slack_data_path }}/database.db" -matrix_mx_puppet_slack_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_slack_database_username: matrix_mx_puppet_slack -matrix_mx_puppet_slack_database_password: ~ -matrix_mx_puppet_slack_database_hostname: 'matrix-postgres' -matrix_mx_puppet_slack_database_port: 5432 -matrix_mx_puppet_slack_database_name: matrix_mx_puppet_slack - -matrix_mx_puppet_slack_database_connection_string: 'postgresql://{{ matrix_mx_puppet_slack_database_username }}:{{ matrix_mx_puppet_slack_database_password }}@{{ matrix_mx_puppet_slack_database_hostname }}:{{ matrix_mx_puppet_slack_database_port }}/{{ matrix_mx_puppet_slack_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_slack_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_slack_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_slack_configuration_yaml`. - -matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml if matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_slack_configuration_yaml`. -matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml|from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_slack_registration_yaml: | - as_token: "{{ matrix_mx_puppet_slack_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_slack_homeserver_token }}" - id: slack-puppet - namespaces: - users: - - exclusive: true - regex: '@_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _slackpuppet_bot - url: {{ matrix_mx_puppet_slack_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml deleted file mode 100644 index f484c687..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ /dev/null @@ -1,70 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}" - when: matrix_mx_puppet_slack_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-slack-registration.yaml"] }} - when: matrix_mx_puppet_slack_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; - {% endif %} - } - - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_mx_puppet_slack_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` - URL endpoint to the matrix-mx-puppet-slack container. - You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml deleted file mode 100644 index 6aa0fd0f..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-slack - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-slack - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_slack_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml deleted file mode 100644 index d816ceeb..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Slack paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" } - when: matrix_mx_puppet_slack_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_slack_base_path }}/database.db" - register: matrix_mx_puppet_slack_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-slack.service is stopped - service: - name: matrix-mx-puppet-slack - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mx_puppet_slack_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_slack_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" - register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_slack_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_slack_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-slack.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_slack_requires_restart: true - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_slack_database_engine == 'postgres'" - -- name: Ensure MX Puppet Slack image is pulled - docker_image: - name: "{{ matrix_mx_puppet_slack_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" - when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build - -- name: Ensure MX Puppet Slack repository is present on self build - git: - repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_slack_git_pull_results - when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" - -- name: Ensure MX Puppet Slack Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_slack_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" - -- name: (Data relocation) Move mx-puppet-slack database file to ./data directory - command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db" - when: "matrix_mx_puppet_slack_stat_database.stat.exists" - -- name: Ensure mx-puppet-slack config.yaml installed - copy: - content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-slack slack-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-slack.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-slack.service" - mode: 0644 - register: matrix_mx_puppet_slack_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_slack_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-slack.service restarted, if necessary - service: - name: "matrix-mx-puppet-slack.service" - state: restarted - when: "matrix_mx_puppet_slack_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml deleted file mode 100644 index 73314a66..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-slack service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-slack.service" - register: matrix_mx_puppet_slack_service_stat - -- name: Ensure matrix-mx-puppet-slack is stopped - service: - name: matrix-mx-puppet-slack - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_slack_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-slack.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-slack.service" - state: absent - when: "matrix_mx_puppet_slack_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml deleted file mode 100644 index 3a0bca11..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_slack_appservice_token" - - "matrix_mx_puppet_slack_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 deleted file mode 100644 index b1917b86..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 +++ /dev/null @@ -1,79 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_slack_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_slack_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }} - {% if matrix_mx_puppet_slack_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }} - {% endif %} - - -# Slack OAuth settings. Create a slack app at https://api.slack.com/apps -oauth: - enabled: true - # Path where to listen for OAuth redirect callbacks. - redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} - # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, - # then set this field and the Slack app redirect URI field to the former. - redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }} - -presence: - # Bridge Discord online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }} - - # Shared secret for the provisioning API for use by integration managers. - # If this is not set, the provisioning API will not be enabled. - #sharedSecret: random string - # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. - apiPrefix: /_matrix/provision - -database: -{% if matrix_mx_puppet_slack_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_slack_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_slack_sqlite_database_path_in_container|to_json }} -{% endif %} - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 deleted file mode 100644 index 973771b3..00000000 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Slack bridge -{% for service in matrix_mx_puppet_slack_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_slack_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_mx_puppet_slack_container_http_host_bind_port %} - -p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \ - {% endif %} - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_slack_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_slack_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_slack_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_slack_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-slack - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml deleted file mode 100644 index 2af4a32a..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ /dev/null @@ -1,109 +0,0 @@ -# Mx Puppet Steam is a Matrix <-> Steam bridge -# See: https://github.com/matrix-steam/mx-puppet-steam - -matrix_mx_puppet_steam_enabled: true - -matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" - -# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. -matrix_mx_puppet_steam_container_http_host_bind_port: '' - -matrix_mx_puppet_steam_version: latest -matrix_mx_puppet_steam_docker_image: "{{ matrix_mx_puppet_steam_docker_image_name_prefix }}icewind1991/mx-puppet-steam:{{ matrix_mx_puppet_steam_version }}" -matrix_mx_puppet_steam_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_steam_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam" -matrix_mx_puppet_steam_config_path: "{{ matrix_mx_puppet_steam_base_path }}/config" -matrix_mx_puppet_steam_data_path: "{{ matrix_mx_puppet_steam_base_path }}/data" -matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_path }}/docker-src" - -matrix_mx_puppet_steam_appservice_port: "8432" - -matrix_mx_puppet_steam_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}' -matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_steam_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_steam_provisioning_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_steam_container_extra_arguments: [] - -# List of systemd services that matrix-puppet-steam.service depends on. -matrix_mx_puppet_steam_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-puppet-steam.service wants -matrix_mx_puppet_steam_systemd_wanted_services_list: [] - -matrix_mx_puppet_steam_appservice_token: '' -matrix_mx_puppet_steam_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_steam_login_shared_secret: '' - -matrix_mx_puppet_steam_database_engine: sqlite - -matrix_mx_puppet_steam_sqlite_database_path_local: "{{ matrix_mx_puppet_steam_data_path }}/database.db" -matrix_mx_puppet_steam_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_steam_database_username: matrix_mx_puppet_steam -matrix_mx_puppet_steam_database_password: ~ -matrix_mx_puppet_steam_database_hostname: 'matrix-postgres' -matrix_mx_puppet_steam_database_port: 5432 -matrix_mx_puppet_steam_database_name: matrix_mx_puppet_steam - -matrix_mx_puppet_steam_database_connection_string: 'postgresql://{{ matrix_mx_puppet_steam_database_username }}:{{ matrix_mx_puppet_steam_database_password }}@{{ matrix_mx_puppet_steam_database_hostname }}:{{ matrix_mx_puppet_steam_database_port }}/{{ matrix_mx_puppet_steam_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_steam_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_steam_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_steam_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_steam_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_steam_configuration_yaml`. - -matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`. -matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}" - -matrix_mx_puppet_steam_registration_yaml: | - as_token: "{{ matrix_mx_puppet_steam_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_steam_homeserver_token }}" - id: steam-puppet - namespaces: - users: - - exclusive: true - regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: _steampuppet_bot - url: {{ matrix_mx_puppet_steam_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml deleted file mode 100644 index c3218e89..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ /dev/null @@ -1,23 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}" - when: matrix_mx_puppet_steam_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} - when: matrix_mx_puppet_steam_enabled|bool diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml deleted file mode 100644 index cd6bb147..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-steam - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-steam - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml deleted file mode 100644 index 3bcef36e..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Steam paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" } - when: matrix_mx_puppet_steam_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_steam_base_path }}/database.db" - register: matrix_mx_puppet_steam_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped - service: - name: matrix-mx-puppet-steam - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mx_puppet_steam_stat_database.stat.exists" - -- name: (Data relocation) Move mx-puppet-steam database file to ./data directory - command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db" - when: "matrix_mx_puppet_steam_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_steam_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" - register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_steam_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_steam_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-steam.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_steam_requires_restart: true - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_steam_database_engine == 'postgres'" - -- name: Ensure MX Puppet Steam image is pulled - docker_image: - name: "{{ matrix_mx_puppet_steam_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" - when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build - -- name: Ensure MX Puppet Steam repository is present on self build - git: - repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_steam_git_pull_results - when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" - -- name: Ensure MX Puppet Steam Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_steam_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_steam_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build" - -- name: Ensure mx-puppet-steam config.yaml installed - copy: - content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-steam steam-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-steam.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-steam.service" - mode: 0644 - register: matrix_mx_puppet_steam_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_steam_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-steam.service restarted, if necessary - service: - name: "matrix-mx-puppet-steam.service" - state: restarted - when: "matrix_mx_puppet_steam_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml deleted file mode 100644 index 1ee95eb3..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-steam service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-steam.service" - register: matrix_mx_puppet_steam_service_stat - -- name: Ensure matrix-mx-puppet-steam is stopped - service: - name: matrix-mx-puppet-steam - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_steam_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-steam.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-steam.service" - state: absent - when: "matrix_mx_puppet_steam_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml deleted file mode 100644 index a8bc6a42..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_steam_appservice_token" - - "matrix_mx_puppet_steam_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 deleted file mode 100644 index fd59471d..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 +++ /dev/null @@ -1,86 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_steam_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_steam_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_steam_homeserver_address }} - {% if matrix_mx_puppet_steam_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_steam_login_shared_secret }} - {% endif %} - # Display name of the bridge bot - displayname: Steam Puppet Bridge - # Optionally specify a different media URL used for the media store - # - # This is where Steam will download user profile pictures and media - # from - #mediaUrl: https://external-url.org - -presence: - # Bridge Steam online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 5000 - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} - -relay: - # Regex of Matrix IDs who are allowed to use the bridge in relay mode. - # Relay mode is when a single Steam bot account relays messages of - # multiple Matrix users - # - # Same format as in provisioning - whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} - blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} - -selfService: - # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms) - # - # Same format as in provisioning - whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }} - blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }} - -database: -{% if matrix_mx_puppet_steam_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_steam_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_steam_sqlite_database_path_in_container|to_json }} -{% endif %} - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 deleted file mode 100644 index 0772872b..00000000 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Steam bridge -{% for service in matrix_mx_puppet_steam_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_steam_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_steam_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_steam_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_steam_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_steam_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-steam - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml deleted file mode 100644 index 0e37d51f..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ /dev/null @@ -1,122 +0,0 @@ -# Mx Puppet Twitter is a Matrix <-> Twitter bridge -# See: https://github.com/Sorunome/mx-puppet-twitter - -matrix_mx_puppet_twitter_enabled: true - -matrix_mx_puppet_twitter_container_image_self_build: false -matrix_mx_puppet_twitter_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-twitter.git" - -# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. -matrix_mx_puppet_twitter_container_http_host_bind_port: '' - -matrix_mx_puppet_twitter_version: latest -matrix_mx_puppet_twitter_docker_image: "{{ matrix_mx_puppet_twitter_docker_image_name_prefix }}sorunome/mx-puppet-twitter:{{ matrix_mx_puppet_twitter_version }}" -matrix_mx_puppet_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_twitter_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}" - -matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter" -matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config" -matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data" -matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src" - -matrix_mx_puppet_twitter_appservice_port: "8432" - -matrix_mx_puppet_twitter_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}' -matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}' - -matrix_mx_puppet_twitter_consumer_key: '' -matrix_mx_puppet_twitter_consumer_secret: '' -matrix_mx_puppet_twitter_access_token: '' -matrix_mx_puppet_twitter_access_token_secret: '' -matrix_mx_puppet_twitter_environment: '' -matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook' -matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}' - -# "@user:server.com" to allow specific user -# "@.*:yourserver.com" to allow users on a specific homeserver -# "@.*" to allow anyone -matrix_mx_puppet_twitter_provisioning_whitelist: - - "@.*:{{ matrix_domain|regex_escape }}" - -# Leave empty to disable blacklist -# "@user:server.com" disallow a specific user -# "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_twitter_provisioning_blacklist: [] - -# A list of extra arguments to pass to the container -matrix_mx_puppet_twitter_container_extra_arguments: [] - -# List of systemd services that mx-puppet-twitter.service depends on. -matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service'] - -# List of systemd services that mx-puppet-twitter.service wants -matrix_mx_puppet_twitter_systemd_wanted_services_list: [] - -matrix_mx_puppet_twitter_appservice_token: '' -matrix_mx_puppet_twitter_homeserver_token: '' - -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mx_puppet_twitter_login_shared_secret: '' - -# Database configuration -matrix_mx_puppet_twitter_database_engine: sqlite - -matrix_mx_puppet_twitter_sqlite_database_path_local: "{{ matrix_mx_puppet_twitter_data_path }}/database.db" -matrix_mx_puppet_twitter_sqlite_database_path_in_container: "/data/database.db" - -matrix_mx_puppet_twitter_database_username: mx_puppet_twitter -matrix_mx_puppet_twitter_database_password: ~ -matrix_mx_puppet_twitter_database_hostname: 'matrix-postgres' -matrix_mx_puppet_twitter_database_port: 5432 -matrix_mx_puppet_twitter_database_name: matrix_mx_puppet_twitter - -matrix_mx_puppet_twitter_database_connection_string: 'postgresql://{{ matrix_mx_puppet_twitter_database_username }}:{{ matrix_mx_puppet_twitter_database_password }}@{{ matrix_mx_puppet_twitter_database_hostname }}:{{ matrix_mx_puppet_twitter_database_port }}/{{ matrix_mx_puppet_twitter_database_name }}?sslmode=disable' - -# Default configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_mx_puppet_twitter_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`. - -matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`. -matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}" - -# The prefix for user IDs and aliases -matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_ -matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot - -matrix_mx_puppet_twitter_registration_yaml: | - as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}" - hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}" - id: twitter-puppet - namespaces: - users: - - exclusive: true - regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' - rooms: [] - aliases: - - exclusive: true - regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}' - protocols: [] - rate_limited: false - sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}" - url: {{ matrix_mx_puppet_twitter_appservice_address }} - de.sorunome.msc2409.push_ephemeral: true - -matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml deleted file mode 100644 index 06cf83fa..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ /dev/null @@ -1,70 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}" - when: matrix_mx_puppet_twitter_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }} - when: matrix_mx_puppet_twitter_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - set_fact: - matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; - {% endif %} - } - - - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_mx_puppet_twitter_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` - URL endpoint to the matrix-mx-puppet-twitter container. - You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml deleted file mode 100644 index af355df3..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-twitter - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-twitter - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool" - tags: - - setup-all - - setup-mx-puppet-twitter diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml deleted file mode 100644 index 5767ed17..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - -- name: Ensure MX Puppet Twitter paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true } - - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" } - when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool - -- name: Check if an old database file already exists - stat: - path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db" - register: matrix_mx_puppet_twitter_stat_database - -- name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped - service: - name: matrix-mx-puppet-twitter - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_mx_puppet_twitter_stat_database.stat.exists" - -- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory - command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db" - when: "matrix_mx_puppet_twitter_stat_database.stat.exists" - -- set_fact: - matrix_mx_puppet_twitter_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" - register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" - dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_mx_puppet_twitter_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-mx-puppet-twitter.service'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_mx_puppet_twitter_requires_restart: true - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" - -- name: Ensure MX Puppet Twitter image is pulled - docker_image: - name: "{{ matrix_mx_puppet_twitter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" - when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build - -- name: Ensure MX Puppet Twitter repository is present on self build - git: - repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}" - dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" - force: "yes" - register: matrix_mx_puppet_twitter_git_pull_results - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" - -- name: Ensure MX Puppet Twitter Docker image is built - docker_image: - name: "{{ matrix_mx_puppet_twitter_docker_image }}" - source: build - force_source: "{{ matrix_mx_puppet_twitter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}" - pull: yes - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build" - -- name: Ensure mx-puppet-twitter config.yaml installed - copy: - content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure mx-puppet-twitter twitter-registration.yaml installed - copy: - content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}" - dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-mx-puppet-twitter.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2" - dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service" - mode: 0644 - register: matrix_mx_puppet_twitter_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation - service: - daemon_reload: yes - when: "matrix_mx_puppet_twitter_systemd_service_result.changed" - -- name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary - service: - name: "matrix-mx-puppet-twitter.service" - state: restarted - when: "matrix_mx_puppet_twitter_requires_restart|bool" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml deleted file mode 100644 index 1d663531..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Check existence of matrix-mx-puppet-twitter service - stat: - path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" - register: matrix_mx_puppet_twitter_service_stat - -- name: Ensure matrix-mx-puppet-twitter is stopped - service: - name: matrix-mx-puppet-twitter - state: stopped - daemon_reload: yes - when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - -- name: Ensure matrix-mx-puppet-twitter.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" - state: absent - when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal - service: - daemon_reload: yes - when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml deleted file mode 100644 index d13a39e1..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_mx_puppet_twitter_appservice_token" - - "matrix_mx_puppet_twitter_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 deleted file mode 100644 index 1d269057..