From d05e42fe18909818c5bf1b70905938fb5fde0202 Mon Sep 17 00:00:00 2001 From: uumas Date: Wed, 19 Apr 2023 01:45:05 +0300 Subject: [PATCH] add extras role --- roles/extras/defaults/main.yml | 25 ++++ roles/extras/handlers/main.yml | 11 ++ roles/extras/tasks/alembic.yml | 7 + roles/extras/tasks/appservice.yml | 29 ++++ roles/extras/tasks/general.yml | 63 +++++++++ roles/extras/tasks/main.yml | 12 ++ roles/extras/tasks/maubot.yml | 11 ++ roles/extras/tasks/mautrix-whatsapp.yml | 15 ++ roles/extras/tasks/npm.yml | 13 ++ roles/extras/tasks/pip.yml | 11 ++ roles/extras/tasks/repo.yml | 18 +++ roles/extras/tasks/signald.yml | 28 ++++ roles/extras/templates/config/.last-updated | 1 + roles/extras/templates/config/README.md | 34 +++++ roles/extras/templates/config/maubot.yaml.j2 | 14 ++ .../templates/config/mautrix-bridge.yaml.j2 | 128 ++++++++++++++++++ .../templates/config/mautrix-facebook.yaml.j2 | 9 ++ .../config/mautrix-googlechat.yaml.j2 | 12 ++ .../config/mautrix-instagram.yaml.j2 | 13 ++ .../templates/config/mautrix-signal.yaml.j2 | 17 +++ .../templates/config/mautrix-telegram.yaml.j2 | 31 +++++ .../templates/config/mautrix-whatsapp.yaml.j2 | 83 ++++++++++++ .../config/mx-puppet-discord.yaml.j2 | 91 +++++++++++++ .../templates/config/mx-puppet-slack.yaml.j2 | 84 ++++++++++++ roles/extras/templates/matrix-extra.service | 20 +++ roles/extras/templates/signald-env | 3 + roles/extras/vars/defaults.yml | 11 ++ roles/extras/vars/maubot.yml | 15 ++ roles/extras/vars/mautrix-facebook.yml | 30 ++++ roles/extras/vars/mautrix-googlechat.yml | 29 ++++ roles/extras/vars/mautrix-instagram.yml | 30 ++++ roles/extras/vars/mautrix-signal.yml | 34 +++++ roles/extras/vars/mautrix-telegram.yml | 35 +++++ roles/extras/vars/mautrix-whatsapp.yml | 16 +++ roles/extras/vars/mx-puppet-discord.yml | 17 +++ roles/extras/vars/mx-puppet-slack.yml | 17 +++ 36 files changed, 1017 insertions(+) create mode 100644 roles/extras/defaults/main.yml create mode 100644 roles/extras/handlers/main.yml create mode 100644 roles/extras/tasks/alembic.yml create mode 100644 roles/extras/tasks/appservice.yml create mode 100644 roles/extras/tasks/general.yml create mode 100644 roles/extras/tasks/main.yml create mode 100644 roles/extras/tasks/maubot.yml create mode 100644 roles/extras/tasks/mautrix-whatsapp.yml create mode 100644 roles/extras/tasks/npm.yml create mode 100644 roles/extras/tasks/pip.yml create mode 100644 roles/extras/tasks/repo.yml create mode 100644 roles/extras/tasks/signald.yml create mode 100644 roles/extras/templates/config/.last-updated create mode 100644 roles/extras/templates/config/README.md create mode 100644 roles/extras/templates/config/maubot.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-bridge.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-facebook.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-googlechat.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-instagram.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-signal.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-telegram.yaml.j2 create mode 100644 roles/extras/templates/config/mautrix-whatsapp.yaml.j2 create mode 100644 roles/extras/templates/config/mx-puppet-discord.yaml.j2 create mode 100644 roles/extras/templates/config/mx-puppet-slack.yaml.j2 create mode 100644 roles/extras/templates/matrix-extra.service create mode 100644 roles/extras/templates/signald-env create mode 100644 roles/extras/vars/defaults.yml create mode 100644 roles/extras/vars/maubot.yml create mode 100644 roles/extras/vars/mautrix-facebook.yml create mode 100644 roles/extras/vars/mautrix-googlechat.yml create mode 100644 roles/extras/vars/mautrix-instagram.yml create mode 100644 roles/extras/vars/mautrix-signal.yml create mode 100644 roles/extras/vars/mautrix-telegram.yml create mode 100644 roles/extras/vars/mautrix-whatsapp.yml create mode 100644 roles/extras/vars/mx-puppet-discord.yml create mode 100644 roles/extras/vars/mx-puppet-slack.yml diff --git a/roles/extras/defaults/main.yml b/roles/extras/defaults/main.yml new file mode 100644 index 0000000..f67f97d --- /dev/null +++ b/roles/extras/defaults/main.yml @@ -0,0 +1,25 @@ +--- + +matrix_bridge_name_suffix: 'bridge' +mautrix_whatsapp_web_name: 'Mautrix-WhatsApp bridge' +mautrix_whatsapp_web_shortname: 'mx-wa' + +matrix_bridge_ephemeral_events: true + +python_depends: + - build-essential + - python-setuptools + - python3-pip + - virtualenv + - python3-venv + - python3-virtualenv + - python3-setuptools + - python3-dev + - libpq-dev + +matrix_extra_repos: + signald: + repo: 'deb https://updates.signald.org unstable main' + key: + id: 'D89FFB45291229A410A1430A659475081F665F29' + url: 'https://updates.signald.org/apt-signing-key.asc' diff --git a/roles/extras/handlers/main.yml b/roles/extras/handlers/main.yml new file mode 100644 index 0000000..c0ddd6e --- /dev/null +++ b/roles/extras/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Restart synapse + ansible.builtin.systemd: + name: matrix-synapse.service + state: restarted + +- name: Restart matrix target + ansible.builtin.systemd: + name: matrix.target + state: restarted diff --git a/roles/extras/tasks/alembic.yml b/roles/extras/tasks/alembic.yml new file mode 100644 index 0000000..ee405de --- /dev/null +++ b/roles/extras/tasks/alembic.yml @@ -0,0 +1,7 @@ +--- + +- name: Alembic update database + ansible.builtin.command: /opt/{{ matrix_extra }}/bin/alembic -c /opt/{{ matrix_extra }}/alembic.ini -x config=/opt/{{ matrix_extra }}/config.yaml upgrade head + args: + chdir: /opt/{{ matrix_extra }} + when: install.changed diff --git a/roles/extras/tasks/appservice.yml b/roles/extras/tasks/appservice.yml new file mode 100644 index 0000000..ad31182 --- /dev/null +++ b/roles/extras/tasks/appservice.yml @@ -0,0 +1,29 @@ +--- + +- name: Generate registration file for {{ matrix_extra }} + ansible.builtin.command: "{{ registrationgen_exec }}" + args: + chdir: "{{ matrix_extra_workdir }}" + notify: Restart matrix target + when: config.changed or install.changed + become_user: "{{ matrix_extra }}" + +- name: Add appservice to synapse config - {{ matrix_extra }} + become_user: root + block: + - name: Ensure appservice config file present + ansible.builtin.lineinfile: + path: /etc/matrix-synapse/conf.d/appservice.yaml + line: 'app_service_config_files:' + regexp: '^app_service_config_files: *?$' + create: true + mode: 0644 + insertbefore: BOF + notify: Restart synapse + + - name: Configure appservice {{ matrix_extra }} + ansible.builtin.lineinfile: + path: '/etc/matrix-synapse/conf.d/appservice.yaml' + line: " - '/opt/{{ matrix_extra }}/appservice-registration.yaml'" + regexp: '^.*{{ matrix_extra }}.*$' + notify: Restart synapse diff --git a/roles/extras/tasks/general.yml b/roles/extras/tasks/general.yml new file mode 100644 index 0000000..690f961 --- /dev/null +++ b/roles/extras/tasks/general.yml @@ -0,0 +1,63 @@ +--- + +- name: Include defaults + ansible.builtin.include_vars: defaults.yml +- name: Include variables for {{ matrix_extra }} + ansible.builtin.include_vars: "{{ matrix_extra }}.yml" + +- name: Install dependencies for {{ matrix_extra }} + ansible.builtin.apt: + name: "{{ depends }}" + state: latest + +- name: Install dependencies from custom repos for {{ matrix_extra }} + ansible.builtin.include_tasks: repo.yml + when: repo_depends is defined + loop: "{{ repo_depends }}" + +- name: Create user for {{ matrix_extra }} + ansible.builtin.user: + name: "{{ matrix_extra }}" + system: true + home: /opt/{{ matrix_extra }} + shell: /bin/false + +- name: Configure {{ matrix_extra }} + become_user: "{{ matrix_extra }}" + block: + - name: Put config in place for {{ matrix_extra }} + ansible.builtin.template: + src: "config/{{ matrix_extra }}.yaml.j2" + dest: "/opt/{{ matrix_extra }}/config.yaml.ansibled" + mode: 0644 + backup: true + notify: Restart matrix target + register: config + - name: Put config in final destination for {{ matrix_extra }} + ansible.builtin.copy: + src: "/opt/{{ matrix_extra }}/config.yaml.ansibled" + dest: "/opt/{{ matrix_extra }}/config.yaml" + mode: 0644 + remote_src: true + when: config.changed + + - name: Include service-specific tasks + ansible.builtin.include_tasks: "{{ tasks }}.yml" + loop: "{{ matrix_extra_tasks }}" + loop_control: + loop_var: tasks + +- name: Put systemd unit in place for {{ matrix_extra }} + ansible.builtin.template: + src: 'matrix-extra.service' + dest: "/etc/systemd/system/{{ matrix_extra }}.service" + mode: 0644 + register: systemd_unit + +- name: Enable systemd unit {{ matrix_extra }} + ansible.builtin.systemd: + daemon_reload: true + name: "{{ matrix_extra }}.service" + enabled: true + state: restarted + when: systemd_unit.changed diff --git a/roles/extras/tasks/main.yml b/roles/extras/tasks/main.yml new file mode 100644 index 0000000..f4dbe9a --- /dev/null +++ b/roles/extras/tasks/main.yml @@ -0,0 +1,12 @@ +--- + +- name: Install common dependencies for matrix-extras + ansible.builtin.apt: + name: + - libolm-dev + +- name: Include general tasks for each extra + ansible.builtin.include_tasks: general.yml + loop: "{{ matrix_extras }}" + loop_control: + loop_var: matrix_extra diff --git a/roles/extras/tasks/maubot.yml b/roles/extras/tasks/maubot.yml new file mode 100644 index 0000000..491e38e --- /dev/null +++ b/roles/extras/tasks/maubot.yml @@ -0,0 +1,11 @@ +--- + +- name: Create required directories + ansible.builtin.file: + path: "/opt/maubot/{{ item }}" + state: directory + mode: 0755 + loop: + - plugins + - trash + - logs diff --git a/roles/extras/tasks/mautrix-whatsapp.yml b/roles/extras/tasks/mautrix-whatsapp.yml new file mode 100644 index 0000000..15eb0ca --- /dev/null +++ b/roles/extras/tasks/mautrix-whatsapp.yml @@ -0,0 +1,15 @@ +--- + +- name: Install latest mautrix-whatsapp release from github releases + ansible.builtin.get_url: + url: 'https://github.com/mautrix/whatsapp/releases/latest/download/mautrix-whatsapp-amd64' + dest: "/opt/mautrix-whatsapp/mautrix-whatsapp" + mode: '755' + +- name: Include appservice tasks + ansible.builtin.import_tasks: appservice.yml + +- name: Chmod registration file + ansible.builtin.file: + path: /opt/mautrix-whatsapp/appservice-registration.yaml + mode: '0644' diff --git a/roles/extras/tasks/npm.yml b/roles/extras/tasks/npm.yml new file mode 100644 index 0000000..a5df60d --- /dev/null +++ b/roles/extras/tasks/npm.yml @@ -0,0 +1,13 @@ +--- + +- name: Clone git repo for {{ matrix_extra }} + ansible.builtin.git: + repo: "{{ matrix_extra_git_repo }}" + dest: /opt/{{ matrix_extra }}/src + force: true + +- name: Install {{ matrix_extra }} + community.general.npm: + path: /opt/{{ matrix_extra }}/src + register: install + notify: Restart matrix target diff --git a/roles/extras/tasks/pip.yml b/roles/extras/tasks/pip.yml new file mode 100644 index 0000000..218bcb3 --- /dev/null +++ b/roles/extras/tasks/pip.yml @@ -0,0 +1,11 @@ +--- + +- name: Install {{ matrix_extra }} + ansible.builtin.pip: + chdir: '/opt/{{ matrix_extra }}' + name: "{{ pip_packages }}" + state: latest + virtualenv: "/opt/{{ matrix_extra }}" + virtualenv_python: '/usr/bin/python3' + register: install + notify: Restart matrix target diff --git a/roles/extras/tasks/repo.yml b/roles/extras/tasks/repo.yml new file mode 100644 index 0000000..f37612a --- /dev/null +++ b/roles/extras/tasks/repo.yml @@ -0,0 +1,18 @@ +--- + +- name: Add apt key {{ item.repo }} + ansible.builtin.apt_key: + id: "{{ matrix_extra_repos[item.repo].key.id }}" + url: "{{ matrix_extra_repos[item.repo].key.url }}" + when: matrix_extra_repos[item.repo].key is defined + +- name: Add repo {{ item.repo }} + ansible.builtin.apt_repository: + repo: "{{ matrix_extra_repos[item.repo].repo }}" + filename: "{{ item.repo }}" + mode: '644' + +- name: Install dependencies from {{ item.repo }} + ansible.builtin.apt: + name: "{{ item.packages }}" + default_release: "{{ matrix_extra_repos[item.repo].default_release | default(omit) }}" diff --git a/roles/extras/tasks/signald.yml b/roles/extras/tasks/signald.yml new file mode 100644 index 0000000..7f7c6c4 --- /dev/null +++ b/roles/extras/tasks/signald.yml @@ -0,0 +1,28 @@ +--- + +- name: Add user to signald group - {{ matrix_extra }} + ansible.builtin.user: + name: "{{ matrix_extra }}" + groups: signald + append: true + become_user: root + +- name: Set signald directory permissions + ansible.builtin.file: + path: /var/lib/signald/{{ item }} + state: directory + owner: signald + group: signald + mode: 0770 + loop: + - data + - attachments + - avatars + become_user: signald + +- name: Copy /etc/default/signald env + ansible.builtin.template: + src: signald-env + dest: /etc/default/signald + mode: 0755 + become_user: root diff --git a/roles/extras/templates/config/.last-updated b/roles/extras/templates/config/.last-updated new file mode 100644 index 0000000..2264bd7 --- /dev/null +++ b/roles/extras/templates/config/.last-updated @@ -0,0 +1 @@ +2021-11-20 diff --git a/roles/extras/templates/config/README.md b/roles/extras/templates/config/README.md new file mode 100644 index 0000000..caf2f0e --- /dev/null +++ b/roles/extras/templates/config/README.md @@ -0,0 +1,34 @@ +Mautrix bridge config updates last checked on 2022-08-25 +To add a mautrix bridge, create a var file and based on an older one and a new config file like this: + +``` +{% extends 'mautrix-bridge.yaml.j2' %} + +{% block backfill %} +{{ super() }} + additional options for the backfill section, needs to be indentded. Omit