add extras role

2023-04-19 01:45:05 +03:00
parent 70a4684f51
commit d05e42fe18
36 changed files with 1017 additions and 0 deletions
--- a/roles/extras/templates/config/.last-updated
+++ b/roles/extras/templates/config/.last-updated
@@ -0,0 +1 @@
+2021-11-20
--- a/roles/extras/templates/config/README.md
+++ b/roles/extras/templates/config/README.md
@@ -0,0 +1,34 @@
+Mautrix bridge config updates last checked on 2022-08-25
+To add a mautrix bridge, create a var file and based on an older one and a new config file like this:
+
+```
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+{{ super() }}
+        additional options for the backfill section, needs to be indentded. Omit super()
+        above if the required options are different from the usual.
+{% endblock %}
+
+{% block bridge %}
+    additional options for the bridge section, needs to be indented
+{% endblock %}
+
+{% block additional %}
+additional sections here
+{% endblock %}
+
+```
+
+Any block can be omitted if not needed
+
+Available blocks in vars:
+```
+mautrix_blocks:
+  - public
+  - provisioning
+  - relay
+  - delivery_error_reports
+  - displayname_template
+  - backfill
+```
--- a/roles/extras/templates/config/maubot.yaml.j2
+++ b/roles/extras/templates/config/maubot.yaml.j2
@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+database: postgres://{{ psql_dbs['maubot']['user'] }}:{{ psql_dbs['maubot']['password']|urlencode() }}@localhost/maubot
+server:
+    hostname: localhost
+    public_url: {{ matrix_external_url }}
+
+homeservers:
+    {{ matrix_domain }}:
+        url: http://localhost:8009
+        secret: {{ matrix_registration_shared_secret }}
+
+admins:
+    {{ maubot_admin_user }}: {{ maubot_admin_password }}
+
--- a/roles/extras/templates/config/mautrix-bridge.yaml.j2
+++ b/roles/extras/templates/config/mautrix-bridge.yaml.j2
@@ -0,0 +1,128 @@
+# {{ ansible_managed }}
+
+{% set bridge_service = matrix_extra | replace('mautrix-','') %}
+
+homeserver:
+    address: http://localhost:8009
+    domain: {{ matrix_domain }}
+
+appservice:
+    address: http://localhost:{{ mautrix_port }}
+    hostname: localhost
+    port: {{ mautrix_port }}
+    database: postgres://{{ psql_dbs[matrix_extra]['user'] }}:{{ psql_dbs[matrix_extra]['password']|urlencode() }}@localhost/{{ matrix_extra }}
+
+{% if 'public' in mautrix_blocks %}
+    public:
+        enabled: true
+        prefix: /{{ bridge_service }}
+        external: {{ matrix_external_url }}/{{ bridge_service }}
+{% if not 'provisioning' in mautrix_blocks %}
+        shared_secret: null
+{% endif %}
+{% endif %}
+
+{% if 'provisioning' in mautrix_blocks %}
+    provisioning:
+        enabled: false
+        shared_secret: null
+{% endif %}
+
+    bot_displayname: {{ bridge_service | capitalize }} {{ matrix_bridge_name_suffix }}
+
+    ephemeral_events: {{ matrix_bridge_ephemeral_events }}
+
+# FIXME Prometheus telemetry config. Requires prometheus-client to be installed.