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 +++ /dev/null @@ -1,79 +0,0 @@ -#jinja2: lstrip_blocks: "True" -bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_twitter_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_twitter_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }} - {% if matrix_mx_puppet_twitter_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }} - {% endif %} - -twitter: - consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}" - consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}" - accessToken: "{{ matrix_mx_puppet_twitter_access_token }}" - accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}" - environment: "{{ matrix_mx_puppet_twitter_environment }}" - server: - url: "{{ matrix_mx_puppet_twitter_webhook_url }}" - path: "{{ matrix_mx_puppet_twitter_webhook_path }}" - -presence: - # Bridge Twitter online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - -provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }} - - # Shared secret for the provisioning API for use by integration managers. - # If this is not set, the provisioning API will not be enabled. - #sharedSecret: random string - # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. - apiPrefix: /_matrix/provision - -database: -{% if matrix_mx_puppet_twitter_database_engine == 'postgres' %} - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - connString: {{ matrix_mx_puppet_twitter_database_connection_string|to_json }} -{% else %} - # Use SQLite3 as a database backend - # The name of the database file - filename: {{ matrix_mx_puppet_twitter_sqlite_database_path_in_container|to_json }} -{% endif %} - -logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: [] diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 deleted file mode 100644 index 7e1b1c32..00000000 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Mx Puppet Twitter bridge -{% for service in matrix_mx_puppet_twitter_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre={{ matrix_host_command_sleep }} 5 - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_mx_puppet_twitter_container_http_host_bind_port %} - -p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \ - {% endif %} - -e CONFIG_PATH=/config/config.yaml \ - -e REGISTRATION_PATH=/config/registration.yaml \ - -v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \ - -v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \ - {% for arg in matrix_mx_puppet_twitter_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_mx_puppet_twitter_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-mx-puppet-twitter - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml deleted file mode 100644 index 55f99101..00000000 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ /dev/null @@ -1,125 +0,0 @@ -# matrix-sms-bridge is a Matrix <-> SMS bridge -# See: https://github.com/benkuly/matrix-sms-bridge - -matrix_sms_bridge_enabled: true - -matrix_sms_bridge_version: 0.5.7 -matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" - -matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" -matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config" -matrix_sms_bridge_data_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data" - -matrix_sms_bridge_appservice_token: '' -matrix_sms_bridge_homeserver_token: '' - -matrix_sms_bridge_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_sms_bridge_container_extra_arguments: [] - -# List of systemd services that service depends on. -matrix_sms_bridge_systemd_required_services_list: ['docker.service'] - -# List of systemd services that service wants -matrix_sms_bridge_systemd_wanted_services_list: [] - -matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' -matrix_sms_bridge_homeserver_hostname: 'matrix-synapse' -matrix_sms_bridge_homeserver_port: '8008' - -matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" -matrix_sms_bridge_default_room: '' -matrix_sms_bridge_default_region: '' -matrix_sms_bridge_default_timezone: '' -matrix_sms_bridge_single_mode_enabled: false - -matrix_sms_bridge_provider_android_baseurl: '' -matrix_sms_bridge_provider_android_username: '' -matrix_sms_bridge_provider_android_password: '' -matrix_sms_bridge_provider_android_truststore_local_path: '' -matrix_sms_bridge_provider_android_truststore_password: '' - - -matrix_sms_bridge_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - - # Database connection - matrix: - bridge: - sms: - # (optional) SMS messages without a valid token a routed to this room. - # Note that you must invite @smsbot:yourHomeServer to this room. - defaultRoomId: "{{ matrix_sms_bridge_default_room }}" - defaultRegion: "{{ matrix_sms_bridge_default_region }}" - defaultTimeZone: "{{ matrix_sms_bridge_default_timezone }}" - singleModeEnabled: "{{ matrix_sms_bridge_single_mode_enabled }}" - provider: - android: - # (optional) default is disabled - enabled: true - # The url to the android-sms-gateway-server - baseUrl: {{ matrix_sms_bridge_provider_android_baseurl }} - # The username of the gateway - username: {{ matrix_sms_bridge_provider_android_username }} - # The password of the gateway - password: {{ matrix_sms_bridge_provider_android_password }} - # (optional) if you use a self signed certificate, you can add the public key here - {% if matrix_sms_bridge_provider_android_truststore_local_path %} - trustStore: - path: /config/matrix-sms-gateway-server.p12 - password: {{ matrix_sms_bridge_provider_android_truststore_password }} - type: PKCS12 - {% endif %} - bot: - # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org - serverName: {{ matrix_sms_bridge_homserver_domain }} - migration: - url: "jdbc:h2:file:/data/database/db" - username: sa - database: - url: "r2dbc:h2:file:////data/database/db" - username: sa - client: - homeServer: - # The hostname of your Homeserver. - hostname: {{ matrix_sms_bridge_homeserver_hostname }} - # (optional) The port of your Homeserver. Default is 443. - port: {{ matrix_sms_bridge_homeserver_port }} - # (optional) Use http or https. Default is true (so uses https). - secure: false - # The token to authenticate against the Homeserver. - token: {{ matrix_sms_bridge_appservice_token }} - appservice: - # A unique token for Homeservers to use to authenticate requests to this application service. - hsToken: {{ matrix_sms_bridge_homeserver_token }} - -matrix_sms_bridge_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_sms_bridge_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_sms_bridge_configuration_yaml`. - -matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml|from_yaml if matrix_sms_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" - -matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" - -matrix_sms_bridge_registration_yaml: | - id: sms - as_token: "{{ matrix_sms_bridge_appservice_token }}" - hs_token: "{{ matrix_sms_bridge_homeserver_token }}" - namespaces: - users: - - exclusive: true - regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$' - aliases: - - exclusive: true - regex: '^#sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$' - url: {{ matrix_sms_bridge_appservice_url }} - sender_localpart: smsbot - rate_limited: false - -matrix_sms_bridge_registration: "{{ matrix_sms_bridge_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml deleted file mode 100644 index 5979d132..00000000 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ /dev/null @@ -1,24 +0,0 @@ -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-sms-bridge role needs to execute before the matrix-synapse role. - when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}" - when: matrix_sms_bridge_enabled|bool - -# If the matrix-synapse role is not used, these variables may not exist. -- set_fact: - matrix_synapse_container_extra_arguments: > - {{ matrix_synapse_container_extra_arguments|default([]) }} - + - ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] - - matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files|default([]) }} - + - {{ ["/matrix-sms-bridge-registration.yaml"] }} - when: matrix_sms_bridge_enabled|bool diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/matrix-bridge-sms/tasks/main.yml deleted file mode 100644 index c1c499de..00000000 --- a/roles/matrix-bridge-sms/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_sms_bridge_enabled|bool" - tags: - - setup-all - - setup-matrix-sms-bridge - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_sms_bridge_enabled|bool" - tags: - - setup-all - - setup-matrix-sms-bridge - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_sms_bridge_enabled|bool" - tags: - - setup-all - - setup-matrix-sms-bridge diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml deleted file mode 100644 index 61de923f..00000000 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- - -- name: Ensure matrix-sms-bridge image is pulled - docker_image: - name: "{{ matrix_sms_bridge_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - -- name: Ensure matrix-sms-bridge paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_sms_bridge_base_path }}" - - "{{ matrix_sms_bridge_config_path }}" - - "{{ matrix_sms_bridge_data_path }}" - -- name: Ensure matrix-sms-bridge application.yml installed - copy: - content: "{{ matrix_sms_bridge_configuration|to_nice_yaml }}" - dest: "{{ matrix_sms_bridge_config_path }}/application.yml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-sms-bridge registration.yaml installed - copy: - content: "{{ matrix_sms_bridge_registration|to_nice_yaml }}" - dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure android-sms-gateway-server cert installed - copy: - src: "{{ matrix_sms_bridge_provider_android_truststore_local_path }}" - dest: "{{ matrix_sms_bridge_config_path }}/matrix-sms-gateway-server.p12" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_sms_bridge_provider_android_truststore_local_path != "" - -- name: Ensure matrix-sms-bridge.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" - mode: 0644 - register: matrix_sms_bridge_systemd_service_result - -- name: Ensure systemd reloaded after matrix-sms-bridge.service installation - service: - daemon_reload: yes - when: matrix_sms_bridge_systemd_service_result.changed \ No newline at end of file diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml deleted file mode 100644 index 03ddaad0..00000000 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Check existence of matrix-sms-bridge service - stat: - path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" - register: matrix_sms_bridge_service_stat - -- name: Ensure matrix-sms-bridge is stopped - service: - name: matrix-sms-bridge - state: stopped - daemon_reload: yes - when: "matrix_sms_bridge_service_stat.stat.exists" - -- name: Ensure matrix-sms-bridge.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" - state: absent - when: "matrix_sms_bridge_service_stat.stat.exists" \ No newline at end of file diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml deleted file mode 100644 index 6dc6ce9c..00000000 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: Fail if required settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_sms_bridge_appservice_token" - - "matrix_sms_bridge_homeserver_token" - - "matrix_sms_bridge_default_region" - - "matrix_sms_bridge_default_timezone" - - "matrix_sms_bridge_provider_android_baseurl" - - "matrix_sms_bridge_provider_android_username" - - "matrix_sms_bridge_provider_android_password" \ No newline at end of file diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 deleted file mode 100644 index 46c3463f..00000000 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix sms bridge -{% for service in matrix_sms_bridge_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_sms_bridge_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge -ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge - -# Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 - -ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_sms_bridge_container_http_host_bind_port %} - -p {{ matrix_sms_bridge_container_http_host_bind_port }}:8080 \ - {% endif %} - -v {{ matrix_sms_bridge_config_path }}:/config:z \ - -v {{ matrix_sms_bridge_data_path }}:/data:z \ - --env SPRING_CONFIG_ADDITIONAL_LOCATION=/config/application.yml \ - {% for arg in matrix_sms_bridge_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_sms_bridge_docker_image }} - -ExecStop=-/usr/bin/docker kill matrix-sms-bridge -ExecStop=-/usr/bin/docker rm matrix-sms-bridge -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-sms-bridge - - [Install] -WantedBy=multi-user.target diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml deleted file mode 100644 index e84d56cf..00000000 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ /dev/null @@ -1,68 +0,0 @@ -matrix_client_hydrogen_enabled: true - -# Self building is used by default because the `config.json` file is only read at build time. -# The pre-built images also were not functional as of 2021-05-15. -matrix_client_hydrogen_container_image_self_build: true -matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" - -matrix_client_hydrogen_version: v0.2.7 -matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" -matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" -matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" - -matrix_client_hydrogen_data_path: "{{ matrix_base_data_path }}/client-hydrogen" -matrix_client_hydrogen_docker_src_files_path: "{{ matrix_client_hydrogen_data_path }}/docker-src" - -# Controls whether the container exposes its HTTP port (tcp/8080 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. -matrix_client_hydrogen_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_client_hydrogen_container_extra_arguments: [] - -# List of systemd services that matrix-client-hydrogen.service depends on -matrix_client_hydrogen_systemd_required_services_list: ['docker.service'] - -# Controls whether the self-check feature should validate SSL certificates. -matrix_client_hydrogen_self_check_validate_certificates: true - -# config.json -matrix_client_hydrogen_default_hs_url: "" - -# Default Hydrogen configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_client_hydrogen_configuration_extension_json`) -# or completely replace this variable with your own template. -# -# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. -# This is unlike what it does when looking up YAML template files (no automatic parsing there). -matrix_client_hydrogen_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}" - -# Your custom JSON configuration for Hydrogen should go to `matrix_client_hydrogen_configuration_extension_json`. -# This configuration extends the default starting configuration (`matrix_client_hydrogen_configuration_default`). -# -# You can override individual variables from the default configuration, or introduce new ones. -# -# If you need something more special, you can take full control by -# completely redefining `matrix_client_hydrogen_configuration_default`. -# -# Example configuration extension follows: -# -# matrix_client_hydrogen_configuration_extension_json: | -# { -# "push": { -# "appId": "io.element.hydrogen.web", -# "gatewayUrl": "https://matrix.org", -# "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" -# }, -# "defaultHomeServer": "matrix.org" -# } -matrix_client_hydrogen_configuration_extension_json: '{}' - -matrix_client_hydrogen_configuration_extension: "{{ matrix_client_hydrogen_configuration_extension_json|from_json if matrix_client_hydrogen_configuration_extension_json|from_json is mapping else {} }}" - -# Holds the final Hydrogen configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_client_hydrogen_configuration_default`. -matrix_client_hydrogen_configuration: "{{ matrix_client_hydrogen_configuration_default|combine(matrix_client_hydrogen_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/matrix-client-hydrogen/tasks/init.yml deleted file mode 100644 index 8116a003..00000000 --- a/roles/matrix-client-hydrogen/tasks/init.yml +++ /dev/null @@ -1,10 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}" - when: matrix_client_hydrogen_enabled|bool diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml deleted file mode 100644 index 6534db05..00000000 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_client_hydrogen_enabled|bool" - tags: - - setup-all - - setup-client-hydrogen - -- import_tasks: "{{ role_path }}/tasks/setup.yml" - when: run_setup|bool - tags: - - setup-all - - setup-client-hydrogen diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml deleted file mode 100644 index c7407dcd..00000000 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}" - -- name: Check Hydrogen - uri: - url: "{{ matrix_client_hydrogen_url_endpoint_public }}" - follow_redirects: none - validate_certs: "{{ matrix_client_hydrogen_self_check_validate_certificates }}" - register: matrix_client_hydrogen_self_check_result - check_mode: no - ignore_errors: true - -- name: Fail if Hydrogen not working - fail: - msg: "Failed checking Hydrogen is up at `{{ matrix_server_fqn_hydrogen }}` (checked endpoint: `{{ matrix_client_hydrogen_url_endpoint_public }}`). Is Hydrogen running? Is port 443 open in your firewall? Full error: {{ matrix_client_hydrogen_self_check_result }}" - when: "matrix_client_hydrogen_self_check_result.failed or 'json' not in matrix_client_hydrogen_self_check_result" - -- name: Report working Hydrogen - debug: - msg: "Hydrogen at `{{ matrix_server_fqn_hydrogen }}` is working (checked endpoint: `{{ matrix_client_hydrogen_url_endpoint_public }}`)" diff --git a/roles/matrix-client-hydrogen/tasks/setup.yml b/roles/matrix-client-hydrogen/tasks/setup.yml deleted file mode 100644 index a4ff7c3c..00000000 --- a/roles/matrix-client-hydrogen/tasks/setup.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- - -# -# Tasks related to setting up Hydrogen -# - -- name: Ensure Hydrogen paths exists - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_client_hydrogen_data_path }}", when: true } - - { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" } - when: matrix_client_hydrogen_enabled|bool and item.when - -- name: Ensure Hydrogen Docker image is pulled - docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" - when: matrix_client_hydrogen_enabled|bool and not matrix_client_hydrogen_container_image_self_build - -- name: Ensure Hydrogen repository is present on self-build - git: - repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}" - dest: "{{ matrix_client_hydrogen_docker_src_files_path }}" - version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_client_hydrogen_git_pull_results - when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" - -- name: Ensure Hydrogen configuration installed - copy: - content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" - dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/assets/config.json" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" - -- name: Ensure Hydrogen additional config files installed - template: - src: "{{ item.src }}" - dest: "{{ matrix_client_hydrogen_data_path }}/{{ item.name }}" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - when: "matrix_client_hydrogen_enabled|bool and item.src is not none" - -# This step MUST come after the steps to install the configuration files because the config files -# are currently only read at build time, not at run time like most other components in the playbook -- name: Ensure Hydrogen Docker image is built - docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: build - force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: yes - when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" - -- name: Ensure matrix-client-hydrogen.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" - mode: 0644 - register: matrix_client_hydrogen_systemd_service_result - when: matrix_client_hydrogen_enabled|bool - -- name: Ensure systemd reloaded after matrix-client-hydrogen.service installation - service: - daemon_reload: yes - when: "matrix_client_hydrogen_enabled and matrix_client_hydrogen_systemd_service_result.changed" - -# -# Tasks related to getting rid of Hydrogen (if it was previously enabled) -# - -- name: Check existence of matrix-client-hydrogen.service - stat: - path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" - register: matrix_client_hydrogen_service_stat - when: "not matrix_client_hydrogen_enabled|bool" - -- name: Ensure matrix-client-hydrogen is stopped - service: - name: matrix-client-hydrogen - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists" - -- name: Ensure matrix-client-hydrogen.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" - state: absent - when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-client-hydrogen.service removal - service: - daemon_reload: yes - when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists" - -- name: Ensure Hydrogen paths doesn't exist - file: - path: "{{ matrix_client_hydrogen_data_path }}" - state: absent - when: "not matrix_client_hydrogen_enabled|bool" - -- name: Ensure Hydrogen Docker image doesn't exist - docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - state: absent - when: "not matrix_client_hydrogen_enabled|bool" diff --git a/roles/matrix-client-hydrogen/tasks/validate_config.yml b/roles/matrix-client-hydrogen/tasks/validate_config.yml deleted file mode 100644 index d3b9a709..00000000 --- a/roles/matrix-client-hydrogen/tasks/validate_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Fail if required Hydrogen settings not defined - fail: - msg: > - You need to define a required configuration setting (`{{ item }}`) to use Hydrogen. - when: "(vars[item] == '' or vars[item] is none) and matrix_client_hydrogen_container_image_self_build|bool" - with_items: - - "matrix_client_hydrogen_default_hs_url" diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 deleted file mode 100644 index 62a849b0..00000000 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{ - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }} -} diff --git a/roles/matrix-client-hydrogen/templates/nginx.conf.j2 b/roles/matrix-client-hydrogen/templates/nginx.conf.j2 deleted file mode 100644 index fba16bbd..00000000 --- a/roles/matrix-client-hydrogen/templates/nginx.conf.j2 +++ /dev/null @@ -1,66 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# This is a custom nginx configuration file that we use in the container (instead of the default one), -# because it allows us to run nginx with a non-root user. -# -# For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed. -# (mounting `/dev/null` over `/etc/nginx/conf.d/default.conf` works well) -# -# The following changes have been done compared to a default nginx configuration file: -# - default server port is changed (80 -> 8080), so that a non-root user can bind it -# - various temp paths are changed to `/tmp`, so that a non-root user can write to them -# - the `user` directive was removed, as we don't want nginx to switch users - -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /tmp/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - proxy_temp_path /tmp/proxy_temp; - client_body_temp_path /tmp/client_temp; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - server { - listen 8080; - server_name localhost; - - root /usr/share/nginx/html; - - location / { - index index.html index.htm; - } - - location ~* ^/(config(.+)?\.json$|(.+)\.html$|i18n) { - expires -1; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } -} diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 deleted file mode 100644 index c85aeb97..00000000 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ /dev/null @@ -1,39 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Hydrogen Client -{% for service in matrix_client_hydrogen_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - {% if matrix_client_hydrogen_container_http_host_bind_port %} - -p {{ matrix_client_hydrogen_container_http_host_bind_port }}:8080 \ - {% endif %} - --tmpfs=/tmp:rw,noexec,nosuid,size=10m \ - --mount type=bind,src={{ matrix_client_hydrogen_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \ - {% for arg in matrix_client_hydrogen_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_client_hydrogen_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-client-hydrogen - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml deleted file mode 100644 index 313f79a8..00000000 --- a/roles/matrix-corporal/defaults/main.yml +++ /dev/null @@ -1,106 +0,0 @@ -# matrix-corporal is a reconciliator and gateway for a managed Matrix server. -# See: https://github.com/devture/matrix-corporal - -matrix_corporal_enabled: true - -matrix_corporal_container_image_self_build: false -matrix_corporal_container_image_self_build_repo: "https://github.com/devture/matrix-corporal.git" - -# Controls whether the matrix-corporal container exposes its gateway HTTP port (tcp/41080 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:41080"), or empty string to not expose. -matrix_corporal_container_http_gateway_host_bind_port: '' - -# Controls whether the matrix-corporal container exposes its API HTTP port (tcp/41081 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:41081"), or empty string to not expose. -matrix_corporal_container_http_api_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_corporal_container_extra_arguments: [] - -# List of systemd services that matrix-corporal.service depends on -matrix_corporal_systemd_required_services_list: ['docker.service'] - -matrix_corporal_version: 2.1.2 -matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" -matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility -matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" - -matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" -matrix_corporal_container_src_files_path: "{{ matrix_corporal_base_path }}/container-src" -matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config" -matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache" -matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" - -matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}" - -# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008"). -# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`. -matrix_corporal_matrix_homeserver_api_endpoint: "" - -# The shared secret between matrix-corporal and Synapse's shared-secret-auth password provider module. -# To use matrix-corporal, the shared-secret-auth password provider needs to be enabled and the secret needs to be identical. -matrix_corporal_matrix_auth_shared_secret: "" - -# The shared secret for registering users with Synapse. -# Needs to be identical to Synapse's `registration_shared_secret` setting. -matrix_corporal_matrix_registration_shared_secret: "" - -matrix_corporal_matrix_timeout_milliseconds: 45000 - -matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 -matrix_corporal_corporal_user_id_local_part: "matrix-corporal" - -matrix_corporal_http_gateway_timeout_milliseconds: 60000 - -# If enabled, matrix-corporal exposes a `POST /_matrix/corporal/_matrix-internal/identity/v1/check_credentials` API -# on the gateway (Client-Server API) server. -# This API can then be used together with the REST Auth password provider by pointing it to matrix-corporal (e.g. `http://matrix-corporal:41080/_matrix/corporal`). -# Doing so allows Interactive Authentication to work. -matrix_corporal_http_gateway_internal_rest_auth_enabled: false - -matrix_corporal_http_api_enabled: false -matrix_corporal_http_api_auth_token: "" -matrix_corporal_http_api_timeout_milliseconds: 15000 - -# Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value) -matrix_corporal_policy_provider_config: "" - -matrix_corporal_debug: false - - -# Default Corporal configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_corporal_configuration_extension_json`) -# or completely replace this variable with your own template. -# -# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. -# This is unlike what it does when looking up YAML template files (no automatic parsing there). -matrix_corporal_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}" - -# Your custom JSON configuration for Corporal should go to `matrix_corporal_configuration_extension_json`. -# This configuration extends the default starting configuration (`matrix_corporal_configuration_default`). -# -# You can override individual variables from the default configuration, or introduce new ones. -# -# If you need something more special, you can take full control by -# completely redefining `matrix_corporal_configuration_default`. -# -# Example configuration extension follows: -# -# matrix_corporal_configuration_extension_json: | -# { -# "Matrix": { -# "TimeoutMilliseconds": 60000 -# } -# } -matrix_corporal_configuration_extension_json: '{}' - -matrix_corporal_configuration_extension: "{{ matrix_corporal_configuration_extension_json|from_json if matrix_corporal_configuration_extension_json|from_json is mapping else {} }}" - -# Holds the final Corporal configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_corporal_configuration_default`. -matrix_corporal_configuration: "{{ matrix_corporal_configuration_default|combine(matrix_corporal_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml deleted file mode 100644 index e5062c27..00000000 --- a/roles/matrix-corporal/tasks/init.yml +++ /dev/null @@ -1,10 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}" - when: matrix_corporal_enabled|bool diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml deleted file mode 100644 index 90c8105c..00000000 --- a/roles/matrix-corporal/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_corporal_enabled|bool" - tags: - - setup-all - - setup-corporal - -- import_tasks: "{{ role_path }}/tasks/setup_corporal.yml" - when: run_setup|bool - tags: - - setup-all - - setup-corporal - -- import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check|bool and matrix_corporal_enabled|bool" - tags: - - self-check diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml deleted file mode 100644 index f7c15109..00000000 --- a/roles/matrix-corporal/tasks/self_check_corporal.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- set_fact: - corporal_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/corporal" - -- name: Check Matrix Corporal HTTP gateway - uri: - url: "{{ corporal_client_api_url_endpoint_public }}" - follow_redirects: none - return_content: true - check_mode: no - register: result_corporal_client_api - ignore_errors: true - -- name: Fail if Matrix Corporal HTTP gateway not working - fail: - msg: "Failed checking Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`). Is matrix-corporal running? Is port 443 open in your firewall? Full error: {{ result_corporal_client_api }}" - when: "result_corporal_client_api.failed or 'Matrix Client-Server API protected by Matrix Corporal' not in result_corporal_client_api.content" - -- name: Report working Matrix Corporal HTTP gateway - debug: - msg: "Matrix Corporal is fronting the Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ corporal_client_api_url_endpoint_public }}`)" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml deleted file mode 100644 index e668de27..00000000 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-corporal -# - -- name: Ensure Matrix Corporal paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_corporal_config_dir_path }}" - - "{{ matrix_corporal_cache_dir_path }}" - - "{{ matrix_corporal_var_dir_path }}" - when: matrix_corporal_enabled|bool - -- name: Ensure Matrix Corporal repository is present on self-build - git: - repo: "{{ matrix_corporal_container_image_self_build_repo }}" - dest: "{{ matrix_corporal_container_src_files_path }}" - version: "{{ matrix_corporal_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_corporal_git_pull_results - when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" - -- name: Ensure Matrix Corporal Docker image is built - docker_image: - name: "{{ matrix_corporal_docker_image }}" - source: build - force_source: "{{ matrix_corporal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_git_pull_results.changed }}" - build: - dockerfile: etc/docker/Dockerfile - path: "{{ matrix_corporal_container_src_files_path }}" - pull: yes - when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool" - -- name: Ensure Matrix Corporal Docker image is pulled - docker_image: - name: "{{ matrix_corporal_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" - when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" - -- name: Ensure Matrix Corporal config installed - copy: - content: "{{ matrix_corporal_configuration|to_nice_json }}" - dest: "{{ matrix_corporal_config_dir_path }}/config.json" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_corporal_enabled|bool - -- name: Ensure matrix-corporal.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-corporal.service" - mode: 0644 - register: matrix_corporal_systemd_service_result - when: matrix_corporal_enabled|bool - -- name: Ensure systemd reloaded after matrix-corporal.service installation - service: - daemon_reload: yes - when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" - - -# -# Tasks related to getting rid of matrix-corporal (if it was previously enabled) -# - -- name: Check existence of matrix-corporal service - stat: - path: "{{ matrix_systemd_path }}/matrix-corporal.service" - register: matrix_corporal_service_stat - when: "not matrix_corporal_enabled|bool" - -- name: Ensure matrix-corporal is stopped - service: - name: matrix-corporal - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - -- name: Ensure matrix-corporal.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-corporal.service" - state: absent - when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-corporal.service removal - service: - daemon_reload: yes - when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - -- name: Ensure matrix-corporal files don't exist - file: - path: "{{ item }}" - state: absent - with_items: - - "{{ matrix_systemd_path }}/matrix-corporal.service" - - "{{ matrix_corporal_config_dir_path }}/config.json" - when: "not matrix_corporal_enabled|bool" - -- name: Ensure Matrix Corporal Docker image doesn't exist - docker_image: - name: "{{ matrix_corporal_docker_image }}" - state: absent - when: "not matrix_corporal_enabled|bool" diff --git a/roles/matrix-corporal/tasks/validate_config.yml b/roles/matrix-corporal/tasks/validate_config.yml deleted file mode 100644 index a8930e7e..00000000 --- a/roles/matrix-corporal/tasks/validate_config.