super() + above if the required options are different from the usual. +{% endblock %} + +{% block bridge %} + additional options for the bridge section, needs to be indented +{% endblock %} + +{% block additional %} +additional sections here +{% endblock %} + +``` + +Any block can be omitted if not needed + +Available blocks in vars: +``` +mautrix_blocks: + - public + - provisioning + - relay + - delivery_error_reports + - displayname_template + - backfill +``` diff --git a/roles/extras/templates/config/maubot.yaml.j2 b/roles/extras/templates/config/maubot.yaml.j2 new file mode 100644 index 0000000..51e974c --- /dev/null +++ b/roles/extras/templates/config/maubot.yaml.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} +database: postgres://{{ psql_dbs['maubot']['user'] }}:{{ psql_dbs['maubot']['password']|urlencode() }}@localhost/maubot +server: + hostname: localhost + public_url: {{ matrix_external_url }} + +homeservers: + {{ matrix_domain }}: + url: http://localhost:8009 + secret: {{ matrix_registration_shared_secret }} + +admins: + {{ maubot_admin_user }}: {{ maubot_admin_password }} + diff --git a/roles/extras/templates/config/mautrix-bridge.yaml.j2 b/roles/extras/templates/config/mautrix-bridge.yaml.j2 new file mode 100644 index 0000000..7076084 --- /dev/null +++ b/roles/extras/templates/config/mautrix-bridge.yaml.j2 @@ -0,0 +1,128 @@ +# {{ ansible_managed }} + +{% set bridge_service = matrix_extra | replace('mautrix-','') %} + +homeserver: + address: http://localhost:8009 + domain: {{ matrix_domain }} + +appservice: + address: http://localhost:{{ mautrix_port }} + hostname: localhost + port: {{ mautrix_port }} + database: postgres://{{ psql_dbs[matrix_extra]['user'] }}:{{ psql_dbs[matrix_extra]['password']|urlencode() }}@localhost/{{ matrix_extra }} + +{% if 'public' in mautrix_blocks %} + public: + enabled: true + prefix: /{{ bridge_service }} + external: {{ matrix_external_url }}/{{ bridge_service }} +{% if not 'provisioning' in mautrix_blocks %} + shared_secret: null +{% endif %} +{% endif %} + +{% if 'provisioning' in mautrix_blocks %} + provisioning: + enabled: false + shared_secret: null +{% endif %} + + bot_displayname: {{ bridge_service | capitalize }} {{ matrix_bridge_name_suffix }} + + ephemeral_events: {{ matrix_bridge_ephemeral_events }} + +# FIXME Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +bridge: +{% if 'displayname_template' in mautrix_blocks %} + displayname_template: '{displayname}' +{% endif %} + + sync_with_custom_puppets: {{ not matrix_bridge_ephemeral_events }} + sync_direct_chat_list: true + + double_puppet_server_map: + {{ matrix_domain }}: {{ matrix_external_url }} + double_puppet_allow_discovery: true +# FIXME Support other_homeservers + login_shared_secret_map: + {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}" +{% if matrix_extra_other_homeserver_shared_secret_auth is defined %} +{% for item in matrix_extra_other_homeserver_shared_secret_auth | dict2items %} + {{ item.key }}: "{{ item.value }}" +{% endfor %} +{% endif %} + + encryption: + allow: true + default: {{ mautrix_default_encrypt }} + + delivery_receipts: true +{% if 'delivery_error_reports' in mautrix_blocks %} + delivery_error_reports: true +{% endif %} + +{% if 'backfill' in mautrix_blocks %} + backfill: +{% block backfill %} + invite_own_puppet: true + initial_limit: 1000 + missed_limit: 5000 +{% endblock backfill %} +{% endif %} + + permissions: + '*': {{ mautrix_permissions.relay }} + {{ matrix_domain }}: {{ mautrix_permissions.user }} +{% if matrix_bridge_other_homeservers is defined %} +{% for item in matrix_bridge_other_homeservers %} + {{ item }}: {{ mautrix_permissions.user }} +{% endfor %} +{% endif %} +{% if matrix_bridge_admins is defined %} +{% for item in matrix_bridge_admins %} + '{{ item }}': {{ mautrix_permissions.admin }} +{% endfor %} +{% endif %} + +{% if 'relay' in mautrix_blocks %} + relay: + enabled: true +{% endif %} + +{% block bridge %}{% endblock %} + +{% block additional %}{% endblock %} + +logging: + version: 1 + formatters: + colored: + (): {{ matrix_extra | replace('-','_') }}.