+metrics:
+    enabled: false
+    listen_port: 8000
+
+bridge:
+{% if 'displayname_template' in mautrix_blocks %}
+    displayname_template: '{displayname}'
+{% endif %}
+
+    sync_with_custom_puppets: {{ not matrix_bridge_ephemeral_events }}
+    sync_direct_chat_list: true
+    
+    double_puppet_server_map:
+        {{ matrix_domain }}: {{ matrix_external_url }}
+    double_puppet_allow_discovery: true
+# FIXME Support other_homeservers
+    login_shared_secret_map:
+        {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}"
+{% if matrix_extra_other_homeserver_shared_secret_auth is defined %}
+{% for item in matrix_extra_other_homeserver_shared_secret_auth | dict2items %}
+        {{ item.key }}: "{{ item.value }}"
+{% endfor %}
+{% endif %}
+
+    encryption:
+        allow: true
+        default: {{ mautrix_default_encrypt }}
+
+    delivery_receipts: true
+{% if 'delivery_error_reports' in mautrix_blocks %}
+    delivery_error_reports: true
+{% endif %}
+
+{% if 'backfill' in mautrix_blocks %}
+    backfill:
+{% block backfill %}
+        invite_own_puppet: true
+        initial_limit: 1000
+        missed_limit: 5000
+{% endblock backfill %}
+{% endif %}
+
+    permissions:
+        '*': {{ mautrix_permissions.relay }}
+        {{ matrix_domain }}: {{ mautrix_permissions.user }}
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+        {{ item }}: {{ mautrix_permissions.user }}
+{% endfor %}
+{% endif %}
+{% if matrix_bridge_admins is defined %}
+{% for item in matrix_bridge_admins %}
+        '{{ item }}': {{ mautrix_permissions.admin }}
+{% endfor %}
+{% endif %}
+
+{% if 'relay' in mautrix_blocks %}
+    relay:
+        enabled: true
+{% endif %}
+
+{% block bridge %}{% endblock %}
+
+{% block additional %}{% endblock %}
+
+logging:
+    version: 1
+    formatters:
+        colored:
+            (): {{ matrix_extra | replace('-','_') }}.util.ColorFormatter
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+        normal:
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+    handlers:
+        file:
+            class: logging.handlers.RotatingFileHandler
+            formatter: normal
+            filename: ./{{ matrix_extra }}.log
+            maxBytes: 10485760
+            backupCount: 10
+        console:
+            class: logging.StreamHandler
+            formatter: colored
+    
+    loggers:
+{% for logger in mautrix_loggers %}
+        {{ logger }}:
+            level: INFO
+{% endfor %}
+    root:
+        level: INFO
+        handlers: [file,console]
+
--- a/roles/extras/templates/config/mautrix-facebook.yaml.j2
+++ b/roles/extras/templates/config/mautrix-facebook.yaml.j2
@@ -0,0 +1,9 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block bridge %}
+    periodic_reconnect:
+        interval: 86400
+    temporary_disconnect_notices: false
+    refresh_on_reconnection_fail: true
+{% endblock %}
+
--- a/roles/extras/templates/config/mautrix-googlechat.yaml.j2
+++ b/roles/extras/templates/config/mautrix-googlechat.yaml.j2
@@ -0,0 +1,12 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+        invite_own_puppet: true
+        initial_thread_limit: 100
+        initial_nonthread_limit: 1000
+{% endblock %}
+
+{% block bridge %}
+    initial_chat_sync: 100
+{% endblock %}
+
--- a/roles/extras/templates/config/mautrix-instagram.yaml.j2
+++ b/roles/extras/templates/config/mautrix-instagram.yaml.j2
@@ -0,0 +1,13 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block bridge %}
+    periodic_reconnect:
+        interval: 86400
+    private_chat_name_template: '{displayname} (Instagram)'
+    unimportant_bridge_notices: false
+{% endblock %}
+
+{% block additional %}
+instagram:
+    device_seed: {{ matrix_instagram_device_seed }}
+{% endblock %}
--- a/roles/extras/templates/config/mautrix-signal.yaml.j2
+++ b/roles/extras/templates/config/mautrix-signal.yaml.j2
@@ -0,0 +1,17 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+{{ super() }}
+{% endblock %}
+
+{% block bridge %}
+    public_portals: true
+    relaybot: '@realaybot:{{ matrix_domain }}'
+{% endblock %}
+
+{% block additional %}
+signal:
+    avatar_dir: /var/lib/signald/data
+    data_dir: /var/lib/signald/data
+    delete_unknown_accounts_on_start: true
+{% endblock %}
--- a/roles/extras/templates/config/mautrix-telegram.yaml.j2
+++ b/roles/extras/templates/config/mautrix-telegram.yaml.j2
@@ -0,0 +1,31 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+{{ super() }}
+        normal_groups: true
+{% endblock %}
+
+{% block bridge %}
+    invite_link_resolve: true
+    max_document_size: {{ matrix_max_upload_size_mb }}
+
+    bridge_notices:
+        default: true
+ 
+    relay_user_distinguishers: []
+ 
+    state_event_formats:
+        join: ''
+        leave: ''
+
+    sync_channel_members: true
+    public_portals: true
+
+{% endblock %}
+
+{% block additional %}
+telegram:
+    api_id: {{ matrix_telegram_api_id }}
+    api_hash: {{ matrix_telegram_api_hash }}
+    bot_token: {{ matrix_telegram_bot_token }}
+{% endblock %}
--- a/roles/extras/templates/config/mautrix-whatsapp.yaml.j2
+++ b/roles/extras/templates/config/mautrix-whatsapp.yaml.j2
@@ -0,0 +1,83 @@
+# {{ ansible_managed }}
+
+homeserver:
+    address: http://localhost:8009
+    domain: {{ matrix_domain }}
+
+appservice:
+    address: http://localhost:29318
+    hostname: localhost
+    port: 29318
+
+    database:
+        type: postgres
+        uri: postgres://{{ psql_dbs['mautrix-whatsapp']['user'] }}:{{ psql_dbs['mautrix-whatsapp']['password']|urlencode() }}@localhost/mautrix-whatsapp
+
+    id: whatsapp
+
+    bot:
+        username: whatsappbot
+        displayname: WhatsApp {{ matrix_bridge_name_suffix }}
+
+    ephemeral_events: {{ matrix_bridge_ephemeral_events }}
+
+whatsapp:
+    os_name: {{ mautrix_whatsapp_web_name }}
+
+bridge:
+    username_template: whatsapp_{{ '{{.}}' }}
+    personal_filtering_spaces: true
+    delivery_receipts: true
+    # Should polls be sent using MSC3381 event types?