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Fail if required matrix-corporal settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal. - when: "vars[item] == ''" - with_items: - - "matrix_corporal_matrix_homeserver_api_endpoint" - - "matrix_corporal_matrix_auth_shared_secret" - - "matrix_corporal_matrix_registration_shared_secret" - - "matrix_corporal_policy_provider_config" - -- name: Fail if HTTP API enabled, but no token set - fail: - msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" - when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" - -- name: (Deprecation) Catch and report renamed corporal variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_corporal_container_expose_ports', 'new': ''} - - {'old': 'matrix_corporal_reconciliation_user_id_local_part', 'new': 'matrix_corporal_corporal_user_id_local_part'} diff --git a/roles/matrix-corporal/templates/config.json.j2 b/roles/matrix-corporal/templates/config.json.j2 deleted file mode 100644 index 9b4c7414..00000000 --- a/roles/matrix-corporal/templates/config.json.j2 +++ /dev/null @@ -1,38 +0,0 @@ -{ - "Matrix": { - "HomeserverDomainName": "{{ matrix_corporal_matrix_homeserver_domain_name }}", - "HomeserverApiEndpoint": "{{ matrix_corporal_matrix_homeserver_api_endpoint }}", - "AuthSharedSecret": "{{ matrix_corporal_matrix_auth_shared_secret }}", - "RegistrationSharedSecret": "{{ matrix_corporal_matrix_registration_shared_secret }}", - "TimeoutMilliseconds": {{ matrix_corporal_matrix_timeout_milliseconds }} - }, - - "Corporal": { - "UserID": "@{{ matrix_corporal_corporal_user_id_local_part }}:{{ matrix_domain }}" - }, - - "Reconciliation": { - "RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }} - }, - - "HttpGateway": { - "ListenAddress": "0.0.0.0:41080", - "TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }}, - "InternalRESTAuth": { - "Enabled": {{ matrix_corporal_http_gateway_internal_rest_auth_enabled|to_json }} - } - }, - - "HttpApi": { - "Enabled": {{ matrix_corporal_http_api_enabled|to_json }}, - "ListenAddress": "0.0.0.0:41081", - "AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}", - "TimeoutMilliseconds": {{ matrix_corporal_http_api_timeout_milliseconds }} - }, - - "PolicyProvider": {{ matrix_corporal_policy_provider_config }}, - - "Misc": { - "Debug": {{ matrix_corporal_debug|to_json }} - } -} diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 deleted file mode 100644 index 262e2e77..00000000 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ /dev/null @@ -1,44 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Corporal -{% for service in matrix_corporal_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - {% if matrix_corporal_container_http_gateway_host_bind_port %} - -p {{ matrix_corporal_container_http_gateway_host_bind_port }}:41080 \ - {% endif %} - {% if matrix_corporal_container_http_api_host_bind_port %} - -p {{ matrix_corporal_container_http_api_host_bind_port }}:41081 \ - {% endif %} - --mount type=bind,src={{ matrix_corporal_config_dir_path }},dst=/etc/matrix-corporal,ro \ - --mount type=bind,src={{ matrix_corporal_cache_dir_path }},dst=/var/cache/matrix-corporal \ - --mount type=bind,src={{ matrix_corporal_var_dir_path }},dst=/var/matrix-corporal \ - {% for arg in matrix_corporal_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_corporal_docker_image }} \ - /matrix-corporal -config=/etc/matrix-corporal/config.json - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-corporal - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml deleted file mode 100644 index f7a84ca1..00000000 --- a/roles/matrix-dimension/defaults/main.yml +++ /dev/null @@ -1,91 +0,0 @@ -matrix_dimension_enabled: false - -# You are required to specify an access token for Dimension to work. -# For information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens -matrix_dimension_access_token: "" - -# Users in form: ['@user1:domain.com', '@user2:domain.com'] -matrix_dimension_admins: [] - -# Whether to allow Dimension widgets serve websites with invalid or self signed SSL certificates -matrix_dimension_widgets_allow_self_signed_ssl_certificates: false - -matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension" - -matrix_dimension_version: latest -matrix_dimension_docker_image: "{{ matrix_container_global_registry_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}" -matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}" - -# List of systemd services that matrix-dimension.service depends on. -matrix_dimension_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-dimension.service wants -matrix_dimension_systemd_wanted_services_list: [] - -# The user and group id correspond to the node user in the `turt2live/matrix-dimension` image. -matrix_dimension_user_uid: '1000' -matrix_dimension_user_gid: '1000' - -# Controls whether the matrix-dimension container exposes its HTTP port (tcp/8184 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8184"), or empty string to not expose. -matrix_dimension_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_dimension_container_extra_arguments: [] - -matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element" -matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar" -matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] -matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" - -matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048" - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_dimension_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_dimension_postgres_*` variables -matrix_dimension_database_engine: 'sqlite' - -matrix_dimension_sqlite_database_path_local: "{{ matrix_dimension_base_path }}/dimension.db" -matrix_dimension_sqlite_database_path_in_container: "dimension.db" - -matrix_dimension_database_username: 'matrix_dimension' -matrix_dimension_database_password: 'some-password' -matrix_dimension_database_hostname: 'matrix-postgres' -matrix_dimension_database_port: 5432 -matrix_dimension_database_name: 'matrix_dimension' - -matrix_dimension_database_connection_string: 'postgres://{{ matrix_dimension_database_username }}:{{ matrix_dimension_database_password }}@{{ matrix_dimension_database_hostname }}:{{ matrix_dimension_database_port }}/{{ matrix_dimension_database_name }}' - - -# Default Dimension configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_dimension_configuration_extension_yaml: | - # Your custom YAML configuration for Dimension goes here. - # This configuration extends the default starting configuration (`matrix_dimension_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_dimension_configuration_yaml`. - # - # Example configuration extension follows: - # telegram: - # botToken: "YourTokenHere" - # - -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final Dimension configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_dimension_configuration_yaml`. -matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml|from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml deleted file mode 100644 index 85ca04ea..00000000 --- a/roles/matrix-dimension/tasks/init.yml +++ /dev/null @@ -1,3 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" - when: matrix_dimension_enabled|bool diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml deleted file mode 100644 index aad55286..00000000 --- a/roles/matrix-dimension/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool - tags: - - setup-all - - setup-dimension - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup|bool and matrix_dimension_enabled|bool - tags: - - setup-all - - setup-dimension - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup|bool and not matrix_dimension_enabled|bool - tags: - - setup-all - - setup-dimension diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml deleted file mode 100644 index 804be88d..00000000 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- - -- set_fact: - matrix_dimension_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_dimension_sqlite_database_path_local }}" - register: matrix_dimension_sqlite_database_path_local_stat_result - - - block: - # pgloader makes a few columns `smallint`, instead of `boolean`. - # We need to fix them up. - - set_fact: - matrix_dimension_pgloader_additional_psql_statements_list: [] - - - set_fact: - matrix_dimension_pgloader_additional_psql_statements_list: | - {{ - matrix_dimension_pgloader_additional_psql_statements_list - + - ([] if item.default == '' else ['ALTER TABLE ' + item.table + ' ALTER COLUMN "' + item.column + '" DROP default;']) - + - (['ALTER TABLE ' + item.table + ' ALTER COLUMN "' + item.column + '" TYPE BOOLEAN USING("' + item.column + '"::text::boolean);']) - + - ([] if item.default == '' else ['ALTER TABLE ' + item.table + ' ALTER COLUMN "' + item.column + '" SET default ' + item.default + ';']) - }} - with_items: - - {'table': 'dimension_widgets', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_widgets', 'column': 'isPublic', 'default': ''} - - {'table': 'dimension_webhook_bridges', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_user_sticker_packs', 'column': 'isSelected', 'default': ''} - - {'table': 'dimension_scalar_tokens', 'column': 'isDimensionToken', 'default': ''} - - {'table': 'dimension_users', 'column': 'isSelfBot', 'default': 'false'} - - {'table': 'dimension_telegram_bridges', 'column': 'allowTgPuppets', 'default': ''} - - {'table': 'dimension_telegram_bridges', 'column': 'allowMxPuppets', 'default': ''} - - {'table': 'dimension_telegram_bridges', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_sticker_packs', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_sticker_packs', 'column': 'isPublic', 'default': ''} - - {'table': 'dimension_slack_bridges', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_neb_integrations', 'column': 'isPublic', 'default': ''} - - {'table': 'dimension_neb_integrations', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_irc_bridges', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_irc_bridge_networks', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_gitter_bridges', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_custom_simple_bots', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_custom_simple_bots', 'column': 'isPublic', 'default': ''} - - {'table': 'dimension_bridges', 'column': 'isEnabled', 'default': ''} - - {'table': 'dimension_bridges', 'column': 'isPublic', 'default': ''} - - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_dimension_sqlite_database_path_local }}" - dst: "{{ matrix_dimension_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_dimension_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-dimension.service'] - pgloader_options: ['--with "quote identifiers"'] - additional_psql_statements_list: "{{ matrix_dimension_pgloader_additional_psql_statements_list }}" - additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}" - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_dimension_requires_restart: true - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_dimension_database_engine == 'postgres'" - -- name: Ensure Dimension base path exists - file: - path: "{{ matrix_dimension_base_path }}" - state: directory - mode: 0770 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_dimension_user_gid }}" - -- name: Ensure Dimension config installed - copy: - content: "{{ matrix_dimension_configuration|to_nice_yaml }}" - dest: "{{ matrix_dimension_base_path }}/config.yaml" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_dimension_user_gid }}" - -- name: Ensure Dimension image is pulled - docker_image: - name: "{{ matrix_dimension_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" - -- name: Ensure matrix-dimension.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-dimension.service" - mode: 0644 - register: matrix_dimension_systemd_service_result - -- name: Ensure systemd reloaded after matrix-dimension.service installation - service: - daemon_reload: yes - when: "matrix_dimension_systemd_service_result.changed|bool" - -- name: Ensure matrix-dimension.service restarted, if necessary - service: - name: "matrix-dimension.service" - state: restarted - when: "matrix_dimension_requires_restart|bool" diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml deleted file mode 100644 index 9bc4ac8b..00000000 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-dimension service - stat: - path: "{{ matrix_systemd_path }}/matrix-dimension.service" - register: matrix_dimension_service_stat - -- name: Ensure matrix-dimension is stopped - service: - name: matrix-dimension - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_dimension_service_stat.stat.exists|bool" - -- name: Ensure matrix-dimension.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-dimension.service" - state: absent - when: "matrix_dimension_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-dimension.service removal - service: - daemon_reload: yes - when: "matrix_dimension_service_stat.stat.exists|bool" - -- name: Ensure Dimension base directory doesn't exist - file: - path: "{{ matrix_dimension_base_path }}" - state: absent - -- name: Ensure Dimension Docker image doesn't exist - docker_image: - name: "{{ matrix_dimension_docker_image }}" - state: absent diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml deleted file mode 100644 index ead8352b..00000000 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Fail if required Dimension settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`) for using Dimension. - with_items: - - "matrix_dimension_access_token" - when: "matrix_dimension_enabled and vars[item] == ''" - -- name: (Deprecation) Catch and report renamed Dimension variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_dimension_container_expose_port', 'new': ''} diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 deleted file mode 100644 index 39721d71..00000000 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ /dev/null @@ -1,85 +0,0 @@ -#jinja2: lstrip_blocks: True -# The web settings for the service (API and UI). -# It is best to have this run on localhost and use a reverse proxy to access Dimension. -web: - port: 8184 - address: '0.0.0.0' - -# Homeserver configuration -homeserver: - # The domain name of the homeserver. This is used in many places, such as with go-neb - # setups, to identify the homeserver. - name: "{{ matrix_domain }}" - - # The URL that Dimension, go-neb, and other services provisioned by Dimension should - # use to access the homeserver with. - clientServerUrl: "{{ matrix_homeserver_container_url }}" - - # The URL that Dimension should use when trying to communicate with federated APIs on - # the homeserver. If not supplied or left empty Dimension will try to resolve the address - # through the normal federation process. - federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}" - - # The URL that Dimension will redirect media requests to for downloading media such as - # stickers. If not supplied or left empty Dimension will use the clientServerUrl. - mediaUrl: "https://{{ matrix_server_fqn_matrix }}" - - # The access token Dimension should use for miscellaneous access to the homeserver. This - # should be for a user on the configured homeserver: any user will do, however it is - # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on - # how to acquire an access token, visit https://t2bot.io/docs/access_tokens - accessToken: "{{ matrix_dimension_access_token }}" - -# These users can modify the integrations this Dimension supports. -# To access the admin interface, open Dimension in Element and click the settings icon. -admins: {{ matrix_dimension_admins|to_json }} - -# IPs and CIDR ranges listed here will be blocked from being widgets. -# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. -widgetBlacklist: - - 10.0.0.0/8 - - 172.16.0.0/12 - - 192.168.0.0/16 - - 127.0.0.0/8 - -# Where the database for Dimension is -database: -{% if matrix_dimension_database_engine == 'sqlite' %} - file: {{ matrix_dimension_sqlite_database_path_in_container|to_json }} -{% elif matrix_dimension_database_engine == 'postgres' %} - uri: {{ matrix_dimension_database_connection_string|to_json }} -{% endif %} - -# Display settings that apply to self-hosted go-neb instances -goneb: - # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver - # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, - # make the bot's avatar an empty string. - avatars: - giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" - imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" - github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" - wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" - travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" - rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" - google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" - guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" - echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" - circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" - jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" - -# Settings for how Dimension is represented to the public -dimension: - # This is where Dimension is accessible from clients. Be sure to set this - # to your own Dimension instance. - publicUrl: "https://{{ matrix_server_fqn_dimension }}" - -# Settings for controlling how logging works -logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 deleted file mode 100644 index e27a5558..00000000 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ /dev/null @@ -1,48 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Dimension -{% for service in matrix_dimension_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_dimension_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' - -# Fixup database ownership if it got changed somehow (during a server migration, etc.) -{% if matrix_dimension_database_engine == 'sqlite' %} -ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_sqlite_database_path_local }} -{% endif %} - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ - --log-driver=none \ - --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_dimension_widgets_allow_self_signed_ssl_certificates %} - -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ - {% endif %} - {% if matrix_dimension_container_http_host_bind_port %} - -p {{ matrix_dimension_container_http_host_bind_port }}:8184 \ - {% endif %} - --mount type=bind,src={{ matrix_dimension_base_path }},dst=/data \ - {% for arg in matrix_dimension_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_dimension_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-dimension - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-dimension/vars/main.yml b/roles/matrix-dimension/vars/main.yml deleted file mode 100644 index 107bb4fa..00000000 --- a/roles/matrix-dimension/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -# Doing `|from_yaml` when the extension contains nothing yields an empty string (""). -# We need to ensure it's a dictionary or `|combine` (when building `matrix_dimension_configuration`) will fail later. -matrix_dimension_configuration_extension: "{{ matrix_dimension_configuration_extension_yaml|from_yaml if matrix_dimension_configuration_extension_yaml|from_yaml else {} }}" \ No newline at end of file diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml deleted file mode 100644 index 3411d0f8..00000000 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Whether dynamic dns is enabled -matrix_dynamic_dns_enabled: true - -# The dynamic dns daemon interval -matrix_dynamic_dns_daemon_interval: '300' - -matrix_dynamic_dns_version: v3.9.1-ls45 - -# The docker container to use when in mode -matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" - -matrix_dynamic_dns_docker_image_name_prefix: "{{ 'localhost/' if matrix_dynamic_dns_container_image_self_build else matrix_container_global_registry_prefix }}" - -# The image to force pull -matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}" - -# List of extra arguments to pass to the ontainer mode -matrix_dynamic_dns_container_extra_arguments: [] - -# List of wanted services when running in mode -matrix_dynamic_dns_systemd_wanted_services_list: [] - -# List of required services when running in mode -matrix_dynamic_dns_systemd_required_services_list: ['docker.service'] - -# Build the container from source when running in mode -matrix_dynamic_dns_container_image_self_build: false -matrix_dynamic_dns_container_image_self_build_repo: "https://github.com/linuxserver/docker-ddclient.git" - -# Config paths -matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns" -matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config" -matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src" - -# Holds the configurations (the domains to update DNS for, the providers they use, etc.) -# -# Example: -# matrix_dynamic_dns_domain_configurations: -# - provider: domains.google.com -# protocol: dyndn2 -# username: XXXXXXXXXXXXXXXX -# password: XXXXXXXXXXXXXXXX -# domain: "{{ matrix_domain }}" -matrix_dynamic_dns_domain_configurations: [] - -# Config options -matrix_dynamic_dns_additional_configuration_blocks: [] -matrix_dynamic_dns_use: "web" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/matrix-dynamic-dns/tasks/init.yml deleted file mode 100644 index e7d33ff2..00000000 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ /dev/null @@ -1,10 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}" - when: "matrix_dynamic_dns_enabled|bool" diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml deleted file mode 100644 index ac69ec89..00000000 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- - -- name: Ensure Dynamic DNS image is pulled - docker_image: - name: "{{ matrix_dynamic_dns_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" - when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build - -- name: Ensure Dynamic DNS paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0751 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_dynamic_dns_base_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_config_path }}", when: true } - - { path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}" } - when: matrix_dynamic_dns_enabled|bool and item.when|bool - -- name: Ensure Dynamic DNS repository is present on self build - git: - repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}" - dest: "{{ matrix_dynamic_dns_docker_src_files_path }}" - force: "yes" - register: matrix_dynamic_dns_git_pull_results - when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" - -- name: Ensure Dynamic DNS Docker image is built - docker_image: - name: "{{ matrix_dynamic_dns_docker_image }}" - source: build - force_source: "{{ matrix_dynamic_dns_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_dynamic_dns_docker_src_files_path }}" - pull: yes - when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool" - -- name: Ensure Dynamic DNS ddclient.conf installed - template: - src: "{{ role_path }}/templates/ddclient.conf.j2" - dest: "{{ matrix_dynamic_dns_config_path }}/ddclient.conf" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-dynamic-dns.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-dynamic-dns.service.j2" - dest: "/etc/systemd/system/matrix-dynamic-dns.service" - mode: 0644 - register: matrix_dynamic_dns_systemd_service_result - -- name: Ensure systemd reloaded after matrix-dynamic-dns.service installation - service: - daemon_reload: yes - when: "matrix_dynamic_dns_systemd_service_result.changed" diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/matrix-dynamic-dns/tasks/main.yml deleted file mode 100644 index f9aaab8f..00000000 --- a/roles/matrix-dynamic-dns/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_dynamic_dns_enabled|bool" - tags: - - setup-all - - setup-dynamic-dns - -- import_tasks: "{{ role_path }}/tasks/install.yml" - when: "run_setup|bool and matrix_dynamic_dns_enabled|bool" - tags: - - setup-all - - setup-dynamic-dns - -- import_tasks: "{{ role_path }}/tasks/uninstall.yml" - when: "run_setup|bool and not matrix_dynamic_dns_enabled|bool" - tags: - - setup-all - - setup-dynamic-dns diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml deleted file mode 100644 index f3caba25..00000000 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Check existence of matrix-dynamic-dns service - stat: - path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" - register: matrix_dynamic_dns_service_stat - -- name: Ensure matrix-dynamic-dns is stopped - service: - name: matrix-dynamic-dns - state: stopped - daemon_reload: yes - when: "matrix_dynamic_dns_service_stat.stat.exists" - -- name: Ensure matrix-dynamic-dns.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" - state: absent - when: "matrix_dynamic_dns_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-dynamic-dns.service removal - service: - daemon_reload: yes - when: "matrix_dynamic_dns_service_stat.stat.exists" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-dynamic-dns/tasks/validate_config.yml b/roles/matrix-dynamic-dns/tasks/validate_config.yml deleted file mode 100644 index 8f0001ea..00000000 --- a/roles/matrix-dynamic-dns/tasks/validate_config.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Fail if no configurations specified - fail: - msg: >- - You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns. - when: "matrix_dynamic_dns_domain_configurations|length == 0" - -- name: Fail if required settings not defined in configuration blocks - fail: - msg: >- - One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, provider, protocol). - when: "'domain' not in configuration or 'provider' not in configuration or 'protocol' not in configuration" - with_items: "{{ matrix_dynamic_dns_domain_configurations }}" - loop_control: - loop_var: configuration diff --git a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 b/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 deleted file mode 100644 index 1480d834..00000000 --- a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 +++ /dev/null @@ -1,26 +0,0 @@ -daemon={{ matrix_dynamic_dns_daemon_interval }} -syslog=no -pid=/var/run/ddclient/ddclient.pid -ssl=yes -use={{ matrix_dynamic_dns_use }} - -{% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %} -protocol={{ dynamic_dns_domain_configuration.protocol }} -server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %} -login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %} -password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %} -static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %} -custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %} -zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %} -ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %} -mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %} -wildcard=yes {% endif %} -{{ dynamic_dns_domain_configuration.domain }} - -{% endfor %} - - -{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %} -{{ matrix_dynamic_dns_additional_configuration }} - -{% endfor %} diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 deleted file mode 100644 index dfdd2f72..00000000 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ /dev/null @@ -1,36 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Dynamic DNS -{% for service in matrix_dynamic_dns_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_dynamic_dns_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - -e PUID={{ matrix_user_uid }} \ - -e PGID={{ matrix_user_gid }} \ - -v {{ matrix_dynamic_dns_config_path }}:/config:z \ - {% for arg in matrix_dynamic_dns_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_dynamic_dns_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-dynamic-dns - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml deleted file mode 100644 index 3dfabc1a..00000000 --- a/roles/matrix-email2matrix/defaults/main.yml +++ /dev/null @@ -1,50 +0,0 @@ -matrix_email2matrix_enabled: true - -matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" -matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config" -matrix_email2matrix_docker_src_files_path: "{{ matrix_email2matrix_base_path }}/docker-src" - -matrix_email2matrix_container_image_self_build: false -matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" -matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" - -matrix_email2matrix_version: 1.0.1 -matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" -matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_email2matrix_container_extra_arguments: [] - -# List of systemd services that matrix-corporal.service depends on -matrix_email2matrix_systemd_required_services_list: ['docker.service'] - -# Controls where the matrix-email2matrix container exposes the SMTP (tcp/2525 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:2525"). -# -# By default, we listen on port 25 on all of the host's network interfaces. -matrix_email2matrix_smtp_host_bind_port: "25" - -matrix_email2matrix_smtp_hostname: "{{ matrix_server_fqn_matrix }}" - -# A list of mailbox to Matrix mappings. -# -# Example: -# matrix_email2matrix_matrix_mappings: -# - MailboxName: "mailbox1" -# MatrixRoomId: "!bpcwlxIUxVvvgXcbjy:example.com" -# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}" -# MatrixUserId": "@email2matrix:{{ matrix_domain }}" -# MatrixAccessToken": "TOKEN_HERE" -# IgnoreSubject: false -# -# - MailboxName: "mailbox2" -# MatrixRoomId: "!another:example.com" -# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}" -# MatrixUserId": "@email2matrix:{{ matrix_domain }}" -# MatrixAccessToken": "TOKEN_HERE" -# IgnoreSubject: true -matrix_email2matrix_matrix_mappings: [] - -matrix_email2matrix_misc_debug: false diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml deleted file mode 100644 index 0c8ffc0c..00000000 --- a/roles/matrix-email2matrix/tasks/init.yml +++ /dev/null @@ -1,3 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" - when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml deleted file mode 100644 index 77be7279..00000000 --- a/roles/matrix-email2matrix/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_email2matrix_enabled|bool" - tags: - - setup-all - - setup-email2matrix - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_email2matrix_enabled|bool" - tags: - - setup-all - - setup-email2matrix - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_email2matrix_enabled|bool" - tags: - - setup-all - - setup-email2matrix diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml deleted file mode 100644 index 7805c2c1..00000000 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- - -- name: Ensure Email2Matrix paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_email2matrix_base_path }}", when: true } - - { path: "{{ matrix_email2matrix_config_dir_path }}", when: true } - - { path: "{{ matrix_email2matrix_docker_src_files_path }}", when: "{{ matrix_email2matrix_container_image_self_build }}"} - when: "item.when|bool" - -- name: Ensure Email2Matrix configuration file created - template: - src: "{{ role_path }}/templates/config.json.j2" - dest: "{{ matrix_email2matrix_config_dir_path }}/config.json" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0640 - -- name: Ensure Email2Matrix image is pulled - docker_image: - name: "{{ matrix_email2matrix_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" - when: "not matrix_email2matrix_container_image_self_build|bool" - -- name: Ensure Email2Matrix repository is present on self-build - git: - repo: "{{ matrix_email2matrix_container_image_self_build_repo }}" - dest: "{{ matrix_email2matrix_docker_src_files_path }}" - version: "{{ matrix_email2matrix_container_image_self_build_branch }}" - force: "yes" - register: matrix_email2matrix_git_pull_results - when: "matrix_email2matrix_container_image_self_build|bool" - -- name: Ensure Email2Matrix Docker image is built - docker_image: - name: "{{ matrix_email2matrix_docker_image }}" - source: build - force_source: "{{ matrix_email2matrix_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_git_pull_results.changed }}" - build: - dockerfile: etc/docker/Dockerfile - path: "{{ matrix_email2matrix_docker_src_files_path }}" - pull: yes - when: "matrix_email2matrix_container_image_self_build|bool" - -- name: Ensure matrix-email2matrix.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service" - mode: 0644 - register: matrix_email2matrix_systemd_service_result - -- name: Ensure systemd reloaded after matrix-email2matrix.service installation - service: - daemon_reload: yes - when: "matrix_email2matrix_systemd_service_result.changed|bool" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml deleted file mode 100644 index b0b44cca..00000000 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-email2matrix service - stat: - path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" - register: matrix_email2matrix_service_stat - -- name: Ensure matrix-email2matrix is stopped - service: - name: matrix-email2matrix - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_email2matrix_service_stat.stat.exists|bool" - -- name: Ensure matrix-email2matrix.