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: normal + filename: ./{{ matrix_extra }}.log + maxBytes: 10485760 + backupCount: 10 + console: + class: logging.StreamHandler + formatter: colored + + loggers: +{% for logger in mautrix_loggers %} + {{ logger }}: + level: INFO +{% endfor %} + root: + level: INFO + handlers: [file,console] + diff --git a/roles/extras/templates/config/mautrix-facebook.yaml.j2 b/roles/extras/templates/config/mautrix-facebook.yaml.j2 new file mode 100644 index 0000000..99f5480 --- /dev/null +++ b/roles/extras/templates/config/mautrix-facebook.yaml.j2 @@ -0,0 +1,9 @@ +{% extends 'mautrix-bridge.yaml.j2' %} + +{% block bridge %} + periodic_reconnect: + interval: 86400 + temporary_disconnect_notices: false + refresh_on_reconnection_fail: true +{% endblock %} + diff --git a/roles/extras/templates/config/mautrix-googlechat.yaml.j2 b/roles/extras/templates/config/mautrix-googlechat.yaml.j2 new file mode 100644 index 0000000..c1df2a9 --- /dev/null +++ b/roles/extras/templates/config/mautrix-googlechat.yaml.j2 @@ -0,0 +1,12 @@ +{% extends 'mautrix-bridge.yaml.j2' %} + +{% block backfill %} + invite_own_puppet: true + initial_thread_limit: 100 + initial_nonthread_limit: 1000 +{% endblock %} + +{% block bridge %} + initial_chat_sync: 100 +{% endblock %} + diff --git a/roles/extras/templates/config/mautrix-instagram.yaml.j2 b/roles/extras/templates/config/mautrix-instagram.yaml.j2 new file mode 100644 index 0000000..4675ea1 --- /dev/null +++ b/roles/extras/templates/config/mautrix-instagram.yaml.j2 @@ -0,0 +1,13 @@ +{% extends 'mautrix-bridge.yaml.j2' %} + +{% block bridge %} + periodic_reconnect: + interval: 86400 + private_chat_name_template: '{displayname} (Instagram)' + unimportant_bridge_notices: false +{% endblock %} + +{% block additional %} +instagram: + device_seed: {{ matrix_instagram_device_seed }} +{% endblock %} diff --git a/roles/extras/templates/config/mautrix-signal.yaml.j2 b/roles/extras/templates/config/mautrix-signal.yaml.j2 new file mode 100644 index 0000000..072358e --- /dev/null +++ b/roles/extras/templates/config/mautrix-signal.yaml.j2 @@ -0,0 +1,17 @@ +{% extends 'mautrix-bridge.yaml.j2' %} + +{% block backfill %} +{{ super() }} +{% endblock %} + +{% block bridge %} + public_portals: true + relaybot: '@realaybot:{{ matrix_domain }}' +{% endblock %} + +{% block additional %} +signal: + avatar_dir: /var/lib/signald/data + data_dir: /var/lib/signald/data + delete_unknown_accounts_on_start: true +{% endblock %} diff --git a/roles/extras/templates/config/mautrix-telegram.yaml.j2 b/roles/extras/templates/config/mautrix-telegram.yaml.j2 new file mode 100644 index 0000000..72f34ea --- /dev/null +++ b/roles/extras/templates/config/mautrix-telegram.yaml.j2 @@ -0,0 +1,31 @@ +{% extends 'mautrix-bridge.yaml.j2' %} + +{% block backfill %} +{{ super() }} + normal_groups: true +{% endblock %} + +{% block bridge %} + invite_link_resolve: true + max_document_size: {{ matrix_max_upload_size_mb }} + + bridge_notices: + default: true + + relay_user_distinguishers: [] + + state_event_formats: + join: '' + leave: '' + + sync_channel_members: true + public_portals: true + +{% endblock %} + +{% block additional %} +telegram: + api_id: {{ matrix_telegram_api_id }} + api_hash: {{ matrix_telegram_api_hash }} + bot_token: {{ matrix_telegram_bot_token }} +{% endblock %} diff --git a/roles/extras/templates/config/mautrix-whatsapp.yaml.j2 b/roles/extras/templates/config/mautrix-whatsapp.yaml.j2 new file mode 100644 index 0000000..a71a9b0 --- /dev/null +++ b/roles/extras/templates/config/mautrix-whatsapp.yaml.j2 @@ -0,0 +1,83 @@ +# {{ ansible_managed }} + +homeserver: + address: http://localhost:8009 + domain: {{ matrix_domain }} + +appservice: + address: http://localhost:29318 + hostname: localhost + port: 29318 + + database: + type: postgres + uri: postgres://{{ psql_dbs['mautrix-whatsapp']['user'] }}:{{ psql_dbs['mautrix-whatsapp']['password']|urlencode() }}@localhost/mautrix-whatsapp + + id: whatsapp + + bot: + username: whatsappbot + displayname: WhatsApp {{ matrix_bridge_name_suffix }} + + ephemeral_events: {{ matrix_bridge_ephemeral_events }} + +whatsapp: + os_name: {{ mautrix_whatsapp_web_name }} + +bridge: + username_template: whatsapp_{{ '{{.