+    extev_polls: true
+    
+
+    history_sync:
+        backfill: true
+        request_full_sync: true
+
+    sync_with_custom_puppets: {{ not matrix_bridge_ephemeral_events }}
+    sync_direct_chat_list: true
+
+    double_puppet_server_map:
+        {{ matrix_domain }}: {{ matrix_external_url }}
+    double_puppet_allow_discovery: true
+# FIXME Support other_homeservers
+
+    login_shared_secret_map:
+        {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}"
+# FIXME support other servers
+{% if matrix_extra_other_homeserver_shared_secret_auth is defined %}
+{% for item in matrix_extra_other_homeserver_shared_secret_auth | dict2items %}
+        {{ item.key }}: "{{ item.value }}"
+{% endfor %}
+{% endif %}
+
+    allow_user_invite: true
+    url_previews: true
+
+    encryption:
+        allow: true
+        default: false
+
+    provisioning:
+        prefix: /_matrix/provision
+        shared_secret: disable
+
+    permissions:
+        "*": relay
+        "{{ matrix_domain }}": user
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+        "{{ item }}": user
+{% endfor %}
+{% endif %}
+{% if matrix_bridge_admins is defined %}
+{% for item in matrix_bridge_admins %}
+        "{{ item }}": admin
+{% endfor %}
+{% endif %}
+
+    relay:
+        enabled: true
+
--- a/roles/extras/templates/config/mx-puppet-discord.yaml.j2
+++ b/roles/extras/templates/config/mx-puppet-discord.yaml.j2
@@ -0,0 +1,91 @@
+# {{ ansible_managed }}
+bridge:
+  port: 8434
+  bindAddress: localhost
+
+  domain: {{ matrix_domain }}
+  homeserverUrl: http://localhost:8009
+
+  mediaUrl: {{ matrix_external_url }}
+
+# FIXME Support other_homeservers
+  loginSharedSecretMap:
+    {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}"
+
+  displayname: Discord {{ matrix_bridge_name_suffix }}
+  avatarUrl: {{ discord_avatar_url }}
+
+  enableGroupSync: true
+
+presence:
+  enabled: {{ synapse_presence }}
+  interval: 500
+
+provisioning:
+  whitelist:
+    - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}"
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+    - "@.*:{{ item | replace(".", "\\\\.") }}"
+{% endfor %}
+{% endif %}
+
+  #blacklist:
+
+relay:
+  whitelist:
+    - ".*"
+
+  #blacklist:
+
+selfService:
+  whitelist:
+    - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}"
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+    - "@.*:{{ item | replace(".", "\\\\.") }}"
+{% endfor %}
+{% endif %}
+
+  #blacklist:
+    #- "@user:server\\.com"
+
+# Map of homeserver URLs to their C-S API endpoint
+#
+# Useful for double-puppeting if .well-known is unavailable for some reason
+homeserverUrlMap:
+  {{ matrix_domain }}: http://localhost:8009
+
+namePatterns:
+  user: :name
+  userOverride: :displayname
+  room: :name
+  group: :name
+
+database:
+  connString: "postgres://{{ psql_dbs['mx-puppet-discord']['user'] }}:{{ psql_dbs['mx-puppet-discord']['password']|urlencode() }}@localhost/mx-puppet-discord"
+
+#FIXME: do metrics
+metrics:
+  # If enabled, the metrics are served at http://localhost:$port$path
+  enabled: false
+  # On which port the prometheus metrics will be served
+  port: 8000
+  # Path on which the metrics are available, the default is /metrics
+  path: "/metrics"
+
+limits:
+  maxAutojoinUsers: 2000
+  roomUserAutojoinDelay: 500
+
+logging:
+  # silly, verbose, info, warn, error
+  console: info