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" - state: absent - when: "matrix_email2matrix_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-email2matrix.service removal - service: - daemon_reload: yes - when: "matrix_email2matrix_service_stat.stat.exists|bool" - -- name: Ensure Email2Matrix data path doesn't exist - file: - path: "{{ matrix_email2matrix_base_path }}" - state: absent - -- name: Ensure Email2Matrix Docker image doesn't exist - docker_image: - name: "{{ matrix_email2matrix_docker_image }}" - state: absent diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/matrix-email2matrix/tasks/validate_config.yml deleted file mode 100644 index d8beecf4..00000000 --- a/roles/matrix-email2matrix/tasks/validate_config.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Fail if no mappings - fail: - msg: > - You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. - when: "matrix_email2matrix_matrix_mappings|length == 0" diff --git a/roles/matrix-email2matrix/templates/config.json.j2 b/roles/matrix-email2matrix/templates/config.json.j2 deleted file mode 100644 index c1be97fd..00000000 --- a/roles/matrix-email2matrix/templates/config.json.j2 +++ /dev/null @@ -1,14 +0,0 @@ -#jinja2: lstrip_blocks: "True" -{ - "Smtp": { - "ListenInterface": "0.0.0.0:2525", - "Hostname": {{ matrix_email2matrix_smtp_hostname|to_json }}, - "Workers": 10 - }, - "Matrix": { - "Mappings": {{ matrix_email2matrix_matrix_mappings|to_nice_json }} - }, - "Misc": { - "Debug": {{ matrix_email2matrix_misc_debug|to_json }} - } -} diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 deleted file mode 100644 index c9226768..00000000 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Email2Matrix -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ - --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ - {% for arg in matrix_email2matrix_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_email2matrix_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-email2matrix - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml deleted file mode 100644 index 45f8f8b2..00000000 --- a/roles/matrix-etherpad/defaults/main.yml +++ /dev/null @@ -1,87 +0,0 @@ -matrix_etherpad_enabled: false - -matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" - -matrix_etherpad_version: 1.8.12 -matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}" -matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}" - -# List of systemd services that matrix-etherpad.service depends on. -matrix_etherpad_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-etherpad.service wants -matrix_etherpad_systemd_wanted_services_list: [] - -# Container user has to be able to write to the source file directories until this bug is fixed: -# https://github.com/ether/etherpad-lite/issues/2683 -matrix_etherpad_user_uid: '5001' -matrix_etherpad_user_gid: '5001' - -# Controls whether the matrix-etherpad container exposes its HTTP port (tcp/9001 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9001"), or empty string to not expose. -matrix_etherpad_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_etherpad_container_extra_arguments: [] - -matrix_etherpad_public_endpoint: '/etherpad' - -# By default, the Etherpad app can be accessed within the Dimension domain -matrix_etherpad_base_url: "https://{{ matrix_server_fqn_dimension }}{{ matrix_etherpad_public_endpoint }}" - -# Database-related configuration fields. -# -# Etherpad requires a dedicated database -matrix_etherpad_database_engine: 'postgres' - -matrix_etherpad_database_username: 'matrix_etherpad' -matrix_etherpad_database_password: 'some-password' -matrix_etherpad_database_hostname: 'matrix-postgres' -matrix_etherpad_database_port: 5432 -matrix_etherpad_database_name: 'matrix_etherpad' - -matrix_etherpad_database_connection_string: 'postgres://{{ matrix_etherpad_database_username }}:{{ matrix_etherpad_database_password }}@{{ matrix_etherpad_database_hostname }}:{{ matrix_etherpad_database_port }}/{{ matrix_etherpad_database_name }}' - -# Variables configuring the etherpad -matrix_etherpad_title: 'Etherpad' -matrix_etherpad_default_pad_text: | - Welcome to Etherpad! - - This pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents! - - Get involved with Etherpad at https://etherpad.org - -# Default Etherpad configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_etherpad_configuration_extension_json`) -# or completely replace this variable with your own template. -matrix_etherpad_configuration_default: "{{ lookup('template', 'templates/settings.json.j2') }}" - -# Your custom JSON configuration for Etherpad goes here. -# This configuration extends the default starting configuration (`matrix_etherpad_configuration_json`). -# -# You can override individual variables from the default configuration, or introduce new ones. -# -# If you need something more special, you can take full control by -# completely redefining `matrix_etherpad_configuration_json`. -# -# Example configuration extension follows: -# -# matrix_etherpad_configuration_extension_json: | -# { -# "loadTest": true, -# "commitRateLimiting": { -# "duration": 1, -# "points": 10 -# } -# } -# -matrix_etherpad_configuration_extension_json: '{}' - -matrix_etherpad_configuration_extension: "{{ matrix_etherpad_configuration_extension_json|from_json if matrix_etherpad_configuration_extension_json|from_json is mapping else {} }}" - -# Holds the final Etherpad configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_etherpad_configuration_json`. -matrix_etherpad_configuration: "{{ matrix_etherpad_configuration_default|combine(matrix_etherpad_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml deleted file mode 100644 index 5b8f5ef6..00000000 --- a/roles/matrix-etherpad/tasks/init.yml +++ /dev/null @@ -1,62 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" - when: matrix_etherpad_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - set_fact: - matrix_etherpad_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; - - location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-etherpad:9001/; - {# These are proxy directives needed specifically by Etherpad #} - proxy_buffering off; - proxy_http_version 1.1; # recommended with keepalive connections - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {# Generic configuration for use outside of our container setup #} - # A good guide for setting up your Etherpad behind nginx: - # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html - proxy_pass http://127.0.0.1:9001/; - {% endif %} - } - - - name: Register Etherpad proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([]) - + - [matrix_etherpad_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_etherpad_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Etherpad tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}` - URL endpoint to the matrix-etherpad container. - You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable. - when: "matrix_etherpad_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/matrix-etherpad/tasks/main.yml deleted file mode 100644 index 27548aaf..00000000 --- a/roles/matrix-etherpad/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup|bool and matrix_etherpad_enabled|bool - tags: - - setup-all - - setup-etherpad - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup|bool and not matrix_etherpad_enabled|bool - tags: - - setup-all - - setup-etherpad - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool and matrix_etherpad_enabled|bool - tags: - - setup-all - - setup-etherpad diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml deleted file mode 100644 index a93c28de..00000000 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- - -- name: Ensure Etherpad base path exists - file: - path: "{{ matrix_etherpad_base_path }}" - state: directory - mode: 0770 - owner: "{{ matrix_etherpad_user_uid }}" - group: "{{ matrix_etherpad_user_gid }}" - -- name: Ensure Etherpad config installed - copy: - content: "{{ matrix_etherpad_configuration|to_nice_json }}" - dest: "{{ matrix_etherpad_base_path }}/settings.json" - mode: 0640 - owner: "{{ matrix_etherpad_user_uid }}" - group: "{{ matrix_etherpad_user_gid }}" - -- name: Ensure Etherpad image is pulled - docker_image: - name: "{{ matrix_etherpad_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" - -- name: Ensure matrix-etherpad.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-etherpad.service" - mode: 0644 - register: matrix_etherpad_systemd_service_result - -- name: Ensure systemd reloaded after matrix-etherpad.service installation - service: - daemon_reload: yes - when: "matrix_etherpad_systemd_service_result.changed|bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml deleted file mode 100644 index 8f40f420..00000000 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-etherpad service - stat: - path: "{{ matrix_systemd_path }}/matrix-etherpad.service" - register: matrix_etherpad_service_stat - -- name: Ensure matrix-etherpad is stopped - service: - name: matrix-etherpad - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_etherpad_service_stat.stat.exists|bool" - -- name: Ensure matrix-etherpad.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-etherpad.service" - state: absent - when: "matrix_etherpad_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-etherpad.service removal - service: - daemon_reload: yes - when: "matrix_etherpad_service_stat.stat.exists|bool" - -- name: Ensure Etherpad base directory doesn't exist - file: - path: "{{ matrix_etherpad_base_path }}" - state: absent - -- name: Ensure Etherpad Docker image doesn't exist - docker_image: - name: "{{ matrix_etherpad_docker_image }}" - state: absent diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml deleted file mode 100644 index c76dc3b5..00000000 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Fail if Etherpad is enabled without the Dimension integrations manager - fail: - msg: >- - To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true - when: "not matrix_dimension_enabled|bool" - -- name: Fail if no database is configured for Etherpad - fail: - msg: >- - Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" - when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled diff --git a/roles/matrix-etherpad/templates/settings.json.j2 b/roles/matrix-etherpad/templates/settings.json.j2 deleted file mode 100644 index 377bad98..00000000 --- a/roles/matrix-etherpad/templates/settings.json.j2 +++ /dev/null @@ -1,105 +0,0 @@ -{ - "title": {{ matrix_etherpad_title|to_json }}, - "favicon": "favicon.ico", - "skinName": "colibris", - "skinVariants": "super-light-toolbar super-light-editor light-background", - "ip": "::", - "port": 9001, - "showSettingsInAdminPage": true, - "dbType": {{ matrix_etherpad_database_engine|to_json }}, - "dbSettings": { - "database": {{ matrix_etherpad_database_name|to_json }}, - "host": {{ matrix_etherpad_database_hostname|to_json }}, - "password": {{ matrix_etherpad_database_password|to_json }}, - "port": {{ matrix_etherpad_database_port|to_json }}, - "user": {{ matrix_etherpad_database_username|to_json }} - }, - "defaultPadText" : {{ matrix_etherpad_default_pad_text|to_json }}, - "suppressErrorsInPadText": false, - "requireSession": false, - "editOnly": false, - "minify": true, - "maxAge": 21600, - "abiword": null, - "soffice": null, - "tidyHtml": null, - "allowUnknownFileEnds": true, - "requireAuthentication": false, - "requireAuthorization": false, - "trustProxy": true, - "cookie": { - "sameSite": "Lax" - }, - "disableIPlogging": true, - "automaticReconnectionTimeout": 0, - "scrollWhenFocusLineIsOutOfViewport": { - "percentage": { - "editionAboveViewport": 0, - "editionBelowViewport": 0 - }, - "duration": 0, - "scrollWhenCaretIsInTheLastLineOfViewport": false, - "percentageToScrollWhenUserPressesArrowUp": 0 - }, - "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], - "socketIo": { - "maxHttpBufferSize": 10000 - }, - "loadTest": false, - "importExportRateLimiting": { - "windowMs": 90000, - "max": 10 - }, - "importMaxFileSize": 52428800, - "commitRateLimiting": { - "duration": 1, - "points": 10 - }, - "exposeVersion": false, - "padOptions": { - "noColors": false, - "showControls": true, - "showChat": false, - "showLineNumbers": true, - "useMonospaceFont": false, - "userName": false, - "userColor": false, - "rtl": false, - "alwaysShowChat": false, - "chatAndUsers": false, - "lang": "en-gb" - }, - "padShortcutEnabled" : { - "altF9": true, - "altC": true, - "cmdShift2": true, - "delete": true, - "return": true, - "esc": true, - "cmdS": true, - "tab": true, - "cmdZ": true, - "cmdY": true, - "cmdI": true, - "cmdB": true, - "cmdU": true, - "cmd5": true, - "cmdShiftL": true, - "cmdShiftN": true, - "cmdShift1": true, - "cmdShiftC": true, - "cmdH": true, - "ctrlHome": true, - "pageUp": true, - "pageDown": true - }, - "loglevel": "INFO", - "logconfig" : - { "appenders": [ - { "type": "console", - "layout": {"type": "messagePassThrough"} - } - ] - }, - "customLocaleStrings": {} -} diff --git a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 deleted file mode 100644 index b579036b..00000000 --- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 +++ /dev/null @@ -1,44 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Etherpad -{% for service in matrix_etherpad_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_etherpad_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-etherpad - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ - --log-driver=none \ - --user={{ matrix_etherpad_user_uid }}:{{ matrix_etherpad_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_etherpad_container_http_host_bind_port %} - -p {{ matrix_etherpad_container_http_host_bind_port }}:9001 \ - {% endif %} - --mount type=bind,src={{ matrix_etherpad_base_path }},dst=/data \ - {% for arg in matrix_etherpad_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_etherpad_docker_image }} \ - node --experimental-worker src/node/server.js \ - --settings /data/settings.json --credentials /data/credentials.json \ - --sessionkey /data/sessionkey.json --apikey /data/apijey.json - - -ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-etherpad - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml deleted file mode 100644 index 8df73e2d..00000000 --- a/roles/matrix-grafana/defaults/main.yml +++ /dev/null @@ -1,59 +0,0 @@ -# matrix-grafana is open source visualization and analytics software -# See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md - -matrix_grafana_enabled: false - -matrix_grafana_version: 8.1.4 -matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" -matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" - -# Not conditional, because when someone disables metrics -# they might still want to look at the old existing data. -# So it would be silly to delete the dashboard in such case. -matrix_grafana_dashboard_download_urls: -- "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" -- "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" - -matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana" -matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config" -matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data" - -# Allow viewing Grafana without logging in -matrix_grafana_anonymous_access: false - -# specify organization name that should be used for unauthenticated users -# if you change this in the Grafana admin panel, this needs to be updated -# to match to keep anonymous logins working -matrix_grafana_anonymous_access_org_name: 'Main Org.' - - -# default admin credentials, you are asked to change these on first login -matrix_grafana_default_admin_user: admin -matrix_grafana_default_admin_password: admin - -# Set to true to add the Content-Security-Policy header to your requests. -# CSP allows to control resources that the user agent can load and helps -# prevent XSS attacks. -# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) -matrix_grafana_content_security_policy: true - -# specify content security policy template to customized template -# added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers. -# [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/) -# [Content Security Policy Reference](https://content-security-policy.com/script-src/) -matrix_grafana_content_security_policy_customized: false -matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';" - -# A list of extra arguments to pass to the container -matrix_grafana_container_extra_arguments: [] - -# List of systemd services that matrix-grafana.service depends on -matrix_grafana_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-grafana.service wants -matrix_grafana_systemd_wanted_services_list: [] - -# Controls whether the matrix-grafana container exposes its HTTP port (tcp/3000 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:3000"), or empty string to not expose. -matrix_grafana_container_http_host_bind_port: '' diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/matrix-grafana/tasks/init.yml deleted file mode 100644 index 8a22e301..00000000 --- a/roles/matrix-grafana/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" - when: matrix_grafana_enabled|bool - - diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/matrix-grafana/tasks/main.yml deleted file mode 100644 index fb16c394..00000000 --- a/roles/matrix-grafana/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_grafana_enabled|bool" - tags: - - setup-all - - setup-grafana - -- import_tasks: "{{ role_path }}/tasks/setup.yml" - tags: - - setup-all - - setup-grafana diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml deleted file mode 100644 index 00d2e230..00000000 --- a/roles/matrix-grafana/tasks/setup.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-grafana -# - -- name: Ensure matrix-grafana image is pulled - docker_image: - name: "{{ matrix_grafana_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" - when: "matrix_grafana_enabled|bool" - -- name: Ensure grafana paths exists - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_grafana_base_path }}" - - "{{ matrix_grafana_config_path }}" - - "{{ matrix_grafana_config_path }}/provisioning" - - "{{ matrix_grafana_config_path }}/provisioning/datasources" - - "{{ matrix_grafana_config_path }}/provisioning/dashboards" - - "{{ matrix_grafana_config_path }}/dashboards" - - "{{ matrix_grafana_data_path }}" - when: matrix_grafana_enabled|bool - -- name: Ensure grafana.ini present - template: - src: "{{ role_path }}/templates/grafana.ini.j2" - dest: "{{ matrix_grafana_config_path }}/grafana.ini" - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled|bool - -- name: Ensure provisioning/datasources/default.yaml present - template: - src: "{{ role_path }}/templates/datasources.yaml.j2" - dest: "{{ matrix_grafana_config_path }}/provisioning/datasources/default.yaml" - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled|bool - -- name: Ensure provisioning/dashboards/default.yaml present - template: - src: "{{ role_path }}/templates/dashboards.yaml.j2" - dest: "{{ matrix_grafana_config_path }}/provisioning/dashboards/default.yaml" - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled|bool - -- name: Ensure dashboard(s) downloaded - get_url: - url: "{{ item }}" - dest: "{{ matrix_grafana_config_path }}/dashboards/" - force: true - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" - when: matrix_grafana_enabled|bool - -- name: Ensure matrix-grafana.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-grafana.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-grafana.service" - mode: 0644 - register: matrix_grafana_systemd_service_result - when: matrix_grafana_enabled|bool - -- name: Ensure systemd reloaded after matrix-grafana.service installation - service: - daemon_reload: yes - when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-grafana (if it was previously enabled) -# - -- name: Check existence of matrix-grafana service - stat: - path: "{{ matrix_systemd_path }}/matrix-grafana.service" - register: matrix_grafana_service_stat - -- name: Ensure matrix-grafana is stopped - service: - name: matrix-grafana - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - -- name: Ensure matrix-grafana.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-grafana.service" - state: absent - when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-grafana.service removal - service: - daemon_reload: yes - when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" - diff --git a/roles/matrix-grafana/tasks/validate_config.yml b/roles/matrix-grafana/tasks/validate_config.yml deleted file mode 100644 index 63d4919a..00000000 --- a/roles/matrix-grafana/tasks/validate_config.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Fail if Prometheus not enabled - fail: - msg: > - You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana. - when: "not matrix_prometheus_enabled" diff --git a/roles/matrix-grafana/templates/dashboards.yaml.j2 b/roles/matrix-grafana/templates/dashboards.yaml.j2 deleted file mode 100644 index aae42ba2..00000000 --- a/roles/matrix-grafana/templates/dashboards.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: 1 - -providers: - - name: {{ matrix_server_fqn_matrix }} - Dashboards - folder: '' # The folder where to place the dashboards - type: file - allowUiUpdates: true - options: - path: /etc/grafana/dashboards diff --git a/roles/matrix-grafana/templates/datasources.yaml.j2 b/roles/matrix-grafana/templates/datasources.yaml.j2 deleted file mode 100644 index 6ccbe374..00000000 --- a/roles/matrix-grafana/templates/datasources.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: 1 - -datasources: - - name: {{ matrix_server_fqn_matrix }} - Prometheus - type: prometheus - # Access mode - proxy (server in the UI) or direct (browser in the UI). - access: proxy - url: http://matrix-prometheus:9090 diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2 deleted file mode 100644 index 8f4c88f0..00000000 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ /dev/null @@ -1,31 +0,0 @@ -[server] -root_url = "https://{{ matrix_server_fqn_grafana }}" - -[security] -# default admin user, created on startup -admin_user = "{{ matrix_grafana_default_admin_user }}" - -# default admin password, can be changed before first start of grafana, or in profile settings -admin_password = """{{ matrix_grafana_default_admin_password }}""" - -# specify content_security_policy to add the Content-Security-Policy header to your requests -content_security_policy = "{{ matrix_grafana_content_security_policy }}" - -# specify content security policy template to customized template -{% if matrix_grafana_content_security_policy_customized %} -content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}""" -{% endif %} - -[auth.anonymous] -# enable anonymous access -enabled = {{ matrix_grafana_anonymous_access }} - -# specify organization name that should be used for unauthenticated users -org_name = "{{ matrix_grafana_anonymous_access_org_name }}" - -[dashboards] -{% if matrix_synapse_metrics_enabled %} -default_home_dashboard_path = /etc/grafana/dashboards/synapse.json -{% else %} -default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json -{% endif %} diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 deleted file mode 100644 index a4f81e35..00000000 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-grafana -{% for service in matrix_grafana_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_grafana_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' - - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - {% if matrix_grafana_container_http_host_bind_port %} - -p {{ matrix_grafana_container_http_host_bind_port }}:3000 \ - {% endif %} - -v {{ matrix_grafana_config_path }}:/etc/grafana:z \ - -v {{ matrix_grafana_data_path }}:/var/lib/grafana:z \ - {% for arg in matrix_grafana_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_grafana_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-grafana - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml deleted file mode 100644 index bef993e0..00000000 --- a/roles/matrix-jitsi/defaults/main.yml +++ /dev/null @@ -1,270 +0,0 @@ -matrix_jitsi_enabled: true - -matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" - -matrix_jitsi_enable_auth: false -matrix_jitsi_enable_guests: false -matrix_jitsi_enable_recording: false -matrix_jitsi_enable_transcriptions: false -matrix_jitsi_enable_p2p: true -matrix_jitsi_enable_av_moderation: true - -# Authentication type, must be one of internal, jwt or ldap. Currently only -# internal and ldap are supported by this playbook. -matrix_jitsi_auth_type: internal - -# Configuration options for LDAP authentication. For details see upstream: -# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap. -# Defaults are taken from: -# https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/saslauthd.conf -matrix_jitsi_ldap_url: "" -matrix_jitsi_ldap_base: "" -matrix_jitsi_ldap_binddn: "" -matrix_jitsi_ldap_bindpw: "" -matrix_jitsi_ldap_filter: "uid=%u" -matrix_jitsi_ldap_auth_method: "bind" -matrix_jitsi_ldap_version: "3" -matrix_jitsi_ldap_use_tls: false -matrix_jitsi_ldap_tls_ciphers: "" -matrix_jitsi_ldap_tls_check_peer: false -matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt" -matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs" -matrix_jitsi_ldap_start_tls: false - -matrix_jitsi_timezone: UTC - -matrix_jitsi_xmpp_domain: meet.jitsi -matrix_jitsi_xmpp_server: xmpp.meet.jitsi -matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi -matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280 -matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi -matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi -matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi -matrix_jitsi_xmpp_modules: '' - -matrix_jitsi_recorder_domain: recorder.meet.jitsi - - -matrix_jitsi_jibri_brewery_muc: jibribrewery -matrix_jitsi_jibri_pending_timeout: 90 -matrix_jitsi_jibri_xmpp_user: jibri -matrix_jitsi_jibri_xmpp_password: '' -matrix_jitsi_jibri_recorder_user: recorder -matrix_jitsi_jibri_recorder_password: '' - -matrix_jitsi_enable_lobby: false - -matrix_jitsi_version: stable-6173 -matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility - -matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" -matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" - -matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" -matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config" -matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts" - -matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" - -# STUN servers used in the web UI. Feel free to point them to your own STUN server. -# Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`. -matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443'] - -# Setting up TURN -# Default set with Coturn container -matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}" -matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}" -matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}" -matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}" -matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}" - -# Controls whether Etherpad will be available within Jitsi -matrix_jitsi_etherpad_enabled: false - -# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:13080"), or empty string to not expose. -matrix_jitsi_web_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_jitsi_web_container_extra_arguments: [] - -# List of systemd services that matrix-jitsi-web.service depends on -matrix_jitsi_web_systemd_required_services_list: ['docker.service'] - - -# Some variables controlling the interface of Jitsi Web. -# These get applied to `templates/web/interface_config.js.j2`. -# -# Besides this, you can also use `matrix_jitsi_web_custom_interface_config_extension` -# to define any other configuration option. -matrix_jitsi_web_interface_config_lang_detection: false -matrix_jitsi_web_interface_config_show_jitsi_watermark: true -matrix_jitsi_web_interface_config_jitsi_watermark_link: "https://jitsi.org" -matrix_jitsi_web_interface_config_show_brand_watermark: false -matrix_jitsi_web_interface_config_brand_watermark_link: "" -matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page: true -matrix_jitsi_web_interface_config_display_welcome_page_content: true -matrix_jitsi_web_interface_config_app_name: "Jitsi Meet" -matrix_jitsi_web_interface_config_native_app_name: "Jitsi Meet" -matrix_jitsi_web_interface_config_provider_name: "Jitsi" -matrix_jitsi_web_interface_config_show_powered_by: false -matrix_jitsi_web_interface_config_disable_transcription_subtitles: false -matrix_jitsi_web_interface_config_show_deep_linking_image: false - -# Custom configuration to be injected into `interface_config.js`, passed to Jitsi Web. -# This configuration gets appended to the final interface configuration that Jitsi Web uses. -# -# Note: not to be confused with `matrix_jitsi_web_custom_config_extension`. -# -# For interface configuration, the flow is like this: -# - the contents of `templates/web/interface_config.js.j2` is generated (based on various `matrix_jitsi_web_interface_config_*` variables you see in this file) -# - the contents of `matrix_jitsi_web_custom_interface_config_extension` is appended and can define new settings or override defaults. -# -# Example: -# matrix_jitsi_web_custom_interface_config_extension: | -# interfaceConfig.CONNECTION_INDICATOR_AUTO_HIDE_ENABLED = false; -# interfaceConfig.DISABLE_VIDEO_BACKGROUND = true; -matrix_jitsi_web_custom_interface_config_extension: '' - - -# Controls after which participant audio will be muted. If not specified, defaults to Jitsi's default value (likely 10) -matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~ -# Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10) -matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~ - -matrix_jitsi_web_config_defaultLanguage: 'en' - -# Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280) -matrix_jitsi_web_config_resolution_width_ideal_and_max: ~ -# Minimum resolution width. If not specified, defaults to Jitsi's default value (likely 320) -matrix_jitsi_web_config_resolution_width_min: ~ -# Ideal and also maximum resolution height. If not specified, defaults to Jitsi's default value (likely 720) -matrix_jitsi_web_config_resolution_height_ideal_and_max: ~ -# Minimum resolution height. If not specified, defaults to Jitsi's default value (likely 180) -matrix_jitsi_web_config_resolution_height_min: ~ - -# Custom configuration to be injected into `custom-config.js`, passed to Jitsi Web. -# This configuration gets appended to the final configuration that Jitsi Web uses. -# -# Note: not to be confused with `matrix_jitsi_web_custom_interface_config_extension`. -# -# The flow is like this: -# - some default configuration is automatically generated based on the environment variables passed to the Jitsi Web container -# - the contents of `custom-config.js` is appended to it (see `templates/web/custom-config.js.j2`) -# - said `custom-config.js` contains