}}' }} + personal_filtering_spaces: true + delivery_receipts: true + # Should polls be sent using MSC3381 event types? + extev_polls: true + + + history_sync: + backfill: true + request_full_sync: true + + sync_with_custom_puppets: {{ not matrix_bridge_ephemeral_events }} + sync_direct_chat_list: true + + double_puppet_server_map: + {{ matrix_domain }}: {{ matrix_external_url }} + double_puppet_allow_discovery: true +# FIXME Support other_homeservers + + login_shared_secret_map: + {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}" +# FIXME support other servers +{% if matrix_extra_other_homeserver_shared_secret_auth is defined %} +{% for item in matrix_extra_other_homeserver_shared_secret_auth | dict2items %} + {{ item.key }}: "{{ item.value }}" +{% endfor %} +{% endif %} + + allow_user_invite: true + url_previews: true + + encryption: + allow: true + default: false + + provisioning: + prefix: /_matrix/provision + shared_secret: disable + + permissions: + "*": relay + "{{ matrix_domain }}": user +{% if matrix_bridge_other_homeservers is defined %} +{% for item in matrix_bridge_other_homeservers %} + "{{ item }}": user +{% endfor %} +{% endif %} +{% if matrix_bridge_admins is defined %} +{% for item in matrix_bridge_admins %} + "{{ item }}": admin +{% endfor %} +{% endif %} + + relay: + enabled: true + diff --git a/roles/extras/templates/config/mx-puppet-discord.yaml.j2 b/roles/extras/templates/config/mx-puppet-discord.yaml.j2 new file mode 100644 index 0000000..2ce3a3c --- /dev/null +++ b/roles/extras/templates/config/mx-puppet-discord.yaml.j2 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +bridge: + port: 8434 + bindAddress: localhost + + domain: {{ matrix_domain }} + homeserverUrl: http://localhost:8009 + + mediaUrl: {{ matrix_external_url }} + +# FIXME Support other_homeservers + loginSharedSecretMap: + {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}" + + displayname: Discord {{ matrix_bridge_name_suffix }} + avatarUrl: {{ discord_avatar_url }} + + enableGroupSync: true + +presence: + enabled: {{ synapse_presence }} + interval: 500 + +provisioning: + whitelist: + - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}" +{% if matrix_bridge_other_homeservers is defined %} +{% for item in matrix_bridge_other_homeservers %} + - "@.*:{{ item | replace(".", "\\\\.") }}" +{% endfor %} +{% endif %} + + #blacklist: + +relay: + whitelist: + - ".*" + + #blacklist: + +selfService: + whitelist: + - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}" +{% if matrix_bridge_other_homeservers is defined %} +{% for item in matrix_bridge_other_homeservers %} + - "@.*:{{ item | replace(".", "\\\\.") }}" +{% endfor %} +{% endif %} + + #blacklist: + #- "@user:server\\.com" + +# Map of homeserver URLs to their C-S API endpoint +# +# Useful for double-puppeting if .well-known is unavailable for some reason +homeserverUrlMap: + {{ matrix_domain }}: http://localhost:8009 + +namePatterns: + user: :name + userOverride: :displayname + room: :name + group: :name + +database: + connString: "postgres://{{ psql_dbs['mx-puppet-discord']['user'] }}:{{ psql_dbs['mx-puppet-discord']['password']|urlencode() }}@localhost/mx-puppet-discord" + +#FIXME: do metrics +metrics: + # If enabled, the metrics are served at http://localhost:$port$path + enabled: false + # On which port the prometheus metrics will be served + port: 8000 + # Path on which the metrics are available, the default is /metrics + path: "/metrics" + +limits: + maxAutojoinUsers: 2000 + roomUserAutojoinDelay: 500 + +logging: + # silly, verbose, info, warn, error + console: info + lineDateFormat: MMM-D HH:mm:ss.SSS + + files: + - file: "bridge.log" + level: warn + datePattern: YYYY-MM-DD + maxFiles: 30d + maxSize: 50m diff --git a/roles/extras/templates/config/mx-puppet-slack.yaml.j2 b/roles/extras/templates/config/mx-puppet-slack.yaml.j2 new file mode 100644 index 0000000..01bfa15 --- /dev/null +++ b/roles/extras/templates/config/mx-puppet-slack.yaml.j2 @@ -0,0 +1,84 @@ +# {{ ansible_managed }} +bridge: + port: 8432 + bindAddress: localhost + + domain: {{ matrix_domain }} + homeserverUrl: http://localhost:8009 + +# FIXME Support other_homeservers + loginSharedSecretMap: + {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}" + + displayname: Slack {{ matrix_bridge_name_suffix }} + avatarUrl: {{ slack_avatar_url }} + + enableGroupSync: true + +# Slack OAuth settings. Create a slack app at https://api.slack.com/apps +oauth: + enabled: true + # Slack app credentials. + # N.B. This must be quoted so YAML wouldn't parse it as a float. + clientId: "{{ matrix_slack_oauth_client_id }}" + clientSecret: {{ matrix_slack_oauth_client_secret }} + redirectPath: {{ nginx_upstreams.mx_puppet_slack.locations[0].name }}/oauth + redirectUri: {{ matrix_external_url }}{{ nginx_upstreams.mx_puppet_slack.locations[0].name }}/oauth + +presence: + enabled: {{ synapse_presence }} + interval: 500 + +provisioning: + whitelist: + - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}" +{% if matrix_bridge_other_homeservers is defined %} +{% for item in matrix_bridge_other_homeservers %} + - "@.