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+
+  files:
+    - file: "bridge.log"
+      level: warn
+      datePattern: YYYY-MM-DD
+      maxFiles: 30d
+      maxSize: 50m
--- a/roles/extras/templates/config/mx-puppet-slack.yaml.j2
+++ b/roles/extras/templates/config/mx-puppet-slack.yaml.j2
@@ -0,0 +1,84 @@
+# {{ ansible_managed }}
+bridge:
+  port: 8432
+  bindAddress: localhost
+
+  domain: {{ matrix_domain }}
+  homeserverUrl: http://localhost:8009
+
+# FIXME Support other_homeservers
+  loginSharedSecretMap: 
+    {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}" 
+
+  displayname: Slack {{ matrix_bridge_name_suffix }}
+  avatarUrl: {{ slack_avatar_url }}
+
+  enableGroupSync: true
+
+# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
+oauth:
+  enabled: true
+  # Slack app credentials.
+  # N.B. This must be quoted so YAML wouldn't parse it as a float.
+  clientId: "{{ matrix_slack_oauth_client_id }}"
+  clientSecret: {{ matrix_slack_oauth_client_secret }}
+  redirectPath: {{ nginx_upstreams.mx_puppet_slack.locations[0].name }}/oauth
+  redirectUri: {{ matrix_external_url }}{{ nginx_upstreams.mx_puppet_slack.locations[0].name }}/oauth
+
+presence:
+  enabled: {{ synapse_presence }}
+  interval: 500
+
+provisioning:
+  whitelist:
+    - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}"
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+    - "@.*:{{ item | replace(".", "\\\\.") }}"
+{% endfor %}
+{% endif %}
+
+  #blacklist:
+
+  # Shared secret for the provisioning API for use by integration managers.
+  # If this is not set, the provisioning API will not be enabled.
+  #sharedSecret: random string
+  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
+  apiPrefix: /_matrix/provision
+
+relay:
+  whitelist:
+    - ".*"
+
+  #blacklist:
+
+homeserverUrlMap:
+  {{ matrix_domain }}: http://localhost:8009
+
+database:
+  connString: "postgres://{{ psql_dbs['mx-puppet-slack']['user'] }}:{{ psql_dbs['mx-puppet-slack']['password']|urlencode() }}@localhost/mx-puppet-slack"
+
+namePatterns:
+  user: :name
+  room: :name
+  group: :name
+
+#FIXME: do metrics
+metrics:
+  # If enabled, the metrics are served at http://localhost:$port$path
+  enabled: false
+  # On which port the prometheus metrics will be served
+  port: 8000
+  # Path on which the metrics are available, the default is /metrics
+  path: "/metrics"
+
+logging:
+  # silly, verbose, info, warn, error
+  console: info
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+  files:
+    - file: "bridge.log"
+      level: info
+      datePattern: YYYY-MM-DD
+      maxFiles: 14d
+      maxSize: 50m
--- a/roles/extras/templates/matrix-extra.service
+++ b/roles/extras/templates/matrix-extra.service
@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description={{ matrix_extra }}
+After=matrix-synapse.service
+PartOf=matrix.target
+
+[Service]
+Type=simple
+User={{ matrix_extra }}
+WorkingDirectory={{ matrix_extra_workdir }}
+{% if matrix_extra_wait_before_start %}
+ExecStartPre=/bin/sleep 30
+{% endif %}
+ExecStart={{ exec }}
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=matrix.target
--- a/roles/extras/templates/signald-env
+++ b/roles/extras/templates/signald-env
@@ -0,0 +1,3 @@
+SIGNALD_TRUST_ALL_KEYS=true
+SIGNALD_TRUST_NEW_KEYS=true
+SIGNALD_DATABASE=postgresql://{{ psql_dbs['signald']['user'] }}:{{ psql_dbs['signald']['password']|urlencode() }}@localhost/signald