your custom contents specified in `matrix_jitsi_web_custom_config_extension`. -# -# Example: -# matrix_jitsi_web_custom_config_extension: | -# if (!config.hasOwnProperty('testing')) config.testing = {}; -# config.testing.p2pTestMode = true -matrix_jitsi_web_custom_config_extension: '' - -# Additional environment variables to pass to the Jitsi Web container. -# You can use this to further influence the default configuration generated by the Jitsi Web container on every startup. -# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration -# by using `matrix_jitsi_web_custom_config_extension`. -# -# Example: -# matrix_jitsi_web_environment_variables_extension: | -# ENABLE_FILE_RECORDING_SERVICE=1 -# DROPBOX_APPKEY=something -# DROPBOX_REDIRECT_URI=something -matrix_jitsi_web_environment_variables_extension: '' - - -matrix_jitsi_prosody_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/prosody:{{ matrix_jitsi_container_image_tag }}" -matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" - -matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" -matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config" -matrix_jitsi_prosody_plugins_path: "{{ matrix_jitsi_prosody_base_path }}/prosody-plugins-custom" - -# A list of extra arguments to pass to the container -matrix_jitsi_prosody_container_extra_arguments: [] - -# List of systemd services that matrix-jitsi-prosody.service depends on -matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] - -# Neccessary Port binding for those disabling the integrated nginx proxy -matrix_jitsi_prosody_container_http_host_bind_port: '' - -matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}" -matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" - -matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" -matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config" - -# A list of extra arguments to pass to the container -matrix_jitsi_jicofo_container_extra_arguments: [] - -# List of systemd services that matrix-jitsi-jicofo.service depends on -matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] - -matrix_jitsi_jicofo_component_secret: '' -matrix_jitsi_jicofo_auth_user: focus -matrix_jitsi_jicofo_auth_password: '' - - -matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" -matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" - -matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" -matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config" - -# A list of extra arguments to pass to the container -matrix_jitsi_jvb_container_extra_arguments: [] - -# List of systemd services that matrix-jitsi-jvb.service depends on -matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] - -matrix_jitsi_jvb_auth_user: jvb -matrix_jitsi_jvb_auth_password: '' - -# STUN servers used by JVB on the server-side, so it can discover its own external IP address. -# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. -matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443'] - -matrix_jitsi_jvb_brewery_muc: jvbbrewery -matrix_jitsi_jvb_rtp_udp_port: 10000 -matrix_jitsi_jvb_rtp_tcp_port: 4443 - -# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB. -# This configuration gets appended to the final configuration that Jitsi JVB uses. -# -# The flow is like this: -# - some default configuration is automatically generated based on the environment variables passed to the Jitsi JVB container -# - the contents of `custom-sip-communicator.properties` is appended to it (see `templates/jvb/custom-sip-communicator.properties.j2`) -# - said `custom-sip-communicator.properties` contains your custom contents specified in `matrix_jitsi_jvb_custom_config_extension`. -# -# Example: -# matrix_jitsi_jvb_custom_config_extension: | -# org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=false -# org.jitsi.videobridge.ENABLE_STATISTICS=false -matrix_jitsi_jvb_custom_config_extension: '' - -# Additional environment variables to pass to the Jitsi JVB container. -# You can use this to further influence the default configuration generated by the Jitsi JVB container on every startup. -# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration -# by using `matrix_jitsi_jvb_custom_config_extension`. -# -# Example: -# matrix_jitsi_jvb_environment_variables_extension: | -# SOME_VARIABLE=1 -# ANOTHER_VARIABLE=something -matrix_jitsi_jvb_environment_variables_extension: '' - -# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:10000"), or empty string to not expose. -matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}" - -# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:4443"), or empty string to not expose. -matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}" - -# Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:12090"), or empty string to not expose. -matrix_jitsi_jvb_container_colibri_ws_host_bind_port: '' diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml deleted file mode 100644 index 1f7a2d1c..00000000 --- a/roles/matrix-jitsi/tasks/init.yml +++ /dev/null @@ -1,3 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" - when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml deleted file mode 100644 index e4f3508f..00000000 --- a/roles/matrix-jitsi/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_jitsi_enabled|bool" - tags: - - setup-all - - setup-jitsi - -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" - when: run_setup|bool - tags: - - setup-all - - setup-jitsi - -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" - when: run_setup|bool - tags: - - setup-all - - setup-jitsi - -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" - when: run_setup|bool - tags: - - setup-all - - setup-jitsi - -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" - when: run_setup|bool - tags: - - setup-all - - setup-jitsi - -- import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" - when: run_setup|bool - tags: - - setup-all - - setup-jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml deleted file mode 100644 index 408027ee..00000000 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -# -# Tasks related to setting up jitsi -# - -- name: Ensure Matrix jitsi base path exists - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_jitsi_base_path }}", when: true } - when: matrix_jitsi_enabled|bool and item.when - -# -# Tasks related to getting rid of jitsi (if it was previously enabled) -# diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml deleted file mode 100644 index dd2a7bd2..00000000 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- - -# -# Tasks related to setting up jitsi-jicofo -# - -- name: Ensure Matrix jitsi-jicofo path exists - file: - path: "{{ item.path }}" - state: directory - mode: 0777 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true } - when: matrix_jitsi_enabled|bool and item.when - -- name: Ensure jitsi-jicofo Docker image is pulled - docker_image: - name: "{{ matrix_jitsi_jicofo_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-jicofo environment variables file created - template: - src: "{{ role_path }}/templates/jicofo/env.j2" - dest: "{{ matrix_jitsi_jicofo_base_path }}/env" - mode: 0640 - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-jicofo configuration files created - template: - src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" - dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" - mode: 0644 - with_items: - - sip-communicator.properties - - logging.properties - when: matrix_jitsi_enabled|bool - -- name: Ensure matrix-jitsi-jicofo.service installed - template: - src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" - mode: 0644 - register: matrix_jitsi_jicofo_systemd_service_result - when: matrix_jitsi_enabled|bool - -- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation - service: - daemon_reload: yes - when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-jicofo service - stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" - register: matrix_jitsi_jicofo_service_stat - when: "not matrix_jitsi_enabled|bool" - -- name: Ensure matrix-jitsi-jicofo is stopped - service: - name: matrix-jitsi-jicofo - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-jicofo.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" - state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal - service: - daemon_reload: yes - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-jicofo paths doesn't exist - file: - path: "{{ matrix_jitsi_jicofo_base_path }}" - state: absent - when: "not matrix_jitsi_enabled|bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml deleted file mode 100644 index b73426db..00000000 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- - -# -# Tasks related to setting up jitsi-jvb -# - -- name: Ensure Matrix jitsi-jvb path exists - file: - path: "{{ item.path }}" - state: directory - mode: 0777 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true } - - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true } - when: matrix_jitsi_enabled|bool and item.when - -- name: Ensure jitsi-jvb Docker image is pulled - docker_image: - name: "{{ matrix_jitsi_jvb_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-jvb configuration files created - template: - src: "{{ role_path }}/templates/jvb/{{ item }}.j2" - dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" - mode: 0644 - with_items: - - custom-sip-communicator.properties - - logging.properties - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-jvb environment variables file created - template: - src: "{{ role_path }}/templates/jvb/env.j2" - dest: "{{ matrix_jitsi_jvb_base_path }}/env" - mode: 0640 - when: matrix_jitsi_enabled|bool - -- name: Ensure matrix-jitsi-jvb.service installed - template: - src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" - mode: 0644 - register: matrix_jitsi_jvb_systemd_service_result - when: matrix_jitsi_enabled|bool - -- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation - service: - daemon_reload: yes - when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-jvb (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-jvb service - stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" - register: matrix_jitsi_jvb_service_stat - when: "not matrix_jitsi_enabled|bool" - -- name: Ensure matrix-jitsi-jvb is stopped - service: - name: matrix-jitsi-jvb - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-jvb.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" - state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal - service: - daemon_reload: yes - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-jvb paths doesn't exist - file: - path: "{{ matrix_jitsi_jvb_base_path }}" - state: absent - when: "not matrix_jitsi_enabled|bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml deleted file mode 100644 index fd051fda..00000000 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- - -# -# Tasks related to setting up jitsi-prosody -# - -- name: Ensure Matrix jitsi-prosody path exists - file: - path: "{{ item.path }}" - state: directory - mode: 0777 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } - - { path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true } - when: matrix_jitsi_enabled|bool and item.when - -- name: Ensure jitsi-prosody Docker image is pulled - docker_image: - name: "{{ matrix_jitsi_prosody_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-prosody environment variables file created - template: - src: "{{ role_path }}/templates/prosody/env.j2" - dest: "{{ matrix_jitsi_prosody_base_path }}/env" - mode: 0640 - when: matrix_jitsi_enabled|bool - -- name: Ensure matrix-jitsi-prosody.service installed - template: - src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" - mode: 0644 - register: matrix_jitsi_prosody_systemd_service_result - when: matrix_jitsi_enabled|bool - -- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation - service: - daemon_reload: yes - when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-prosody (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-prosody service - stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" - register: matrix_jitsi_prosody_service_stat - when: "not matrix_jitsi_enabled|bool" - -- name: Ensure matrix-jitsi-prosody is stopped - service: - name: matrix-jitsi-prosody - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-prosody.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" - state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal - service: - daemon_reload: yes - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-prosody paths doesn't exist - file: - path: "{{ matrix_jitsi_prosody_base_path }}" - state: absent - when: "not matrix_jitsi_enabled|bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml deleted file mode 100644 index 2b8a2cd2..00000000 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- - -# -# Tasks related to setting up jitsi-web -# - -- name: Ensure Matrix jitsi-web path exists - file: - path: "{{ item.path }}" - state: directory - mode: 0777 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_jitsi_web_base_path }}", when: true } - - { path: "{{ matrix_jitsi_web_config_path }}", when: true } - - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } - when: matrix_jitsi_enabled|bool and item.when - -- name: Ensure jitsi-web Docker image is pulled - docker_image: - name: "{{ matrix_jitsi_web_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-web environment variables file created - template: - src: "{{ role_path }}/templates/web/env.j2" - dest: "{{ matrix_jitsi_web_base_path }}/env" - mode: 0640 - when: matrix_jitsi_enabled|bool - -- name: Ensure jitsi-web configuration files created - template: - src: "{{ role_path }}/templates/web/{{ item }}.j2" - dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" - mode: 0644 - with_items: - - custom-config.js - - interface_config.js - when: matrix_jitsi_enabled|bool - -- name: Ensure matrix-jitsi-web.service installed - template: - src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" - mode: 0644 - register: matrix_jitsi_web_systemd_service_result - when: matrix_jitsi_enabled|bool - -- name: Ensure systemd reloaded after matrix-jitsi-web.service installation - service: - daemon_reload: yes - when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-web (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-web service - stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" - register: matrix_jitsi_web_service_stat - when: "not matrix_jitsi_enabled|bool" - -- name: Ensure matrix-jitsi-web is stopped - service: - name: matrix-jitsi-web - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-web.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" - state: absent - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-web.service removal - service: - daemon_reload: yes - when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-web paths doesn't exist - file: - path: "{{ matrix_jitsi_web_base_path }}" - state: absent - when: "not matrix_jitsi_enabled|bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. - diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml deleted file mode 100644 index d2887b12..00000000 --- a/roles/matrix-jitsi/tasks/validate_config.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- - -- name: Fail if required Jitsi settings not defined - fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`) for using Jitsi. - - If you're setting up Jitsi for the first time, you may have missed a step. - Refer to our setup instructions (docs/configuring-playbook-jitsi.md). - - If you had setup Jitsi successfully before and it's just now that you're observing this failure, - it means that your installation may be using some default passwords that the playbook used to define until now. - This is not secure and we urge you to rebuild your Jitsi setup. - Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md). - when: "vars[item] == ''" - with_items: - - "matrix_jitsi_jibri_xmpp_password" - - "matrix_jitsi_jibri_recorder_password" - - "matrix_jitsi_jicofo_auth_password" - - "matrix_jitsi_jvb_auth_password" - -- name: (Deprecation) Catch and report renamed settings - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_jitsi_web_config_constraints_enabled', 'new': ''} - - {'old': 'matrix_jitsi_web_config_constraints_video_aspectRatio', 'new': ''} - - {'old': 'matrix_jitsi_web_config_constraints_video_height_ideal', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'} - - {'old': 'matrix_jitsi_web_config_constraints_video_height_max', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'} - - {'old': 'matrix_jitsi_web_config_constraints_video_height_min', 'new': 'matrix_jitsi_web_config_resolution_height_min'} - - {'old': 'matrix_jitsi_web_config_disableAudioLevels', 'new': ''} - - {'old': 'matrix_jitsi_web_config_enableLayerSuspension', 'new': ''} - - {'old': 'matrix_jitsi_web_config_channelLastN', 'new': ''} - - {'old': 'matrix_jitsi_web_config_testing_p2pTestMode', 'new': ''} - - {'old': 'matrix_jitsi_web_config_start_with_audio_muted', 'new': ''} - - {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': ''} - - {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': ''} - - {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': ''} - - {'old': 'matrix_jisti_web_interface_config_show_deep_linking_image', 'new': 'matrix_jitsi_web_interface_config_show_deep_linking_image'} diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/matrix-jitsi/templates/jicofo/env.j2 deleted file mode 100644 index 687df714..00000000 --- a/roles/matrix-jitsi/templates/jicofo/env.j2 +++ /dev/null @@ -1,34 +0,0 @@ -AUTH_TYPE={{ matrix_jitsi_auth_type }} -BRIDGE_AVG_PARTICIPANT_STRESS -BRIDGE_STRESS_THRESHOLD -ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} -ENABLE_AUTO_OWNER -ENABLE_CODEC_VP8 -ENABLE_CODEC_VP9 -ENABLE_CODEC_H264 -ENABLE_OCTO -ENABLE_RECORDING -ENABLE_SCTP -JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} -JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} -JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS -JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT -JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT -JICOFO_ENABLE_HEALTH_CHECKS -JICOFO_SHORT_ID -JICOFO_RESERVATION_ENABLED -JICOFO_RESERVATION_REST_BASE_URL -JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }} -JIBRI_REQUEST_RETRIES -JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }} -JIGASI_BREWERY_MUC -JIGASI_SIP_URI -JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} -MAX_BRIDGE_PARTICIPANTS -OCTO_BRIDGE_SELECTION_STRATEGY -TZ={{ matrix_jitsi_timezone }} -XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} -XMPP_SERVER={{ matrix_jitsi_xmpp_server }} diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 deleted file mode 100644 index 7eba95af..00000000 --- a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 +++ /dev/null @@ -1,20 +0,0 @@ -handlers= java.util.logging.ConsoleHandler - -java.util.logging.ConsoleHandler.level = ALL -java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter - -net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo - -.level=INFO -net.sf.level=SEVERE -net.java.sip.communicator.plugin.reconnectplugin.level=FINE -org.ice4j.level=SEVERE -org.jitsi.impl.neomedia.level=SEVERE - -# Do not worry about missing strings -net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE - -#net.java.sip.communicator.service.protocol.level=ALL - -# Enable debug packets logging -#org.jitsi.impl.protocol.xmpp.level=FINE diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 deleted file mode 100644 index 6ecafaa0..00000000 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ /dev/null @@ -1,33 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix jitsi-jicofo server -{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ - --mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \ - {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_jitsi_jicofo_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-jitsi-jicofo - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 deleted file mode 100644 index c62e04ff..00000000 --- a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 +++ /dev/null @@ -1,9 +0,0 @@ -org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true -org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} - -org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }} -org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 - -{% if matrix_jitsi_enable_auth %} -org.jitsi.jicofo.auth.URL=XMPP:{{ matrix_jitsi_xmpp_domain }} -{% endif %} diff --git a/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 b/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 deleted file mode 100644 index 44b6b8c2..00000000 --- a/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 +++ /dev/null @@ -1,7 +0,0 @@ -org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true - -org.jitsi.videobridge.ENABLE_STATISTICS=true -org.jitsi.videobridge.STATISTICS_TRANSPORT=muc -org.jitsi.videobridge.STATISTICS_INTERVAL=5000 - -{{ matrix_jitsi_jvb_custom_config_extension }} diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 deleted file mode 100644 index a927314e..00000000 --- a/roles/matrix-jitsi/templates/jvb/env.j2 +++ /dev/null @@ -1,25 +0,0 @@ -ENABLE_COLIBRI_WEBSOCKET -ENABLE_OCTO -DOCKER_HOST_ADDRESS -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_SERVER={{ matrix_jitsi_xmpp_server }} -JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} -JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} -JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} -JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }} -JVB_TCP_HARVESTER_DISABLED=true -JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} -JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} -{% if matrix_jitsi_jvb_stun_servers|length > 0 %} -JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }} -{% endif %} -JVB_ENABLE_APIS -JVB_WS_DOMAIN -JVB_WS_SERVER_ID -PUBLIC_URL={{ matrix_jitsi_web_public_url }} -JVB_OCTO_BIND_ADDRESS -JVB_OCTO_PUBLIC_ADDRESS -JVB_OCTO_BIND_PORT -JVB_OCTO_REGION -TZ={{ matrix_jitsi_timezone }} \ No newline at end of file diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 deleted file mode 100644 index 48c1e9fa..00000000 --- a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 +++ /dev/null @@ -1,13 +0,0 @@ -handlers= java.util.logging.ConsoleHandler - -java.util.logging.ConsoleHandler.level = ALL -java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter - -net.java.sip.communicator.util.ScLogFormatter.programname=JVB - -.level=INFO - -org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE - -# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. -org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 deleted file mode 100644 index 2785795d..00000000 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix jitsi-jvb server -{% for service in matrix_jitsi_jvb_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --network-alias=jvb.meet.jitsi \ - --env-file={{ matrix_jitsi_jvb_base_path }}/env \ - {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} - -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ - {% endif %} - {% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %} - -p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \ - {% endif %} - {% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %} - -p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \ - {% endif %} - --mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \ - {% for arg in matrix_jitsi_jvb_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_jitsi_jvb_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-jitsi-jvb - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 deleted file mode 100644 index 70feda6e..00000000 --- a/roles/matrix-jitsi/templates/prosody/env.j2 +++ /dev/null @@ -1,57 +0,0 @@ -AUTH_TYPE={{ matrix_jitsi_auth_type }} -ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} -ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} -ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }} -ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}} -ENABLE_XMPP_WEBSOCKET -GLOBAL_MODULES -GLOBAL_CONFIG -LDAP_URL={{ matrix_jitsi_ldap_url }} -LDAP_BASE={{ matrix_jitsi_ldap_base }} -LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }} -LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }} -LDAP_FILTER={{ matrix_jitsi_ldap_filter }} -LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }} -LDAP_VERSION={{ matrix_jitsi_ldap_version }} -LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }} -LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }} -LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }} -LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }} -LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }} -LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }} -XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} -XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_MODULES={{ matrix_jitsi_xmpp_modules }} -XMPP_MUC_MODULES= -XMPP_INTERNAL_MUC_MODULES= -XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} -XMPP_CROSS_DOMAIN=true -JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} -JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} -JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} -JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} -JIGASI_XMPP_USER= -JIGASI_XMPP_PASSWORD= -JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} -JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} -JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} -JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} -JWT_APP_ID -JWT_APP_SECRET -JWT_ACCEPTED_ISSUERS -JWT_ACCEPTED_AUDIENCES -JWT_ASAP_KEYSERVER -JWT_ALLOW_EMPTY -JWT_AUTH_TYPE -JWT_TOKEN_AUTH_MODULE -LOG_LEVEL -PUBLIC_URL={{ matrix_jitsi_web_public_url }} -TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }} -TURN_HOST={{ matrix_jitsi_turn_host }} -TURNS_HOST={{ matrix_jitsi_turns_host }} -TURN_PORT={{ matrix_jitsi_turn_port }} -TURNS_PORT={{ matrix_jitsi_turns_port }} -TZ={{ matrix_jitsi_timezone }} diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 deleted file mode 100644 index 5a4a81e5..00000000 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ /dev/null @@ -1,38 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix jitsi-prosody server -{% for service in matrix_jitsi_prosody_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --network-alias={{ matrix_jitsi_xmpp_server }} \ - {% if matrix_jitsi_prosody_container_http_host_bind_port %} - -p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \ - {% endif %} - --env-file={{ matrix_jitsi_prosody_base_path }}/env \ - --mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \ - --mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \ - {% for arg in matrix_jitsi_prosody_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_jitsi_prosody_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-jitsi-prosody - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/web/custom-config.js.j2 b/roles/matrix-jitsi/templates/web/custom-config.js.j2 deleted file mode 100644 index bbe85798..00000000 --- a/roles/matrix-jitsi/templates/web/custom-config.js.j2 +++ /dev/null @@ -1,18 +0,0 @@ -config.defaultLanguage = {{ matrix_jitsi_web_config_defaultLanguage|to_json }}; - - -if (!config.hasOwnProperty('p2p')) config.p2p = {% raw %}{}{% endraw %}; - -{% if matrix_jitsi_web_stun_servers|length > 0 %} -config.p2p.stunServers = [ - {% for url in matrix_jitsi_web_stun_servers %} - { urls: {{ url|to_json }} }{% if not loop.last %},{% endif %} - {% endfor %} -]; -{% endif %} - -{% if matrix_jitsi_etherpad_enabled %} -config.etherpad_base = {{ (matrix_jitsi_etherpad_base + '/p/') |to_json }} -{% endif %} - -{{ matrix_jitsi_web_custom_config_extension }} diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/matrix-jitsi/templates/web/env.j2 deleted file mode 100644 index c4faa5ba..00000000 --- a/roles/matrix-jitsi/templates/web/env.j2 +++ /dev/null @@ -1,94 +0,0 @@ -ENABLE_COLIBRI_WEBSOCKET -ENABLE_FLOC=0 -ENABLE_LETSENCRYPT=0 -ENABLE_HTTP_REDIRECT=0 -ENABLE_HSTS=0 -ENABLE_XMPP_WEBSOCKET -DISABLE_HTTPS=0 -DISABLE_DEEP_LINKING -LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }} -LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }} -LETSENCRYPT_USE_STAGING=0 -PUBLIC_URL={{ matrix_jitsi_web_public_url }} -TZ={{ matrix_jitsi_timezone }} -AMPLITUDE_ID -ANALYTICS_SCRIPT_URLS -ANALYTICS_WHITELISTED_EVENTS -CALLSTATS_CUSTOM_SCRIPT_URL -CALLSTATS_ID -CALLSTATS_SECRET -CHROME_EXTENSION_BANNER_JSON -CONFCODE_URL -CONFIG_EXTERNAL_CONNECT -DEFAULT_LANGUAGE -DEPLOYMENTINFO_ENVIRONMENT -DEPLOYMENTINFO_ENVIRONMENT_TYPE -DEPLOYMENTINFO_REGION -DEPLOYMENTINFO_SHARD -DEPLOYMENTINFO_USERREGION -DIALIN_NUMBERS_URL -DIALOUT_AUTH_URL -DIALOUT_CODES_URL -DROPBOX_APPKEY -DROPBOX_REDIRECT_URI -DYNAMIC_BRANDING_URL -ENABLE_AUDIO_PROCESSING -ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} -ENABLE_CALENDAR -ENABLE_FILE_RECORDING_SERVICE -ENABLE_FILE_RECORDING_SERVICE_SHARING -ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} -ENABLE_IPV6 -ENABLE_LIPSYNC -ENABLE_NO_AUDIO_DETECTION -ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }} -ENABLE_PREJOIN_PAGE -ENABLE_WELCOME_PAGE -ENABLE_CLOSE_PAGE -ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }} -ENABLE_REMB -ENABLE_REQUIRE_DISPLAY_NAME -ENABLE_SIMULCAST -ENABLE_STATS_ID -ENABLE_STEREO -ENABLE_SUBDOMAINS -ENABLE_TALK_WHILE_MUTED -ENABLE_TCC -ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }} -ETHERPAD_PUBLIC_URL -ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}} -GOOGLE_ANALYTICS_ID -GOOGLE_API_APP_CLIENT_ID -INVITE_SERVICE_URL -JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} -MATOMO_ENDPOINT -MATOMO_SITE_ID -MICROSOFT_API_APP_CLIENT_ID -NGINX_RESOLVER -NGINX_WORKER_PROCESSES -NGINX_WORKER_CONNECTIONS -PEOPLE_SEARCH_URL -RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }} -RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }} -RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }} -RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }} -START_AUDIO_ONLY -START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }} -START_WITH_AUDIO_MUTED -START_SILENT -DISABLE_AUDIO_LEVELS -ENABLE_NOISY_MIC_DETECTION -START_BITRATE -DESKTOP_SHARING_FRAMERATE_MIN -DESKTOP_SHARING_FRAMERATE_MAX -START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }} -START_WITH_VIDEO_MUTED -TESTING_CAP_SCREENSHARE_BITRATE -TESTING_OCTO_PROBABILITY -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }} -XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} -XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} -XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} -XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} -TOKEN_AUTH_URL \ No newline at end of file diff --git a/roles/matrix-jitsi/templates/web/interface_config.js.j2 b/roles/matrix-jitsi/templates/web/interface_config.js.j2 deleted file mode 100644 index 08ac02fe..00000000 --- a/roles/matrix-jitsi/templates/web/interface_config.js.j2 +++ /dev/null @@ -1,295 +0,0 @@ -/* eslint-disable no-unused-vars, no-var, max-len */ -/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */ - -var interfaceConfig = { - APP_NAME: {{ matrix_jitsi_web_interface_config_app_name|to_json }}, - AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)', - AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)', - - /** - * A UX mode where the