*:{{ item | replace(".", "\\\\.") }}" +{% endfor %} +{% endif %} + + #blacklist: + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +relay: + whitelist: + - ".*" + + #blacklist: + +homeserverUrlMap: + {{ matrix_domain }}: http://localhost:8009 + +database: + connString: "postgres://{{ psql_dbs['mx-puppet-slack']['user'] }}:{{ psql_dbs['mx-puppet-slack']['password']|urlencode() }}@localhost/mx-puppet-slack" + +namePatterns: + user: :name + room: :name + group: :name + +#FIXME: do metrics +metrics: + # If enabled, the metrics are served at http://localhost:$port$path + enabled: false + # On which port the prometheus metrics will be served + port: 8000 + # Path on which the metrics are available, the default is /metrics + path: "/metrics" + +logging: + # silly, verbose, info, warn, error + console: info + lineDateFormat: MMM-D HH:mm:ss.SSS + files: + - file: "bridge.log" + level: info + datePattern: YYYY-MM-DD + maxFiles: 14d + maxSize: 50m diff --git a/roles/extras/templates/matrix-extra.service b/roles/extras/templates/matrix-extra.service new file mode 100644 index 0000000..bfb99a3 --- /dev/null +++ b/roles/extras/templates/matrix-extra.service @@ -0,0 +1,20 @@ +# {{ ansible_managed }} + +[Unit] +Description={{ matrix_extra }} +After=matrix-synapse.service +PartOf=matrix.target + +[Service] +Type=simple +User={{ matrix_extra }} +WorkingDirectory={{ matrix_extra_workdir }} +{% if matrix_extra_wait_before_start %} +ExecStartPre=/bin/sleep 30 +{% endif %} +ExecStart={{ exec }} +Restart=always +RestartSec=3 + +[Install] +WantedBy=matrix.target diff --git a/roles/extras/templates/signald-env b/roles/extras/templates/signald-env new file mode 100644 index 0000000..afda0f3 --- /dev/null +++ b/roles/extras/templates/signald-env @@ -0,0 +1,3 @@ +SIGNALD_TRUST_ALL_KEYS=true +SIGNALD_TRUST_NEW_KEYS=true +SIGNALD_DATABASE=postgresql://{{ psql_dbs['signald']['user'] }}:{{ psql_dbs['signald']['password']|urlencode() }}@localhost/signald \ No newline at end of file diff --git a/roles/extras/vars/defaults.yml b/roles/extras/vars/defaults.yml new file mode 100644 index 0000000..b4b8d9c --- /dev/null +++ b/roles/extras/vars/defaults.yml @@ -0,0 +1,11 @@ +--- + +matrix_extra_wait_before_start: false +matrix_extra_workdir: /opt/{{ matrix_extra }} + +mautrix_permissions: + relay: relay + user: user + admin: admin +mautrix_blocks: [] +mautrix_default_encrypt: false diff --git a/roles/extras/vars/maubot.yml b/roles/extras/vars/maubot.yml new file mode 100644 index 0000000..6752d0f --- /dev/null +++ b/roles/extras/vars/maubot.yml @@ -0,0 +1,15 @@ +--- + +depends: "{{ python_depends }}" + +matrix_extra_tasks: + - pip + - maubot + +pip_packages: + - maubot + - psycopg2 + +exec: '{{ matrix_extra_workdir }}/bin/python3 -m maubot -c {{ matrix_extra_workdir }}/config.yaml' + +matrix_extra_wait_before_start: true diff --git a/roles/extras/vars/mautrix-facebook.yml b/roles/extras/vars/mautrix-facebook.yml new file mode 100644 index 0000000..be040be --- /dev/null +++ b/roles/extras/vars/mautrix-facebook.yml @@ -0,0 +1,30 @@ +--- + +depends: "{{ python_depends }}" + +matrix_extra_tasks: + - pip + - appservice + +pip_packages: + - 'mautrix-facebook[all]' + +registrationgen_exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_facebook + -g + -r '{{ matrix_extra_workdir }}/appservice-registration.yaml' + -c '{{ matrix_extra_workdir }}/config.yaml' +exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_facebook + -c {{ matrix_extra_workdir }}/config.yaml + + +mautrix_port: 29319 +mautrix_loggers: + - mau + - paho + - aiohttp +mautrix_blocks: + - public + - backfill + - displayname_template diff --git a/roles/extras/vars/mautrix-googlechat.yml b/roles/extras/vars/mautrix-googlechat.yml new file mode 100644 index 0000000..bc8429c --- /dev/null +++ b/roles/extras/vars/mautrix-googlechat.yml @@ -0,0 +1,29 @@ +--- + +depends: "{{ python_depends }}" + +matrix_extra_tasks: + - pip + - appservice + +pip_packages: + - 'mautrix-googlechat[all]' + +registrationgen_exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_googlechat + -g + -r '{{ matrix_extra_workdir }}/appservice-registration.yaml' + -c '{{ matrix_extra_workdir }}/config.yaml' +exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_googlechat + -c {{ matrix_extra_workdir }}/config.yaml + +mautrix_port: 29320 +mautrix_loggers: + - mau + - maugclib + - aiohttp + - backfill + +mautrix_block: + - provisioning diff --git