last screen share participant is automatically - * pinned. Valid values are the string "remote-only" so remote participants - * get pinned but not local, otherwise any truthy value for all participants, - * and any falsy value to disable the feature. - * - * Note: this mode is experimental and subject to breakage. - */ - AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only', - BRAND_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_brand_watermark_link|to_json }}, - - CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it - /** - * Whether the connection indicator icon should hide itself based on - * connection strength. If true, the connection indicator will remain - * displayed while the participant has a weak connection and will hide - * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is - * strong. - * - * @type {boolean} - */ - CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true, - - /** - * How long the connection indicator should remain displayed before hiding. - * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED. - * - * @type {number} - */ - CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000, - - /** - * If true, hides the connection indicators completely. - * - * @type {boolean} - */ - CONNECTION_INDICATOR_DISABLED: false, - - DEFAULT_BACKGROUND: '#474747', - DEFAULT_LOCAL_DISPLAY_NAME: 'me', - DEFAULT_LOGO_URL: 'images/watermark.svg', - DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster', - DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg', - - DISABLE_DOMINANT_SPEAKER_INDICATOR: false, - - DISABLE_FOCUS_INDICATOR: false, - - /** - * If true, notifications regarding joining/leaving are no longer displayed. - */ - DISABLE_JOIN_LEAVE_NOTIFICATIONS: false, - - /** - * If true, presence status: busy, calling, connected etc. is not displayed. - */ - DISABLE_PRESENCE_STATUS: false, - - /** - * Whether the ringing sound in the call/ring overlay is disabled. If - * {@code undefined}, defaults to {@code false}. - * - * @type {boolean} - */ - DISABLE_RINGING: false, - - /** - * Whether the speech to text transcription subtitles panel is disabled. - * If {@code undefined}, defaults to {@code false}. - * - * @type {boolean} - */ - DISABLE_TRANSCRIPTION_SUBTITLES: {{ matrix_jitsi_web_interface_config_disable_transcription_subtitles|to_json }}, - - /** - * Whether or not the blurred video background for large video should be - * displayed on browsers that can support it. - */ - DISABLE_VIDEO_BACKGROUND: false, - - DISPLAY_WELCOME_FOOTER: true, - DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false, - DISPLAY_WELCOME_PAGE_CONTENT: {{ matrix_jitsi_web_interface_config_display_welcome_page_content|to_json }}, - DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false, - - ENABLE_DIAL_OUT: true, - - ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation. - - FILM_STRIP_MAX_HEIGHT: 120, - - GENERATE_ROOMNAMES_ON_WELCOME_PAGE: {{ matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page|to_json }}, - - /** - * Hide the logo on the deep linking pages. - */ - HIDE_DEEP_LINKING_LOGO: false, - - /** - * Hide the invite prompt in the header when alone in the meeting. - */ - HIDE_INVITE_MORE_HEADER: false, - - INITIAL_TOOLBAR_TIMEOUT: 20000, - JITSI_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_jitsi_watermark_link|to_json }}, - - LANG_DETECTION: {{ matrix_jitsi_web_interface_config_lang_detection|to_json }}, // Allow i18n to detect the system language - LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature. - LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9 - - /** - * Maximum coefficient of the ratio of the large video to the visible area - * after the large video is scaled to fit the window. - * - * @type {number} - */ - MAXIMUM_ZOOMING_COEFFICIENT: 1.3, - - /** - * Whether the mobile app Jitsi Meet is to be promoted to participants - * attempting to join a conference in a mobile Web browser. If - * {@code undefined}, defaults to {@code true}. - * - * @type {boolean} - */ - MOBILE_APP_PROMO: true, - - /** - * Specify custom URL for downloading android mobile app. - */ - MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet', - - /** - * Specify custom URL for downloading f droid app. - */ - MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/', - - /** - * Specify URL for downloading ios mobile app. - */ - MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905', - - NATIVE_APP_NAME: {{ matrix_jitsi_web_interface_config_native_app_name|to_json }}, - - // Names of browsers which should show a warning stating the current browser - // has a suboptimal experience. Browsers which are not listed as optimal or - // unsupported are considered suboptimal. Valid values are: - // chrome, chromium, edge, electron, firefox, nwjs, opera, safari - OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ], - - POLICY_LOGO: null, - PROVIDER_NAME: {{ matrix_jitsi_web_interface_config_provider_name|to_json }}, - - /** - * If true, will display recent list - * - * @type {boolean} - */ - RECENT_LIST_ENABLED: true, - REMOTE_THUMBNAIL_RATIO: 1, // 1:1 - - SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ], - SHOW_BRAND_WATERMARK: {{ matrix_jitsi_web_interface_config_show_brand_watermark|to_json }}, - - /** - * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting. - * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s) - * being already installed is done before rendering. - */ - SHOW_CHROME_EXTENSION_BANNER: false, - - SHOW_DEEP_LINKING_IMAGE: {{ matrix_jitsi_web_interface_config_show_deep_linking_image|to_json }}, - SHOW_JITSI_WATERMARK: {{ matrix_jitsi_web_interface_config_show_jitsi_watermark|to_json }}, - SHOW_POWERED_BY: {{ matrix_jitsi_web_interface_config_show_powered_by|to_json }}, - SHOW_PROMOTIONAL_CLOSE_PAGE: false, - - /* - * If indicated some of the error dialogs may point to the support URL for - * help. - */ - SUPPORT_URL: 'https://community.jitsi.org/', - - TOOLBAR_ALWAYS_VISIBLE: false, - - /** - * The name of the toolbar buttons to display in the toolbar, including the - * "More actions" menu. If present, the button will display. Exceptions are - * "livestreaming" and "recording" which also require being a moderator and - * some values in config.js to be enabled. Also, the "profile" button will - * not display for users with a JWT. - * Notes: - * - it's impossible to choose which buttons go in the "More actions" menu - * - it's impossible to control the placement of buttons - * - 'desktop' controls the "Share your screen" button - */ - TOOLBAR_BUTTONS: [ - {% if matrix_jitsi_enable_transcriptions %} - 'closedcaptions', - {% endif %} - {% if matrix_jitsi_enable_recording %} - 'recording', - {% endif %} - 'microphone', 'camera', 'desktop', 'embedmeeting', 'fullscreen', - 'fodeviceselection', 'hangup', 'profile', 'chat', - 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', - 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', - 'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security' - ], - - TOOLBAR_TIMEOUT: 4000, - - // Browsers, in addition to those which do not fully support WebRTC, that - // are not supported and should show the unsupported browser page. - UNSUPPORTED_BROWSERS: [], - - /** - * Whether to show thumbnails in filmstrip as a column instead of as a row. - */ - VERTICAL_FILMSTRIP: true, - - // Determines how the video would fit the screen. 'both' would fit the whole - // screen, 'height' would fit the original video height to the height of the - // screen, 'width' would fit the original video width to the width of the - // screen respecting ratio. - VIDEO_LAYOUT_FIT: 'both', - - /** - * If true, hides the video quality label indicating the resolution status - * of the current large video. - * - * @type {boolean} - */ - VIDEO_QUALITY_LABEL_DISABLED: false, - - /** - * How many columns the tile view can expand to. The respected range is - * between 1 and 5. - */ - // TILE_VIEW_MAX_COLUMNS: 5, - - /** - * Specify Firebase dynamic link properties for the mobile apps. - */ - // MOBILE_DYNAMIC_LINK: { - // APN: 'org.jitsi.meet', - // APP_CODE: 'w2atb', - // CUSTOM_DOMAIN: undefined, - // IBI: 'com.atlassian.JitsiMeet.ios', - // ISI: '1165103905' - // }, - - /** - * Specify mobile app scheme for opening the app from the mobile browser. - */ - // APP_SCHEME: 'org.jitsi.meet', - - /** - * Specify the Android app package name. - */ - // ANDROID_APP_PACKAGE: 'org.jitsi.meet', - - /** - * Override the behavior of some notifications to remain displayed until - * explicitly dismissed through a user action. The value is how long, in - * milliseconds, those notifications should remain displayed. - */ - // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000, - - // List of undocumented settings - /** - INDICATOR_FONT_SIZES - PHONE_NUMBER_REGEX - */ - - // Allow all above example options to include a trailing comma and - // prevent fear when commenting out the last value. - // eslint-disable-next-line sort-keys - makeJsonParserHappy: 'even if last key had a trailing comma' - - // No configuration value should follow this line. -}; - - -{{ matrix_jitsi_web_custom_interface_config_extension }} - - -/* eslint-enable no-unused-vars, no-var, max-len */ diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 deleted file mode 100644 index 5d386361..00000000 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ /dev/null @@ -1,38 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix jitsi-web server -{% for service in matrix_jitsi_web_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --network-alias={{ matrix_jitsi_xmpp_domain }} \ - --env-file={{ matrix_jitsi_web_base_path }}/env \ - {% if matrix_jitsi_web_container_http_host_bind_port %} - -p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \ - {% endif %} - --mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \ - --mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \ - {% for arg in matrix_jitsi_web_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_jitsi_web_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-jitsi-web - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml deleted file mode 100644 index f91189f5..00000000 --- a/roles/matrix-ma1sd/defaults/main.yml +++ /dev/null @@ -1,161 +0,0 @@ -# ma1sd is a Federated Matrix Identity Server -# See: https://github.com/ma1uta/ma1sd - -matrix_ma1sd_enabled: true - -matrix_ma1sd_container_image_self_build: false -matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git" -matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}" - -matrix_ma1sd_version: "2.5.0" - -matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}" -matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}" - -matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd" -# We need the docker src directory to be named ma1sd. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/588 -matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1sd" -matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config" -matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data" - -# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8090"), or empty string to not expose. -matrix_ma1sd_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_ma1sd_container_extra_arguments: [] - -# List of systemd services that matrix-ma1sd.service depends on -matrix_ma1sd_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-ma1sd.service wants -matrix_ma1sd_systemd_wanted_services_list: [] - -# Your identity server is private by default. -# To ensure maximum discovery, you can make your identity server -# also forward lookups to the central matrix.org Identity server -# (at the cost of potentially leaking all your contacts information). -# Enabling this is discouraged. Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups -matrix_ma1sd_matrixorg_forwarding_enabled: false - - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_ma1sd_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_ma1sd_postgres_*` variables -matrix_ma1sd_database_engine: 'sqlite' - -matrix_ma1sd_sqlite_database_path_local: "{{ matrix_ma1sd_data_path }}/ma1sd.db" -matrix_ma1sd_sqlite_database_path_in_container: "/var/ma1sd/ma1sd.db" - -matrix_ma1sd_database_username: 'matrix_ma1sd' -matrix_ma1sd_database_password: 'some-password' -matrix_ma1sd_database_hostname: 'matrix-postgres' -matrix_ma1sd_database_port: 5432 -matrix_ma1sd_database_name: 'matrix_ma1sd' - -matrix_ma1sd_database_connection_string: 'postgresql://{{ matrix_ma1sd_database_username }}:{{ matrix_ma1sd_database_password }}@{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}' - - -# ma1sd has serveral supported identity stores. -# One of them is storing identities directly in Synapse's database. -# Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md -matrix_ma1sd_synapsesql_enabled: false -matrix_ma1sd_synapsesql_type: "" -matrix_ma1sd_synapsesql_connection: "" - -# Setting up email-sending settings is required for using ma1sd. -matrix_ma1sd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}" -matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "" -matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 587 -matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 1 -matrix_ma1sd_threepid_medium_email_connectors_smtp_login: "" -matrix_ma1sd_threepid_medium_email_connectors_smtp_password: "" - -# DNS overwrites are useful for telling ma1sd how it can reach the homeserver directly. -# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to ma1sd, -# so that ma1sd can rewrite the original URL to one that would reach the homeserver. -matrix_ma1sd_dns_overwrite_enabled: false -matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" -matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" - -# Override the default session templates -# To use this, fill in the template variables with the full desired template as a multi-line YAML variable -# -# More info: -# https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/session/session-views.md -matrix_ma1sd_view_session_custom_templates_enabled: false -# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitSuccess.html -matrix_ma1sd_view_session_custom_onTokenSubmit_success_template: "" -# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitFailure.html -matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template: "" - -# Override the default email templates -# To use this, fill in the template variables with the full desired template as a multi-line YAML variable -# -# More info: -# https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md -# https://github.com/ma1uta/ma1sd/tree/master/src/main/resources/threepids/email -matrix_ma1sd_threepid_medium_email_custom_templates_enabled: false -# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/invite-template.eml -matrix_ma1sd_threepid_medium_email_custom_invite_template: "" -# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/validate-template.eml -matrix_ma1sd_threepid_medium_email_custom_session_validation_template: "" -# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/unbind-notification.eml -matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template: "" -# Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/mxid-template.eml -matrix_ma1sd_threepid_medium_email_custom_matrixid_template: "" - -# Controls whether the self-check feature should validate SSL certificates. -matrix_ma1sd_self_check_validate_certificates: true - -# Controls ma1sd logging verbosity for troubleshooting. -# -# According to: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity -matrix_ma1sd_verbose_logging: false - -# Setting up support for API prefixes -matrix_ma1sd_v1_enabled: true -matrix_ma1sd_v2_enabled: true - -# Fix for missing 3PIDS bug -matrix_ma1sd_hashing_enabled: true - -# Default ma1sd configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}" - -matrix_ma1sd_configuration_extension_yaml: | - # Your custom YAML configuration for ma1sd goes here. - # This configuration extends the default starting configuration (`matrix_ma1sd_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_ma1sd_configuration_yaml`. - # - # Example configuration extension follows: - # - # ldap: - # enabled: true - # connection: - # host: ldapHostnameOrIp - # tls: false - # port: 389 - # baseDNs: ['OU=Users,DC=example,DC=org'] - # bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org - # bindPassword: TheUserPassword - -matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final ma1sd configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`. -matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml|from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/matrix-ma1sd/tasks/init.yml deleted file mode 100644 index 04cc3a21..00000000 --- a/roles/matrix-ma1sd/tasks/init.yml +++ /dev/null @@ -1,10 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled|bool" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}" - when: matrix_ma1sd_enabled|bool diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/matrix-ma1sd/tasks/main.yml deleted file mode 100644 index 0b8a114e..00000000 --- a/roles/matrix-ma1sd/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_ma1sd_enabled|bool" - tags: - - setup-all - - setup-ma1sd - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_ma1sd_enabled|bool" - tags: - - setup-all - - setup-ma1sd - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_ma1sd_enabled|bool" - tags: - - setup-all - - setup-ma1sd - -- import_tasks: "{{ role_path }}/tasks/self_check_ma1sd.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check|bool and matrix_ma1sd_enabled|bool" - tags: - - self-check diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml deleted file mode 100644 index 1d966204..00000000 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- - -# This task is for migrating existing mxisd data when transitioning to the ma1sd fork. - -- name: Check for existent mxisd data - stat: - path: "{{ matrix_base_data_path }}/mxisd/data" - register: ma1sd_migrate_mxisd_data_dir_stat - -- name: Warn if mxisd data detected - debug: - msg: > - You seem to have an existing mxisd folder in `{{ matrix_base_data_path }}/mxisd`. - We are going to migrate it to ma1sd and rename the folder to mxisd.migrated. - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - -- name: Check existence of old matrix-mxisd service - stat: - path: "{{ matrix_systemd_path }}/matrix-mxisd.service" - register: matrix_mxisd_service_stat - -- name: Ensure matrix-mxisd is stopped - service: - name: matrix-mxisd - state: stopped - daemon_reload: yes - when: "matrix_mxisd_service_stat.stat.exists" - -- name: Check existence of matrix-ma1sd service - stat: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" - register: matrix_ma1sd_service_stat - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - -- name: Ensure matrix-ma1sd is stopped - service: - name: matrix-ma1sd - state: stopped - daemon_reload: yes - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists" - -# We use shell commands for the migration, because the Ansible copy module cannot -# recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. -- block: - - name: Copy mxisd data files to ma1sd folder - command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - - - name: Check existence of mxisd.db file - stat: - path: "{{ matrix_ma1sd_data_path }}/mxisd.db" - register: matrix_ma1sd_mxisd_db_stat - - - name: Rename database (mxisd.db -> ma1sd.db) - command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" - when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - - - name: Rename mxisd folder - command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - -- name: Ensure outdated matrix-mxisd.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-mxisd.service" - state: absent - when: "matrix_mxisd_service_stat.stat.exists" - -- name: Ensure systemd reloaded after removing outdated matrix-mxisd.service - service: - daemon_reload: yes - when: "matrix_mxisd_service_stat.stat.exists" - - diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml deleted file mode 100644 index b8a7faaa..00000000 --- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- set_fact: - ma1sd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1" - -- name: Check ma1sd Identity Service - uri: - url: "{{ ma1sd_url_endpoint_public }}" - follow_redirects: none - validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}" - check_mode: no - register: result_ma1sd - ignore_errors: true - -- name: Fail if ma1sd Identity Service not working - fail: - msg: "Failed checking ma1sd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ ma1sd_url_endpoint_public }}`). Is ma1sd running? Is port 443 open in your firewall? Full error: {{ result_ma1sd }}" - when: "result_ma1sd.failed or 'json' not in result_ma1sd" - -- name: Report working ma1sd Identity Service - debug: - msg: "ma1sd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ ma1sd_url_endpoint_public }}`)" diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml deleted file mode 100644 index 3f319eef..00000000 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ /dev/null @@ -1,167 +0,0 @@ ---- - -- name: Ensure ma1sd paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_ma1sd_config_path }}", when: true } - - { path: "{{ matrix_ma1sd_data_path }}", when: true } - - { path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} - when: "item.when|bool" - -- import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" - - -# These (SQLite -> Postgres) migration tasks are usually at the top, -# but we'd like to run them after `migrate_mxisd.yml`, which requires the ma1sd paths to exist. -- set_fact: - matrix_ma1sd_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_ma1sd_sqlite_database_path_local }}" - register: matrix_ma1sd_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_ma1sd_sqlite_database_path_local }}" - dst: "{{ matrix_ma1sd_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_ma1sd_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-ma1sd.service'] - pgloader_options: ['--with "quote identifiers"'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_ma1sd_requires_restart: true - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_ma1sd_database_engine == 'postgres'" - -- name: Ensure ma1sd image is pulled - docker_image: - name: "{{ matrix_ma1sd_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" - when: "not matrix_ma1sd_container_image_self_build|bool" - -- block: - - name: Ensure gradle is installed for self-building (Debian) - apt: - name: - - gradle - state: present - update_cache: yes - when: (ansible_os_family == 'Debian') - - - name: Ensure gradle is installed for self-building (CentOS) - fail: - msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" - when: ansible_distribution == 'CentOS' - - - name: Ensure gradle is installed for self-building (Archlinux) - pacman: - name: - - gradle - state: latest - update_cache: yes - when: ansible_distribution == 'Archlinux' - - - name: Ensure ma1sd repository is present on self-build - git: - repo: "{{ matrix_ma1sd_container_image_self_build_repo }}" - dest: "{{ matrix_ma1sd_docker_src_files_path }}" - version: "{{ matrix_ma1sd_container_image_self_build_branch }}" - force: "yes" - register: matrix_ma1sd_git_pull_results - - - name: Ensure ma1sd Docker image is built - shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" - args: - chdir: "{{ matrix_ma1sd_docker_src_files_path }}" - - - name: Ensure ma1sd Docker image is tagged correctly - docker_image: - # The build script always tags the image with 2 tags: - # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) - # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) - # - generic one: `ma1uta/ma1sd:latest-dev` - # - # It's hard to predict the first one, so we'll use the latter. - name: "ma1uta/ma1sd:latest-dev" - repository: "{{ matrix_ma1sd_docker_image }}" - force_tag: yes - source: local - when: "matrix_ma1sd_container_image_self_build|bool" - -- name: Ensure ma1sd config installed - copy: - content: "{{ matrix_ma1sd_configuration|to_nice_yaml }}" - dest: "{{ matrix_ma1sd_config_path }}/ma1sd.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure custom view templates are installed, if any - copy: - content: "{{ item.value }}" - dest: "{{ matrix_ma1sd_config_path }}/{{ item.location }}" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {value: "{{ matrix_ma1sd_view_session_custom_onTokenSubmit_success_template }}", location: 'tokenSubmitSuccess.html'} - - {value: "{{ matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template }}", location: 'tokenSubmitFailure.html'} - when: "matrix_ma1sd_view_session_custom_templates_enabled|bool and item.value" - -- name: Ensure custom email templates are installed, if any - copy: - content: "{{ item.value }}" - dest: "{{ matrix_ma1sd_config_path }}/{{ item.location }}" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_invite_template }}", location: 'invite-template.eml'} - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'} - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template }}", location: 'unbind-notification.eml'} - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'} - when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value" - -# Only cleaning up for people who define the respective templates -- name: (Cleanup) Ensure custom email templates are not in data/ anymore (we've put them in config/) - file: - path: "{{ matrix_ma1sd_data_path }}/{{ item.location }}" - state: absent - with_items: - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_invite_template }}", location: 'invite-template.eml'} - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'} - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template }}", location: 'unbind-notification.eml'} - - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'} - when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value" - -- name: Ensure matrix-ma1sd.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-ma1sd.service" - mode: 0644 - register: matrix_ma1sd_systemd_service_result - -- name: Ensure systemd reloaded after matrix-ma1sd.service installation - service: - daemon_reload: yes - when: "matrix_ma1sd_systemd_service_result.changed|bool" - -- name: Ensure matrix-ma1sd.service restarted, if necessary - service: - name: "matrix-ma1sd.service" - state: restarted - when: "matrix_ma1sd_requires_restart|bool" diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml deleted file mode 100644 index b36ab508..00000000 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-ma1sd service - stat: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" - register: matrix_ma1sd_service_stat - -- name: Ensure matrix-ma1sd is stopped - service: - name: matrix-ma1sd - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_ma1sd_service_stat.stat.exists|bool" - -- name: Ensure matrix-ma1sd.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" - state: absent - when: "matrix_ma1sd_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-ma1sd.service removal - service: - daemon_reload: yes - when: "matrix_ma1sd_service_stat.stat.exists|bool" - -- name: Ensure Matrix ma1sd paths don't exist - file: - path: "{{ matrix_ma1sd_base_path }}" - state: absent - -- name: Ensure ma1sd Docker image doesn't exist - docker_image: - name: "{{ matrix_ma1sd_docker_image }}" - state: absent diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/matrix-ma1sd/tasks/validate_config.yml deleted file mode 100644 index 4f80b154..00000000 --- a/roles/matrix-ma1sd/tasks/validate_config.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- - -- name: (Deprecation) Warn about ma1sd variables that are not used anymore - fail: - msg: > - The `{{ item }}` variable defined in your configuration is not used by this playbook anymore! - You'll need to adapt to the new way of extending ma1sd configuration. - See the CHANGELOG and the `matrix_ma1sd_configuration_extension_yaml` variable for more information and examples. - when: "item in vars" - with_items: - - 'matrix_ma1sd_ldap_enabled' - - 'matrix_ma1sd_ldap_connection_host' - - 'matrix_ma1sd_ldap_connection_tls' - - 'matrix_ma1sd_ldap_connection_port' - - 'matrix_ma1sd_ldap_connection_baseDn' - - 'matrix_ma1sd_ldap_connection_baseDns' - - 'matrix_ma1sd_ldap_connection_bindDn' - - 'matrix_ma1sd_ldap_connection_bindPassword' - - 'matrix_ma1sd_ldap_filter' - - 'matrix_ma1sd_ldap_attribute_uid_type' - - 'matrix_ma1sd_ldap_attribute_uid_value' - - 'matrix_ma1sd_ldap_connection_bindPassword' - - 'matrix_ma1sd_ldap_attribute_name' - - 'matrix_ma1sd_ldap_attribute_threepid_email' - - 'matrix_ma1sd_ldap_attribute_threepid_msisdn' - - 'matrix_ma1sd_ldap_identity_filter' - - 'matrix_ma1sd_ldap_identity_medium' - - 'matrix_ma1sd_ldap_auth_filter' - - 'matrix_ma1sd_ldap_directory_filter' - - 'matrix_ma1sd_template_config' - - 'matrix_ma1sd_architecture' - -- name: Ensure ma1sd configuration does not contain any dot-notation keys - fail: - msg: > - Since version 1.3.0, ma1sd will not accept property-style configuration keys. - You have defined a key (`{{ item.key }}`) which contains a dot. - Instead, use nesting. See: https://github.com/ma1uta/ma1sd/wiki/Upgrade-Notes#v130 - when: "'.' in item.key" - with_dict: "{{ matrix_ma1sd_configuration }}" - -- name: Fail if required ma1sd settings not defined - fail: - msg: > - You need to define a required configuration setting (`{{ item }}`) for using ma1sd. - when: "vars[item] == ''" - with_items: - - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host" - -- name: (Deprecation) Catch and report renamed ma1sd variables - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict" - with_items: - - {'old': 'matrix_ma1sd_container_expose_port', 'new': ''} - - {'old': 'matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template', 'new': 'matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template'} - -- name: (Deprecation) Catch and report mxisd variables - fail: - msg: >- - mxisd is deprecated and has been replaced with ma1sd (https://github.com/ma1uta/ma1sd), a compatible fork. - The playbook will migrate your existing mxisd configuration and data automatically, but you need to adjust variable names. - Please change your configuration (vars.yml) to rename all mxisd variables (`{{ item.old }}` -> `{{ item.new }}`). - when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict" - with_items: - - {'old': 'matrix_mxisd_.*', 'new': 'matrix_ma1sd_.