a/roles/extras/vars/mautrix-instagram.yml b/roles/extras/vars/mautrix-instagram.yml new file mode 100644 index 0000000..40dba39 --- /dev/null +++ b/roles/extras/vars/mautrix-instagram.yml @@ -0,0 +1,30 @@ +--- + +depends: "{{ python_depends }}" + +matrix_extra_tasks: + - pip + - appservice + +pip_packages: + - 'git+https://github.com/mautrix/instagram.git#egg=mautrix-instagram[all]' + +registrationgen_exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_instagram + -g + -r '{{ matrix_extra_workdir }}/appservice-registration.yaml' + -c '{{ matrix_extra_workdir }}/config.yaml' +exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_instagram + -c {{ matrix_extra_workdir }}/config.yaml + +mautrix_port: 29330 +mautrix_loggers: + - mau + - mauigpapi + - aiohttp + - paho.mqtt +mautrix_blocks: + - relay + - delivery_error_reports + - backfill diff --git a/roles/extras/vars/mautrix-signal.yml b/roles/extras/vars/mautrix-signal.yml new file mode 100644 index 0000000..f711bae --- /dev/null +++ b/roles/extras/vars/mautrix-signal.yml @@ -0,0 +1,34 @@ +--- + +depends: "{{ python_depends }}" +repo_depends: + - repo: signald + packages: + - signald + +matrix_extra_tasks: + - signald + - pip + - appservice + +pip_packages: + - 'mautrix-signal[all]' + +registrationgen_exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_signal + -g + -r '{{ matrix_extra_workdir }}/appservice-registration.yaml' + -c '{{ matrix_extra_workdir }}/config.yaml' +exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_signal + -c {{ matrix_extra_workdir }}/config.yaml + +mautrix_port: 29328 +mautrix_loggers: + - mau + - aiohttp +mautrix_blocks: + - relay + - delivery_error_reports + - displayname_template +mautrix_default_encrypt: true diff --git a/roles/extras/vars/mautrix-telegram.yml b/roles/extras/vars/mautrix-telegram.yml new file mode 100644 index 0000000..04021b4 --- /dev/null +++ b/roles/extras/vars/mautrix-telegram.yml @@ -0,0 +1,35 @@ +--- + +depends: "{{ python_depends }}" + +matrix_extra_tasks: + - pip + - appservice + +pip_packages: + - 'mautrix-telegram[all]' + +registrationgen_exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_telegram + -g + -r '{{ matrix_extra_workdir }}/appservice-registration.yaml' + -c '{{ matrix_extra_workdir }}/config.yaml' +exec: > + {{ matrix_extra_workdir }}/bin/python -m mautrix_telegram + -c {{ matrix_extra_workdir }}/config.yaml + +mautrix_port: 29317 +mautrix_loggers: + - mau + - telethon + - aiohttp +mautrix_blocks: + - public + - provisioning + - delivery_error_reports + - displayname_template + - backfill +mautrix_permissions: + relay: relaybot + user: full + admin: admin diff --git a/roles/extras/vars/mautrix-whatsapp.yml b/roles/extras/vars/mautrix-whatsapp.yml new file mode 100644 index 0000000..1bdb46f --- /dev/null +++ b/roles/extras/vars/mautrix-whatsapp.yml @@ -0,0 +1,16 @@ +--- + +depends: + - ffmpeg + +matrix_extra_tasks: + - mautrix-whatsapp + +registrationgen_exec: > + {{ matrix_extra_workdir }}/mautrix-whatsapp + -g + -r '{{ matrix_extra_workdir }}/appservice-registration.yaml' + -c '{{ matrix_extra_workdir }}/config.yaml' +exec: > + {{ matrix_extra_workdir }}/mautrix-whatsapp + -c {{ matrix_extra_workdir }}/config.yaml diff --git a/roles/extras/vars/mx-puppet-discord.yml b/roles/extras/vars/mx-puppet-discord.yml new file mode 100644 index 0000000..67e564a --- /dev/null +++ b/roles/extras/vars/mx-puppet-discord.yml @@ -0,0 +1,17 @@ +--- + +depends: + - git + - nodejs + - npm + - yarnpkg + +matrix_extra_tasks: + - npm + - appservice + +matrix_extra_git_repo: 'https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git' +matrix_extra_workdir: /opt/{{ matrix_extra }}/src + +registrationgen_exec: "npm run start -- -r -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'" +exec: "npm run start -- -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'" diff --git a/roles/extras/vars/mx-puppet-slack.yml b/roles/extras/vars/mx-puppet-slack.yml new file mode 100644 index 0000000..e6bacca --- /dev/null +++ b/roles/extras/vars/mx-puppet-slack.yml @@ -0,0 +1,17 @@ +--- + +depends: + - git + - nodejs + - npm + - yarnpkg + +matrix_extra_tasks: + - npm + - appservice + +matrix_extra_git_repo: 'https://github.com/Sorunome/mx-puppet-slack.git' +matrix_extra_workdir: /opt/{{ matrix_extra }}/src + +registrationgen_exec: "npm run start -- -r -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'" +exec: "npm run start -- -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'"