*'} diff --git a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 b/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 deleted file mode 100644 index a4100adc..00000000 --- a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 +++ /dev/null @@ -1,104 +0,0 @@ -#jinja2: lstrip_blocks: True -matrix: - domain: {{ matrix_domain }} - v1: {{ matrix_ma1sd_v1_enabled|to_json }} - v2: {{ matrix_ma1sd_v2_enabled|to_json }} - -server: - name: {{ matrix_server_fqn_matrix }} - -key: - path: /var/ma1sd/sign.key - -storage: - {% if matrix_ma1sd_database_engine == 'sqlite' %} - backend: sqlite - provider: - sqlite: - database: {{ matrix_ma1sd_sqlite_database_path_in_container|to_json }} - {% elif matrix_ma1sd_database_engine == 'postgres' %} - backend: postgresql - provider: - postgresql: - database: //{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }} - username: {{ matrix_ma1sd_database_username|to_json }} - password: {{ matrix_ma1sd_database_password|to_json }} - {% endif %} - -{% if matrix_ma1sd_dns_overwrite_enabled %} -dns: - overwrite: - homeserver: - client: - - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }} - value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }} -{% endif %} - -{% if matrix_ma1sd_matrixorg_forwarding_enabled %} -forward: - servers: ['matrix-org'] -{% endif %} - -threepid: - medium: - email: - identity: - from: {{ matrix_ma1sd_threepid_medium_email_identity_from }} - connectors: - smtp: - host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }} - port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }} - tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }} - login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }} - password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }} -{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %} - generators: - template: - {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %} - invite: '/etc/ma1sd/invite-template.eml' - {% endif %} - {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template %} - session: - {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %} - validation: '/etc/ma1sd/validate-template.eml' - {% endif %} - {% if matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template %} - unbind: - notification: '/etc/ma1sd/unbind-notification.eml' - {% endif %} - {% endif %} - {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %} - generic: - matrixId: '/etc/ma1sd/mxid-template.eml' - {% endif %} -{% endif %} - -{% if matrix_ma1sd_view_session_custom_templates_enabled %} -view: - session: - onTokenSubmit: - {% if matrix_ma1sd_view_session_custom_onTokenSubmit_success_template %} - success: '/etc/ma1sd/tokenSubmitSuccess.html' - {% endif %} - {% if matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template %} - failure: '/etc/ma1sd/tokenSubmitFailure.html' - {% endif %} -{% endif %} - -{% if matrix_ma1sd_hashing_enabled %} -hashing: - enabled: true # enable or disable the hash lookup MSC2140 (default is false) - pepperLength: 20 # length of the pepper value (default is 20) - rotationPolicy: per_requests # or `per_seconds` how often the hashes will be updating - hashStorageType: sql # or `in_memory` where the hashes will be stored - algorithms: - - none # the same as v1 bulk lookup - - sha256 # hash the 3PID and pepper. - delay: 2m # how often hashes will be updated if rotation policy = per_seconds (default is 10s) - requests: 10 -{% endif %} - -synapseSql: - enabled: {{ matrix_ma1sd_synapsesql_enabled|to_json }} - type: {{ matrix_ma1sd_synapsesql_type|to_json }} - connection: {{ matrix_ma1sd_synapsesql_connection|to_json }} diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 deleted file mode 100644 index c2adffc0..00000000 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ /dev/null @@ -1,48 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix ma1sd Identity server -{% for service in matrix_ma1sd_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_ma1sd_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' - -# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, -# so /tmp needs to be mounted with an exec option. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --tmpfs=/tmp:rw,exec,nosuid,size=10m \ - --network={{ matrix_docker_network }} \ - {% if matrix_ma1sd_container_http_host_bind_port %} - -p {{ matrix_ma1sd_container_http_host_bind_port }}:8090 \ - {% endif %} - {% if matrix_ma1sd_verbose_logging %} - -e MA1SD_LOG_LEVEL=debug \ - {% endif %} - --mount type=bind,src={{ matrix_ma1sd_config_path }},dst=/etc/ma1sd,ro \ - --mount type=bind,src={{ matrix_ma1sd_data_path }},dst=/var/ma1sd \ - {% for arg in matrix_ma1sd_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_ma1sd_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-ma1sd - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-ma1sd/vars/main.yml b/roles/matrix-ma1sd/vars/main.yml deleted file mode 100644 index b6c97a59..00000000 --- a/roles/matrix-ma1sd/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -# Doing `|from_yaml` when the extension contains nothing yields an empty string (""). -# We need to ensure it's a dictionary or `|combine` (when building `matrix_ma1sd_configuration`) will fail later. -matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml else {} }}" diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml deleted file mode 100644 index 481864d3..00000000 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -# matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics -# See: https://prometheus.io/docs/guides/node-exporter/ - -matrix_prometheus_node_exporter_enabled: false - -matrix_prometheus_node_exporter_version: v1.2.2 -matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" -matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_prometheus_node_exporter_container_extra_arguments: [] - -# List of systemd services that matrix-prometheus.service depends on -matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-prometheus.service wants -matrix_prometheus_node_exporter_systemd_wanted_services_list: [] - -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). -# -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. -# -# Official recommendations are to run this container with `--net=host`, -# but we don't do that, since it: -# - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) -# -# Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, -# but that's trickier to accomplish and won't necessarily work (hasn't been tested). -# -# Not using `--net=host` means that our network statistic reports are likely broken (inaccurate), -# because node-exporter can't see all interfaces, etc. -# For now, we'll live with that, until someone develops a better solution. -matrix_prometheus_node_exporter_container_http_host_bind_port: '' diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml deleted file mode 100644 index 2894b717..00000000 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" - when: matrix_prometheus_node_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/matrix-prometheus-node-exporter/tasks/main.yml deleted file mode 100644 index 172b5721..00000000 --- a/roles/matrix-prometheus-node-exporter/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/setup.yml" - tags: - - setup-all - - setup-prometheus-node-exporter diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml deleted file mode 100644 index 34086e6c..00000000 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-prometheus-node-exporter -# - -- name: Ensure matrix-prometheus-node-exporter image is pulled - docker_image: - name: "{{ matrix_prometheus_node_exporter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" - when: "matrix_prometheus_node_exporter_enabled|bool" - -- name: Ensure matrix-prometheus-node-exporter.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" - mode: 0644 - register: matrix_prometheus_node_exporter_systemd_service_result - when: matrix_prometheus_node_exporter_enabled|bool - -- name: Ensure systemd reloaded after matrix-prometheus.service installation - service: - daemon_reload: yes - when: "matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-prometheus-node-exporter (if it was previously enabled) -# - -- name: Check existence of matrix-prometheus-node-exporter service - stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" - register: matrix_prometheus_node_exporter_service_stat - -- name: Ensure matrix-prometheus-node-exporter is stopped - service: - name: matrix-prometheus-node-exporter - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - -- name: Ensure matrix-prometheus-node-exporter.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" - state: absent - when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal - service: - daemon_reload: yes - when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 deleted file mode 100644 index 210a0d97..00000000 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ /dev/null @@ -1,44 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-prometheus-node-exporter -{% for service in matrix_prometheus_node_exporter_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_prometheus_node_exporter_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' - - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% for arg in matrix_prometheus_node_exporter_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_prometheus_node_exporter_container_http_host_bind_port %} - -p {{ matrix_prometheus_node_exporter_container_http_host_bind_port }}:9100 \ - {% endif %} - --pid=host \ - --mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ - {{ matrix_prometheus_node_exporter_docker_image }} \ - --path.rootfs=/host - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-prometheus-node-exporter - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml deleted file mode 100644 index 0857d3e7..00000000 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ /dev/null @@ -1,49 +0,0 @@ -# matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics -# See: https://github.com/prometheus-community/postgres_exporter - -matrix_prometheus_postgres_exporter_enabled: false - -matrix_prometheus_postgres_exporter_version: v0.10.0 -matrix_prometheus_postgres_exporter_port: 9187 - -matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" -matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_prometheus_postgres_exporter_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true", - "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{matrix_prometheus_postgres_exporter_port}}\"", - "-e DATA_SOURCE_NAME=\"postgresql://{{matrix_prometheus_postgres_exporter_database_username}}:{{matrix_prometheus_postgres_exporter_database_password}}@{{matrix_prometheus_postgres_exporter_database_hostname}}:5432/{{matrix_prometheus_postgres_exporter_database_name}}?sslmode=disable\"" ] - -# List of systemd services that matrix-prometheus-postgres-exporter.service depends on -matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-prometheus-postgres-exporter.service wants -matrix_prometheus_postgres_exporter_systemd_wanted_services_list: [] - -# details for connecting to the database -matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' -matrix_prometheus_postgres_exporter_database_password: 'some-password' -matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres' -matrix_prometheus_postgres_exporter_database_port: 5432 -matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' - - -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). -# -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. -# -# Official recommendations are to run this container with `--net=host`, -# but we don't do that, since it: -# - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) -# -# Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, -# but that's trickier to accomplish and won't necessarily work (hasn't been tested). -# -# Not using `--net=host` means that our network statistic reports are likely broken (inaccurate), -# because node-exporter can't see all interfaces, etc. -# For now, we'll live with that, until someone develops a better solution. -matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' - -matrix_prometheus_postgres_exporter_dashboard_urls: -- "https://grafana.com/api/dashboards/9628/revisions/7/download" \ No newline at end of file diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml deleted file mode 100644 index 2bd6904e..00000000 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" - when: matrix_prometheus_postgres_exporter_enabled|bool - - diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/matrix-prometheus-postgres-exporter/tasks/main.yml deleted file mode 100644 index e3c364fa..00000000 --- a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/setup.yml" - tags: - - setup-all - - setup-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml deleted file mode 100644 index 076ece1a..00000000 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-prometheus-postgres-exporter -# - -- name: Ensure matrix-prometheus-postgres-exporter image is pulled - docker_image: - name: "{{ matrix_prometheus_postgres_exporter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" - when: "matrix_prometheus_postgres_exporter_enabled|bool" - -- name: Ensure matrix-prometheus-postgres-exporter.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" - mode: 0644 - register: matrix_prometheus_postgres_exporter_systemd_service_result - when: matrix_prometheus_postgres_exporter_enabled|bool - -- name: Ensure systemd reloaded after matrix-prometheus.service installation - service: - daemon_reload: yes - when: "matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-prometheus-postgres-exporter (if it was previously enabled) -# - -- name: Check existence of matrix-prometheus-postgres-exporter service - stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" - register: matrix_prometheus_postgres_exporter_service_stat - -- name: Ensure matrix-prometheus-postgres-exporter is stopped - service: - name: matrix-prometheus-postgres-exporter - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - -- name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" - state: absent - when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal - service: - daemon_reload: yes - when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 deleted file mode 100644 index b25cb5de..00000000 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-prometheus-postgres-exporter -{% for service in matrix_prometheus_postgres_exporter_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_prometheus_postgres_exporter_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' - - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% for arg in matrix_prometheus_postgres_exporter_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_prometheus_postgres_exporter_container_http_host_bind_port %} - -p {{ matrix_prometheus_postgres_exporter_container_http_host_bind_port }}:{{matrix_prometheus_postgres_exporter_port}} \ - {% endif %} - --pid=host \ - {{ matrix_prometheus_postgres_exporter_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-prometheus-postgres-exporter - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml deleted file mode 100644 index dc43eb48..00000000 --- a/roles/matrix-prometheus/defaults/main.yml +++ /dev/null @@ -1,67 +0,0 @@ -# matrix-prometheus is an open-source systems monitoring and alerting toolkit -# See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md - -matrix_prometheus_enabled: false - -matrix_prometheus_version: v2.29.2 -matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" -matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" - -matrix_prometheus_base_path: "{{ matrix_base_data_path }}/prometheus" -matrix_prometheus_config_path: "{{ matrix_prometheus_base_path }}/config" -matrix_prometheus_data_path: "{{ matrix_prometheus_base_path }}/data" - -# A list of extra arguments to pass to the container -matrix_prometheus_container_extra_arguments: [] - -# List of systemd services that matrix-prometheus.service depends on -matrix_prometheus_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-prometheus.service wants -matrix_prometheus_systemd_wanted_services_list: [] - -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9090 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. -matrix_prometheus_container_http_host_bind_port: '' - -# Tells whether the "synapse" scraper configuration is enabled. -matrix_prometheus_scraper_synapse_enabled: false - -# Tells whether to download and load a Synapse rules file -matrix_prometheus_scraper_synapse_rules_enabled: "{{ matrix_prometheus_scraper_synapse_enabled }}" -matrix_prometheus_scraper_synapse_rules_synapse_tag: "master" -matrix_prometheus_scraper_synapse_rules_download_url: "https://raw.githubusercontent.com/matrix-org/synapse/{{ matrix_prometheus_scraper_synapse_rules_synapse_tag }}/contrib/prometheus/synapse-v2.rules" - -matrix_prometheus_scraper_synapse_targets: [] -matrix_prometheus_scraper_synapse_workers_enabled_list: [] - -# Tells whether the "node" scraper configuration is enabled. -# This configuration aims to scrape the current node (this server). -matrix_prometheus_scraper_node_enabled: false - -# Target addresses for the "node" scraper configuration. -# Unless you define this as a non-empty list, it gets populated at runtime with the IP address of `matrix-prometheus-node-exporter` and port 9100. -matrix_prometheus_scraper_node_targets: [] - -# Default prometheus configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_prometheus_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_prometheus_configuration_yaml: "{{ lookup('template', 'templates/prometheus.yml.j2') }}" - -matrix_prometheus_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_prometheus_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_prometheus_configuration_yaml`. - -matrix_prometheus_configuration_extension: "{{ matrix_prometheus_configuration_extension_yaml|from_yaml if matrix_prometheus_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_prometheus_configuration_yaml`. -matrix_prometheus_configuration: "{{ matrix_prometheus_configuration_yaml|from_yaml|combine(matrix_prometheus_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/matrix-prometheus/tasks/init.yml deleted file mode 100644 index 12fae831..00000000 --- a/roles/matrix-prometheus/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" - when: matrix_prometheus_enabled|bool - - diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/matrix-prometheus/tasks/main.yml deleted file mode 100644 index 20f18cc3..00000000 --- a/roles/matrix-prometheus/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_prometheus_enabled|bool" - tags: - - setup-all - - setup-prometheus - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_prometheus_enabled|bool" - tags: - - setup-all - - setup-prometheus - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_prometheus_enabled|bool" - tags: - - setup-all - - setup-prometheus diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml deleted file mode 100644 index 15a69279..00000000 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- name: Ensure matrix-prometheus image is pulled - docker_image: - name: "{{ matrix_prometheus_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" - -- name: Ensure Prometheus paths exists - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_prometheus_base_path }}" - - "{{ matrix_prometheus_config_path }}" - - "{{ matrix_prometheus_data_path }}" - -- name: Download synapse-v2.rules - get_url: - url: "{{ matrix_prometheus_scraper_synapse_rules_download_url }}" - dest: "{{ matrix_prometheus_config_path }}/synapse-v2.rules" - force: true - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: "matrix_prometheus_scraper_synapse_rules_enabled|bool" - -- name: Ensure prometheus.yml installed - copy: - content: "{{ matrix_prometheus_configuration|to_nice_yaml }}" - dest: "{{ matrix_prometheus_config_path }}/prometheus.yml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-prometheus.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus.service" - mode: 0644 - register: matrix_prometheus_systemd_service_result - -- name: Ensure systemd reloaded after matrix-prometheus.service installation - service: - daemon_reload: yes - when: "matrix_prometheus_systemd_service_result.changed|bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml deleted file mode 100644 index dd46a222..00000000 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Check existence of matrix-prometheus service - stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus.service" - register: matrix_prometheus_service_stat - -- name: Ensure matrix-prometheus is stopped - service: - name: matrix-prometheus - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_prometheus_service_stat.stat.exists|bool" - -- name: Ensure matrix-prometheus.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-prometheus.service" - state: absent - when: "matrix_prometheus_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-prometheus.service removal - service: - daemon_reload: yes - when: "matrix_prometheus_service_stat.stat.exists|bool" diff --git a/roles/matrix-prometheus/tasks/validate_config.yml b/roles/matrix-prometheus/tasks/validate_config.yml deleted file mode 100644 index 9fcfe12b..00000000 --- a/roles/matrix-prometheus/tasks/validate_config.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Fail if Synapse metrics or Prometheus Node Exporter not enabled - fail: - msg: > - You need to enable `matrix_prometheus_scraper_synapse_enabled` and/or `matrix_prometheus_scraper_node_enabled` for Prometheus grab metrics. - when: "not matrix_prometheus_scraper_synapse_enabled and not matrix_prometheus_scraper_node_enabled" diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/matrix-prometheus/templates/prometheus.yml.j2 deleted file mode 100644 index 869b2da8..00000000 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ /dev/null @@ -1,59 +0,0 @@ -#jinja2: lstrip_blocks: "True" -global: - scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. - evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. - # scrape_timeout is set to the global default (10s). - -# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. -rule_files: - {% if matrix_prometheus_scraper_synapse_rules_enabled %} - - 'synapse-v2.rules' - {% endif %} - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: - # The job name is added as a label `job=` to any timeseries scraped from this config. - - job_name: 'prometheus' - - # Override the global default and scrape targets from this job every 5 seconds. - scrape_interval: 5s - scrape_timeout: 5s - - # metrics_path defaults to '/metrics' - # scheme defaults to 'http'. - - static_configs: - - targets: ['localhost:9090'] - - {% if matrix_prometheus_scraper_synapse_enabled %} - - job_name: 'synapse' - metrics_path: '/_synapse/metrics' - static_configs: - - targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }} - labels: - instance: {{ matrix_domain }} - job: master - index: 0 - {% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %} - {% if worker.metrics_port != 0 %} - - targets: ['matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}'] - labels: - instance: {{ matrix_domain }} - job: {{ worker.type }} - index: {{ worker.instanceId }} - {% endif %} - {% endfor %} - {% endif %} - - {% if matrix_prometheus_scraper_node_enabled %} - - job_name: node - static_configs: - - targets: {{ matrix_prometheus_scraper_node_targets|to_json }} - {% endif %} - - {% if matrix_prometheus_scraper_postgres_enabled %} - - job_name: postgres - static_configs: - - targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }} - {% endif %} diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 deleted file mode 100644 index ad75d664..00000000 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-prometheus -{% for service in matrix_prometheus_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_prometheus_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' - - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - {% if matrix_prometheus_container_http_host_bind_port %} - -p {{ matrix_prometheus_container_http_host_bind_port }}:9090 \ - {% endif %} - -v {{ matrix_prometheus_config_path }}:/etc/prometheus:z \ - -v {{ matrix_prometheus_data_path }}:/prometheus:z \ - {% for arg in matrix_prometheus_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_prometheus_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-prometheus - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml deleted file mode 100644 index e03891b2..00000000 --- a/roles/matrix-registration/defaults/main.yml +++ /dev/null @@ -1,116 +0,0 @@ -# matrix-registration is a simple python application to have a token based matrix registration -# See: https://zeratax.github.io/matrix-registration/ - -matrix_registration_enabled: true - -matrix_registration_container_image_self_build: false -matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration" -matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}" - -matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration" -matrix_registration_config_path: "{{ matrix_registration_base_path }}/config" -matrix_registration_data_path: "{{ matrix_registration_base_path }}/data" -matrix_registration_docker_src_files_path: "{{ matrix_registration_base_path }}/docker-src" - -matrix_registration_version: "v0.7.2" - -matrix_registration_docker_image: "{{ matrix_registration_docker_image_name_prefix }}zeratax/matrix-registration:{{ matrix_registration_version }}" -matrix_registration_docker_image_name_prefix: "{{ 'localhost/' if matrix_registration_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_registration_docker_image_force_pull: "{{ matrix_registration_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_registration_container_extra_arguments: [] - -# List of systemd services that matrix-registration.service depends on -matrix_registration_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-registration.service wants -matrix_registration_systemd_wanted_services_list: [] - -# Controls whether the matrix-registration container exposes its HTTP port (tcp/5000 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8767"), or empty string to not expose. -matrix_registration_container_http_host_bind_port: '' - -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_registration_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_registration_postgres_*` variables -matrix_registration_database_engine: 'sqlite' - -matrix_registration_sqlite_database_path_local: "{{ matrix_registration_data_path }}/db.sqlite3" -matrix_registration_sqlite_database_path_in_container: "/data/db.sqlite3" - -matrix_registration_database_username: 'matrix_registration' -matrix_registration_database_password: 'some-password' -matrix_registration_database_hostname: 'matrix-postgres' -matrix_registration_database_port: 5432 -matrix_registration_database_name: 'matrix_registration' - -matrix_registration_database_connection_string: 'postgresql://{{ matrix_registration_database_username }}:{{ matrix_registration_database_password }}@{{ matrix_registration_database_hostname }}:{{ matrix_registration_database_port }}/{{ matrix_registration_database_name }}' - -# For some reason, matrix-registraiton expects the `db` field to be like this: `sqlite:////data/db.sqlite3`. -# (seems like one too many slashes, but..) -matrix_registration_db: "{{ - { - 'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container), - 'postgres': matrix_registration_database_connection_string, - }[matrix_registration_database_engine] -}}" - - -# The path at which Matrix Registration will be exposed on `matrix.DOMAIN` -# (only applies when matrix-nginx-proxy is used). -matrix_registration_public_endpoint: /matrix-registration - -matrix_registration_base_url: "{{ matrix_registration_public_endpoint }}" - -matrix_registration_api_register_endpoint: "{{ matrix_homeserver_url }}{{ matrix_registration_public_endpoint }}/register" -matrix_registration_api_token_endpoint: "{{ matrix_homeserver_url }}{{ matrix_registration_public_endpoint }}/token" - -matrix_registration_api_validate_certs: true - -# The URL to your homeserver (e.g.: `https://matrix.DOMAIN`). -# A local (in-container address) is preferable. -matrix_registration_server_location: "" - -matrix_registration_server_name: "{{ matrix_domain }}" - -# matrix_registration_shared_secret needs to match the homeserver's registration secret. -# For Synapse, that's the `registration_shared_secret` setting. -matrix_registration_shared_secret: "" - -# matrix_registration_admin_secret is your own admin secret for using matrix-registration (creating new tokens, etc.) -matrix_registration_admin_secret: "" - -matrix_registration_riot_instance: "https://riot.im/app/" - -# Default matrix-registration configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_registration_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_registration_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" - -matrix_registration_configuration_extension_yaml: | - # Your custom YAML configuration for registration goes here. - # This configuration extends the default starting configuration (`matrix_registration_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_registration_configuration_yaml`. - # - # Example configuration extension follows: - # - # password: - # min_length: 12 - -matrix_registration_configuration_extension: "{{ matrix_registration_configuration_extension_yaml|from_yaml if matrix_registration_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final matrix-registration configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_registration_configuration_yaml`. -matrix_registration_configuration: "{{ matrix_registration_configuration_yaml|from_yaml|combine(matrix_registration_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/matrix-registration/tasks/generate_token.yml deleted file mode 100644 index ae5bdf4c..00000000 --- a/roles/matrix-registration/tasks/generate_token.yml +++ /dev/null @@ -1,50 +0,0 @@ -- name: Fail if playbook called incorrectly - fail: - msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars" - when: "one_time is not defined or one_time not in ['yes', 'no']" - -- name: Fail if playbook called incorrectly - fail: - msg: "The `ex_date` variable (expiration date) needs to be provided to this playbook, via --extra-vars" - when: "ex_date is not defined or ex_date == ''" - -- name: Call matrix-registration token creation API - uri: - url: "{{ matrix_registration_api_token_endpoint }}" - follow_redirects: none - validate_certs: "{{ matrix_registration_api_validate_certs }}" - headers: - Content-Type: application/json - Authorization: "SharedSecret {{ matrix_registration_admin_secret }}" - method: POST - body_format: json - body: | - { - "one_time": {{ 'true' if one_time == 'yes' else 'false' }}, - "ex_date": {{ ex_date|to_json }} - } - check_mode: no - register: matrix_registration_api_result - -- set_fact: - matrix_registration_api_result_message: >- - matrix-registration result: - - Direct registration link (with the token prefilled): - - {{ matrix_registration_api_register_endpoint }}?token={{ matrix_registration_api_result.json.name }} - - Full token details are: - - {{ matrix_registration_api_result.json }} - check_mode: no - -- name: Inject result message into matrix_playbook_runtime_results - set_fact: - matrix_playbook_runtime_results: | - {{ - matrix_playbook_runtime_results|default([]) - + - [matrix_registration_api_result_message] - }} - check_mode: no diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml deleted file mode 100644 index 5ab93910..00000000 --- a/roles/matrix-registration/tasks/init.yml +++ /dev/null @@ -1,68 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" - when: matrix_registration_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - set_fact: - matrix_registration_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; - rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; - - location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-registration:5000"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8767/$1; - {% endif %} - - {# - Workaround matrix-registration serving the background image at /static - (see https://github.com/ZerataX/matrix-registration/issues/47) - #} - sub_filter_once off; - sub_filter_types text/css; - sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; - } - - - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_registration_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_registration_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` - URL endpoint to the matrix-registration container. - You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. - when: "matrix_registration_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/matrix-registration/tasks/list_tokens.yml deleted file mode 100644 index dea3eb31..00000000 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ /dev/null @@ -1,29 +0,0 @@ -- name: Call matrix-registration list all tokens API - uri: - url: "{{ matrix_registration_api_token_endpoint }}" - follow_redirects: none - validate_certs: "{{ matrix_registration_api_validate_certs }}" - headers: - Content-Type: application/json - Authorization: "SharedSecret {{ matrix_registration_admin_secret }}" - method: GET - body_format: json - check_mode: no - register: matrix_registration_api_result - -- set_fact: - matrix_registration_api_result_message: >- - matrix-registration result: - - {{ matrix_registration_api_result.json | to_nice_json }} - check_mode: no - -- name: Inject result message into matrix_playbook_runtime_results - set_fact: - matrix_playbook_runtime_results: | - {{ - matrix_playbook_runtime_results|default([]) - + - [matrix_registration_api_result_message] - }} - check_mode: no diff --git a/roles/matrix-registration/tasks/main.yml b/roles/matrix-registration/tasks/main.yml deleted file mode 100644 index 3324e083..00000000 --- a/roles/matrix-registration/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" - tags: - - setup-all - - setup-matrix-registration - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" - tags: - - setup-all - - setup-matrix-registration - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_registration_enabled|bool" - tags: - - setup-all - - setup-matrix-registration - -- import_tasks: "{{ role_path }}/tasks/generate_token.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" - tags: - - generate-matrix-registration-token - -- import_tasks: "{{ role_path }}/tasks/list_tokens.yml" - when: "run_setup|bool and matrix_registration_enabled|bool" - tags: - - list-matrix-registration-tokens diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml deleted file mode 100644 index 0d7da9ce..00000000 --- a/roles/matrix-registration/tasks/setup_install.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- - -- set_fact: - matrix_registration_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_registration_sqlite_database_path_local }}" - register: matrix_registration_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_registration_sqlite_database_path_local }}" - dst: "{{ matrix_registration_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_registration_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-registration.service'] - # pgloader makes `ex_date` of type `TIMESTAMP WITH TIMEZONE`, - # which makes matrix-registration choke on it later on when comparing dates. - additional_psql_statements_list: - - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE; - additional_psql_statements_db_name: "{{ matrix_registration_database_name }}" - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_registration_requires_restart: true - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_registration_database_engine == 'postgres'" - -- name: Ensure matrix-registration paths exist - file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_registration_base_path }}", when: true } - - { path: "{{ matrix_registration_config_path }}", when: true } - - { path: "{{ matrix_registration_data_path }}", when: true } - - { path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"} - when: "item.when|bool" - -- name: Ensure matrix-registration image is pulled - docker_image: - name: "{{ matrix_registration_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" - when: "not matrix_registration_container_image_self_build|bool" - -- name: Ensure matrix-registration repository is present when self-building - git: - repo: "{{ matrix_registration_container_image_self_build_repo }}" - dest: "{{ matrix_registration_docker_src_files_path }}" - version: "{{ matrix_registration_container_image_self_build_branch }}" - force: "yes" - register: matrix_registration_git_pull_results - when: "matrix_registration_container_image_self_build|bool" - -- name: Ensure matrix-registration Docker image is built - docker_image: - name: "{{ matrix_registration_docker_image }}" - source: build - force_source: "{{ matrix_registration_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_registration_docker_src_files_path }}" - pull: yes - when: "matrix_registration_container_image_self_build|bool" - -- name: Ensure matrix-registration config installed - copy: - content: "{{ matrix_registration_configuration|to_nice_yaml }}" - dest: "{{ matrix_registration_config_path }}/config.yaml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-registration.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-registration.service" - mode: 0644 - register: matrix_registration_systemd_service_result - -- name: Ensure systemd reloaded after matrix-registration.service installation - service: - daemon_reload: yes - when: "matrix_registration_systemd_service_result.changed|bool" - -- name: Ensure matrix-registration.service restarted, if necessary - service: - name: "matrix-registration.service" - state: restarted - when: "matrix_registration_requires_restart|bool" diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml deleted file mode 100644 index 573f8170..00000000 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -- name: Check existence of matrix-registration service - stat: - path: "{{ matrix_systemd_path }}/matrix-registration.service" - register: matrix_registration_service_stat - -- name: Ensure matrix-registration is stopped - service: - name: matrix-registration - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_registration_service_stat.stat.exists|bool" - -- name: Ensure matrix-registration.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-registration.service" - state: absent - when: "matrix_registration_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-registration.service removal - service: - daemon_reload: yes - when: "matrix_registration_service_stat.stat.exists|bool" - -- name: Ensure matrix-registration Docker image doesn't exist - docker_image: - name: "{{ matrix_registration_docker_image }}" - state: absent diff --git a/roles/matrix-registration/tasks/validate_config.yml b/roles/matrix-registration/tasks/validate_config.yml deleted file mode 100644 index 90466b46..00000000 --- a/roles/matrix-registration/tasks/validate_config.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Fail if required matrix-registration settings not defined - fail: - msg: > - You need to define a required configuration setting (`{{ item }}`) for using matrix-registration. - when: "vars[item] == ''" - with_items: - - "matrix_registration_shared_secret" - - "matrix_registration_admin_secret" - - "matrix_registration_server_location" - -- name: (Deprecation) Catch and report renamed settings - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_registration_docker_repo', 'new': 'matrix_registration_container_image_self_build_repo'} diff --git a/roles/matrix-registration/templates/config.yaml.j2 b/roles/matrix-registration/templates/config.yaml.j2 deleted file mode 100644 index 39211b24..00000000 --- a/roles/matrix-registration/templates/config.yaml.j2 +++ /dev/null @@ -1,31 +0,0 @@ -server_location: {{ matrix_registration_server_location|to_json }} -server_name: {{ matrix_registration_server_name|to_json }} -shared_secret: {{ matrix_registration_shared_secret|to_json }} -admin_secret: {{ matrix_registration_admin_secret|to_json }} -riot_instance: {{ matrix_registration_riot_instance|to_json }} -db: {{ matrix_registration_db|to_json }} -host: '0.0.0.0' -port: 5000 -rate_limit: ["100 per day", "10 per minute"] -allow_cors: false -logging: - disable_existing_loggers: False - version: 1 - root: - level: DEBUG - handlers: [console] - formatters: - brief: - format: '%(name)s - %(levelname)s - %(message)s' - precise: - format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s' - handlers: - console: - class: logging.StreamHandler - level: INFO - formatter: brief - stream: ext://sys.stdout -# password requirements -password: - min_length: 8 -base_url: {{ matrix_registration_base_url|to_json }} diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 deleted file mode 100644 index e73e3e5f..00000000 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-registration -{% for service in matrix_registration_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_registration_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_registration_container_http_host_bind_port %} - -p {{ matrix_registration_container_http_host_bind_port }}:5000 \ - {% endif %} - --mount type=bind,src={{ matrix_registration_config_path }},dst=/config,ro \ - --mount type=bind,src={{ matrix_registration_data_path }},dst=/data \ - {% for arg in matrix_registration_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_registration_docker_image }} \ - serve - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-registration - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml deleted file mode 100644 index 70d530f8..00000000 --- a/roles/matrix-sygnal/defaults/main.yml +++ /dev/null @@ -1,75 +0,0 @@ -# Sygnal is a reference Push Gateway for Matrix. -# To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app. -# Learn more here: https://github.com/matrix-org/sygnal -matrix_sygnal_enabled: false - -matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" -matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" -matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" - -matrix_sygnal_version: v0.10.1 -matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}" -matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}" - -# List of systemd services that matrix-sygnal.service depends on. -matrix_sygnal_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-sygnal.service wants -matrix_sygnal_systemd_wanted_services_list: [] - -# Controls whether the matrix-sygnal container exposes its HTTP port (tcp/6000 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:6000"), or empty string to not expose. -matrix_sygnal_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container -matrix_sygnal_container_extra_arguments: [] - -# A map (dictionary) of apps instances that this server works with. -# -# Example configuration: -# -# matrix_sygnal_apps: -# com.example.myapp.ios: -# type: apns -# # .. more configuration .. -# com.example.myapp.android: -# type: gcm -# api_key: your_api_key_for_gcm -# # .. more configuration .. -# -# The APNS configuration needs to reference some certificate files. -# One can put these in the `matrix_sygnal_data_path` directory (`/matrix/sygnal/data`), mounted to `/data` in the container. -# The `matrix_sygnal_apps` paths need to use the in-container path (`/data`). -# To install these files via the playbook, one can use the `matrix-aux` role. -# Examples and more details are available in `docs/configuring-playbook-sygnal.md`. -matrix_sygnal_apps: [] - -matrix_sygnal_metrics_prometheus_enabled: false - -# Default Sygnal configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_sygnal_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_sygnal_configuration_yaml: "{{ lookup('template', 'templates/sygnal.yaml.j2') }}" - -matrix_sygnal_configuration_extension_yaml: | - # Your custom YAML configuration for Sygnal goes here. - # This configuration extends the default starting configuration (`matrix_sygnal_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_sygnal_configuration_yaml`. - # - # Example configuration extension follows: - # metrics: - # opentracing: - # enabled: true - -matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension_yaml|from_yaml if matrix_sygnal_configuration_extension_yaml|from_yaml is mapping else {} }}" - -# Holds the final sygnal configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_sygnal_configuration_yaml`. -matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml|from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/matrix-sygnal/tasks/init.yml deleted file mode 100644 index 559a3681..00000000 --- a/roles/matrix-sygnal/tasks/init.yml +++ /dev/null @@ -1,3 +0,0 @@ -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" - when: matrix_sygnal_enabled|bool diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/matrix-sygnal/tasks/main.yml deleted file mode 100644 index c00862a4..00000000 --- a/roles/matrix-sygnal/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool - tags: - - setup-all - - setup-sygnal - -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup|bool and matrix_sygnal_enabled|bool - tags: - - setup-all - - setup-sygnal - -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup|bool and not matrix_sygnal_enabled|bool - tags: - - setup-all - - setup-sygnal diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml deleted file mode 100644 index b85b6bff..00000000 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- - -- name: Ensure Sygnal image is pulled - docker_image: - name: "{{ matrix_sygnal_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" - -- name: Ensure Sygnal paths exists - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_sygnal_base_path }}" - - "{{ matrix_sygnal_config_path }}" - - "{{ matrix_sygnal_data_path }}" - -- name: Ensure Sygnal config installed - copy: - content: "{{ matrix_sygnal_configuration|to_nice_yaml }}" - dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml" - mode: 0640 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-sygnal.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-sygnal.service" - mode: 0644 - register: matrix_sygnal_systemd_service_result - -- name: Ensure systemd reloaded after matrix-sygnal.service installation - service: - daemon_reload: yes - when: "matrix_sygnal_systemd_service_result.changed|bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml deleted file mode 100644 index dc50078c..00000000 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Check existence of matrix-sygnal service - stat: - path: "{{ matrix_systemd_path }}/matrix-sygnal.service" - register: matrix_sygnal_service_stat - -- name: Ensure matrix-sygnal is stopped - service: - name: matrix-sygnal - state: stopped - daemon_reload: yes - register: stopping_result - when: "matrix_sygnal_service_stat.stat.exists|bool" - -- name: Ensure matrix-sygnal.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-sygnal.service" - state: absent - when: "matrix_sygnal_service_stat.stat.exists|bool" - -- name: Ensure systemd reloaded after matrix-sygnal.service removal - service: - daemon_reload: yes - when: "matrix_sygnal_service_stat.stat.exists|bool" - -- name: Ensure Sygnal base directory doesn't exist - file: - path: "{{ matrix_sygnal_base_path }}" - state: absent - -- name: Ensure Sygnal Docker image doesn't exist - docker_image: - name: "{{ matrix_sygnal_docker_image }}" - state: absent diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml deleted file mode 100644 index 1cf8357e..00000000 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Fail if no Sygnal apps defined - fail: - msg: >- - Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` - when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" diff --git a/roles/matrix-sygnal/templates/sygnal.yaml.j2 b/roles/matrix-sygnal/templates/sygnal.yaml.j2 deleted file mode 100644 index bb81ea9a..00000000 --- a/roles/matrix-sygnal/templates/sygnal.yaml.j2 +++ /dev/null @@ -1,237 +0,0 @@ -## -# This is a configuration for Sygnal, the reference Push Gateway for Matrix -# See: matrix.org -## - -## Logging # -# -log: - # Specify a Python logging 'dictConfig', as described at: - # https://docs.python.org/3.7/library/logging.config.html#logging.config.dictConfig - # - setup: - version: 1 - formatters: - normal: - format: "%(asctime)s [%(process)d] %(levelname)-5s %(name)s %(message)s" - handlers: - # This handler prints to Standard Error - # - stderr: - class: "logging.StreamHandler" - formatter: "normal" - stream: "ext://sys.stderr" - - # This handler prints to Standard Output. - # - stdout: - class: "logging.StreamHandler" - formatter: "normal" - stream: "ext://sys.stdout" - - # This handler demonstrates logging to a text file on the filesystem. - # You can use logrotate(8) to perform log rotation. - # - #file: - # class: "logging.handlers.WatchedFileHandler" - # formatter: "normal" - # filename: "./sygnal.log" - loggers: - # sygnal.access contains the access logging lines. - # Comment out this section if you don't want to give access logging - # any special treatment. - # - sygnal.access: - propagate: false - handlers: ["stdout"] - level: "INFO" - - # sygnal contains log lines from Sygnal itself. - # You can comment out this section to fall back to the root logger. - # - sygnal: - propagate: false - handlers: ["stderr"] - - root: - # Specify the handler(s) to send log messages to. - handlers: ["stderr"] - level: "INFO" - - disable_existing_loggers: false - - - access: - # Specify whether or not to trust the IP address in the `X-Forwarded-For` - # header. In general, you want to enable this if and only if you are using a - # reverse proxy which is configured to emit it. - # - x_forwarded_for: true - -## HTTP Server (Matrix Push Gateway API) # -# -http: - # Specify a list of interface addresses to bind to. - # - # This example listens on the IPv4 loopback device: - #bind_addresses: ['127.0.0.1'] - # This example listens on all IPv4 interfaces: - #bind_addresses: ['0.0.0.0'] - # This example listens on all IPv4 and IPv6 interfaces: - #bind_addresses: ['0.0.0.0', '::'] - bind_addresses: ['::'] - - # Specify the port number to listen on. - # - port: 6000 - -## Proxying for outgoing connections # -# -# Specify the URL of a proxy to use for outgoing traffic -# (e.g. to Apple & Google) if desired. -# Currently only HTTP proxies with CONNECT capability are supported. -# -# If you do not specify a value, the `HTTPS_PROXY` environment variable will -# be used if present. Otherwise, no proxy will be used. -# -# Default is unspecified. -# -#proxy: 'http://user:secret@prox:8080' - -## Metrics # -# -metrics: - ## Prometheus # - # - prometheus: - # Specify whether or not to enable Prometheus. - # - enabled: false - - # Specify an address for the Prometheus HTTP Server to listen on. - # - address: '0.0.0.0' - - # Specify a port for the Prometheus HTTP Server to listen on. - # - port: 8000 - - ## OpenTracing # - # - opentracing: - # Specify whether or not to enable OpenTracing. - # - enabled: false - - # Specify an implementation of OpenTracing to use. Currently only 'jaeger' - # is supported. - # - implementation: jaeger - - # Specify the service name to be reported to the tracer. - # - service_name: sygnal - - # Specify configuration values to pass to jaeger_client. - # - jaeger: - sampler: - type: 'const' - param: 1 -# local_agent: -# reporting_host: '127.0.0.1' -# reporting_port: - logging: true - - ## Sentry # - # - sentry: - # Specify whether or not to enable Sentry. - # - enabled: false - - # Specify your Sentry DSN if you enable Sentry - # - #dsn: "https://@sentry.example.org/" - -## Pushkins/Apps # -# -# Add a section for every push application here. -# Specify the pushkey for the application and also the type. -# For the type, you may specify a fully-qualified Python classname if desired. -# -#apps: - # This is an example APNs push configuration - # - #com.example.myapp.ios: - # type: apns - # - # # Authentication - # # - # # Two methods of authentication to APNs are currently supported. - # # - # # You can authenticate using a key: - # keyfile: my_key.p8 - # key_id: MY_KEY_ID - # team_id: MY_TEAM_ID - # topic: MY_TOPIC - # - # # Or, a certificate can be used instead: - # certfile: com.example.myApp_prod_APNS.pem - # - # # This is the maximum number of in-flight requests *for this pushkin* - # # before additional notifications will be failed. - # # (This is a robustness measure to prevent one pushkin stacking up with - # # queued requests and saturating the inbound connection queue of a load - # # balancer or reverse proxy). - # # Defaults to 512 if unset. - # # - # #inflight_request_limit: 512 - # - # # Specifies whether to use the production or sandbox APNs server. Note that - # # sandbox tokens should only be used with the sandbox server and vice versa. - # # - # # Valid options are: - # # * production - # # * sandbox - # # - # # The default is 'production'. Uncomment to use the sandbox instance. - # #platform: sandbox - - # This is an example GCM/FCM push configuration. - # - #com.example.myapp.android: - # type: gcm - # api_key: your_api_key_for_gcm - # - # # This is the maximum number of connections to GCM servers at any one time - # # the default is 20. - # #max_connections: 20 - # - # # This is the maximum number of in-flight requests *for this pushkin* - # # before additional notifications will be failed. - # # (This is a robustness measure to prevent one pushkin stacking up with - # # queued requests and saturating the inbound connection queue of a load - # # balancer or reverse proxy). - # # Defaults to 512 if unset. - # # - # #inflight_request_limit: 512 - # - # # This allows you to specify additional options to send to Firebase. - # # - # # Of particular interest, admins who wish to support iOS apps using Firebase - # # probably wish to set content_available, and may need to set mutable_content. - # # (content_available allows your iOS app to be woken up by data messages, - # # and mutable_content allows your notification to be modified by a - # # Notification Service app extension). - # # - # # See https://firebase.google.com/docs/cloud-messaging/http-server-ref - # # for the exhaustive list of valid options. - # # - # # Do not specify `data`, `priority`, `to` or `registration_ids` as they may - # # be overwritten or lead to an invalid request. - # # - # #fcm_options: - # # content_available: true - # # mutable_content: true -apps: {{ matrix_sygnal_apps|to_json }} diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 deleted file mode 100644 index 019ab40c..00000000 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Sygnal -{% for service in matrix_sygnal_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_sygnal_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env=SYGNAL_CONF=/config/sygnal.yaml \ - --network={{ matrix_docker_network }} \ - {% if matrix_sygnal_container_http_host_bind_port %} - -p {{ matrix_sygnal_container_http_host_bind_port }}:6000 \ - {% endif %} - --mount type=bind,src={{ matrix_sygnal_config_path }},dst=/config \ - --mount type=bind,src={{ matrix_sygnal_data_path }},dst=/data \ - {% for arg in matrix_sygnal_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_sygnal_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-sygnal - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml deleted file mode 100644 index 069b6279..00000000 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ -# matrix-synapse-admin is a web UI for mananging the Synapse Matrix server -# See: https://github.com/Awesome-Technologies/synapse-admin - -matrix_synapse_admin_enabled: true - -matrix_synapse_admin_container_self_build: false -matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Technologies/synapse-admin.git" - -matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" - -matrix_synapse_admin_version: 0.8.1 -matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" -matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_synapse_admin_container_extra_arguments: [] - -# List of systemd services that matrix-synapse-admin.service depends on -matrix_synapse_admin_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-synapse-admin.service wants -matrix_synapse_admin_systemd_wanted_services_list: [] - -# Controls whether the matrix-synapse-admin container exposes its HTTP port (tcp/80 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:8766"), or empty string to not expose. -matrix_synapse_admin_container_http_host_bind_port: '' - -# The path at which Synapse Admin will be exposed on `matrix.DOMAIN` -# (only applies when matrix-nginx-proxy is used). -matrix_synapse_admin_public_endpoint: /synapse-admin diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml deleted file mode 100644 index e1912871..00000000 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ /dev/null @@ -1,59 +0,0 @@ -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_self_build and matrix_synapse_admin_enabled" - -- set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" - when: matrix_synapse_admin_enabled|bool - -- block: - - name: Fail if matrix-nginx-proxy role already executed - fail: - msg: >- - Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed|default(False)|bool - - - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - set_fact: - matrix_synapse_admin_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; - - location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-admin:80"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8766/$1; - {% endif %} - } - - - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_synapse_admin_matrix_nginx_proxy_configuration] - }} - tags: - - always - when: matrix_synapse_admin_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` - URL endpoint to the matrix-synapse-admin container. - You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. - when: "matrix_synapse_admin_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/matrix-synapse-admin/tasks/main.yml deleted file mode 100644 index b5cb1689..00000000 --- a/roles/matrix-synapse-admin/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -- import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool - tags: - - setup-all - - setup-synapse-admin - -- import_tasks: "{{ role_path }}/tasks/setup.yml" - tags: - - setup-all - - setup-synapse-admin diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml deleted file mode 100644 index 6fb47fb3..00000000 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-synapse-admin -# - -- name: Ensure matrix-synapse-admin image is pulled - docker_image: - name: "{{ matrix_synapse_admin_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" - when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_self_build|bool" - -- name: Ensure matrix-synapse-admin repository is present when self-building - git: - repo: "{{ matrix_synapse_admin_container_self_build_repo }}" - dest: "{{ matrix_synapse_admin_docker_src_files_path }}" - version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" - force: "yes" - register: matrix_synapse_admin_git_pull_results - when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool" - -- name: Ensure matrix-synapse-admin Docker image is built - docker_image: - name: "{{ matrix_synapse_admin_docker_image }}" - source: build - force_source: "{{ matrix_synapse_admin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_synapse_admin_docker_src_files_path }}" - pull: yes - when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool" - -- name: Ensure matrix-synapse-admin.service installed - template: - src: "{{ role_path }}/templates/systemd/matrix-synapse-admin.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" - mode: 0644 - register: matrix_synapse_admin_systemd_service_result - when: matrix_synapse_admin_enabled|bool - -- name: Ensure systemd reloaded after matrix-synapse-admin.service installation - service: - daemon_reload: yes - when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-synapse-admin (if it was previously enabled) -# - -- name: Check existence of matrix-synapse-admin service - stat: - path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" - register: matrix_synapse_admin_service_stat - -- name: Ensure matrix-synapse-admin is stopped - service: - name: matrix-synapse-admin - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - -- name: Ensure matrix-synapse-admin.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" - state: absent - when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-synapse-admin.service removal - service: - daemon_reload: yes - when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" - -- name: Ensure matrix-synapse-admin Docker image doesn't exist - docker_image: - name: "{{ matrix_synapse_admin_docker_image }}" - state: absent - when: "not matrix_synapse_admin_enabled|bool" diff --git a/roles/matrix-synapse-admin/tasks/validate_config.yml b/roles/matrix-synapse-admin/tasks/validate_config.yml deleted file mode 100644 index e08680e0..00000000 --- a/roles/matrix-synapse-admin/tasks/validate_config.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: (Deprecation) Catch and report renamed settings - fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'} diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 deleted file mode 100644 index 4823d89c..00000000 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-synapse-admin -{% for service in matrix_synapse_admin_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_synapse_admin_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \ - --log-driver=none \ - --cap-drop=ALL \ - --cap-add=CHOWN \ - --cap-add=NET_BIND_SERVICE \ - --cap-add=SETUID \ - --cap-add=SETGID \ - --network={{ matrix_docker_network }} \ - {% if matrix_synapse_admin_container_http_host_bind_port %} - -p {{ matrix_synapse_admin_container_http_host_bind_port }}:80 \ - {% endif %} - {% for arg in matrix_synapse_admin_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_synapse_admin_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-synapse-admin - -[Install] -WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 42613d96..f5e9ec2a 100755 --- a/setup.yml +++ b/setup.yml @@ -7,54 +7,14 @@ - roles/matrix-synapse/vars/workers.yml roles: - - matrix-awx - matrix-base - - matrix-dynamic-dns - matrix-mailer - matrix-postgres - matrix-redis - - matrix-corporal - - matrix-bridge-appservice-discord - - matrix-bridge-appservice-slack - - matrix-bridge-appservice-webhooks - - matrix-bridge-appservice-irc - - matrix-bridge-beeper-linkedin - - matrix-bridge-mautrix-facebook - - matrix-bridge-mautrix-hangouts - - matrix-bridge-mautrix-googlechat - - matrix-bridge-mautrix-instagram - - matrix-bridge-mautrix-signal - - matrix-bridge-mautrix-telegram - - matrix-bridge-mautrix-whatsapp - - matrix-bridge-mx-puppet-discord - - matrix-bridge-mx-puppet-groupme - - matrix-bridge-mx-puppet-steam - - matrix-bridge-mx-puppet-skype - - matrix-bridge-mx-puppet-slack - - matrix-bridge-mx-puppet-twitter - - matrix-bridge-mx-puppet-instagram - - matrix-bridge-sms - - matrix-bridge-heisenbridge - - matrix-bot-matrix-reminder-bot - - matrix-bot-go-neb - - matrix-bot-mjolnir - matrix-synapse - - matrix-synapse-admin - - matrix-prometheus-node-exporter - - matrix-prometheus - - matrix-grafana - - matrix-registration - matrix-client-element - - matrix-client-hydrogen - - matrix-jitsi - - matrix-ma1sd - - matrix-dimension - - matrix-etherpad - - matrix-email2matrix - - matrix-sygnal - matrix-nginx-proxy - matrix-coturn - matrix-aux - matrix-postgres-backup - - matrix-prometheus-postgres-exporter - matrix-common-after