add extras role

roles/extras/defaults/main.yml

@@ -0,0 +1,25 @@
+---
+
+matrix_bridge_name_suffix: 'bridge'
+mautrix_whatsapp_web_name: 'Mautrix-WhatsApp bridge'
+mautrix_whatsapp_web_shortname: 'mx-wa'
+
+matrix_bridge_ephemeral_events: true
+
+python_depends:
+  - build-essential
+  - python-setuptools
+  - python3-pip
+  - virtualenv
+  - python3-venv
+  - python3-virtualenv
+  - python3-setuptools
+  - python3-dev
+  - libpq-dev
+
+matrix_extra_repos:
+  signald:
+    repo: 'deb https://updates.signald.org unstable main'
+    key:
+      id: 'D89FFB45291229A410A1430A659475081F665F29'
+      url: 'https://updates.signald.org/apt-signing-key.asc'

roles/extras/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Restart synapse
+  ansible.builtin.systemd:
+    name: matrix-synapse.service
+    state: restarted
+
+- name: Restart matrix target
+  ansible.builtin.systemd:
+    name: matrix.target
+    state: restarted

roles/extras/tasks/alembic.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Alembic update database
+  ansible.builtin.command: /opt/{{ matrix_extra }}/bin/alembic -c /opt/{{ matrix_extra }}/alembic.ini -x config=/opt/{{ matrix_extra }}/config.yaml upgrade head
+  args:
+    chdir: /opt/{{ matrix_extra }}
+  when: install.changed

roles/extras/tasks/appservice.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Generate registration file for {{ matrix_extra }}
+  ansible.builtin.command: "{{ registrationgen_exec }}"
+  args:
+    chdir: "{{ matrix_extra_workdir }}"
+  notify: Restart matrix target
+  when: config.changed or install.changed
+  become_user: "{{ matrix_extra }}"
+
+- name: Add appservice to synapse config - {{ matrix_extra }}
+  become_user: root
+  block:
+    - name: Ensure appservice config file present
+      ansible.builtin.lineinfile:
+        path: /etc/matrix-synapse/conf.d/appservice.yaml
+        line: 'app_service_config_files:'
+        regexp: '^app_service_config_files: *?$'
+        create: true
+        mode: 0644
+        insertbefore: BOF
+      notify: Restart synapse
+
+    - name: Configure appservice {{ matrix_extra }}
+      ansible.builtin.lineinfile:
+        path: '/etc/matrix-synapse/conf.d/appservice.yaml'
+        line: "  - '/opt/{{ matrix_extra }}/appservice-registration.yaml'"
+        regexp: '^.*{{ matrix_extra }}.*$'
+      notify: Restart synapse

roles/extras/tasks/general.yml

@@ -0,0 +1,63 @@
+---
+
+- name: Include defaults
+  ansible.builtin.include_vars: defaults.yml
+- name: Include variables for {{ matrix_extra }}
+  ansible.builtin.include_vars: "{{ matrix_extra }}.yml"
+
+- name: Install dependencies for {{ matrix_extra }}
+  ansible.builtin.apt:
+    name: "{{ depends }}"
+    state: latest
+
+- name: Install dependencies from custom repos for {{ matrix_extra }}
+  ansible.builtin.include_tasks: repo.yml
+  when: repo_depends is defined
+  loop: "{{ repo_depends }}"
+
+- name: Create user for {{ matrix_extra }}
+  ansible.builtin.user:
+    name: "{{ matrix_extra }}"
+    system: true
+    home: /opt/{{ matrix_extra }}
+    shell: /bin/false
+
+- name: Configure {{ matrix_extra }}
+  become_user: "{{ matrix_extra }}"
+  block:
+    - name: Put config in place for {{ matrix_extra }}
+      ansible.builtin.template:
+        src: "config/{{ matrix_extra }}.yaml.j2"
+        dest: "/opt/{{ matrix_extra }}/config.yaml.ansibled"
+        mode: 0644
+        backup: true
+      notify: Restart matrix target
+      register: config
+    - name: Put config in final destination for {{ matrix_extra }}
+      ansible.builtin.copy:
+        src: "/opt/{{ matrix_extra }}/config.yaml.ansibled"
+        dest: "/opt/{{ matrix_extra }}/config.yaml"
+        mode: 0644
+        remote_src: true
+      when: config.changed
+
+    - name: Include service-specific tasks
+      ansible.builtin.include_tasks: "{{ tasks }}.yml"
+      loop: "{{ matrix_extra_tasks }}"
+      loop_control:
+        loop_var: tasks
+
+- name: Put systemd unit in place for {{ matrix_extra }}
+  ansible.builtin.template:
+    src: 'matrix-extra.service'
+    dest: "/etc/systemd/system/{{ matrix_extra }}.service"
+    mode: 0644
+  register: systemd_unit
+
+- name: Enable systemd unit {{ matrix_extra }}
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: "{{ matrix_extra }}.service"
+    enabled: true
+    state: restarted
+  when: systemd_unit.changed

roles/extras/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Install common dependencies for matrix-extras
+  ansible.builtin.apt:
+    name:
+      - libolm-dev
+
+- name: Include general tasks for each extra
+  ansible.builtin.include_tasks: general.yml
+  loop: "{{ matrix_extras }}"
+  loop_control:
+    loop_var: matrix_extra

roles/extras/tasks/maubot.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Create required directories
+  ansible.builtin.file:
+    path: "/opt/maubot/{{ item }}"
+    state: directory
+    mode: 0755
+  loop:
+    - plugins
+    - trash
+    - logs

roles/extras/tasks/mautrix-whatsapp.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Install latest mautrix-whatsapp release from github releases
+  ansible.builtin.get_url:
+    url: 'https://github.com/mautrix/whatsapp/releases/latest/download/mautrix-whatsapp-amd64'
+    dest: "/opt/mautrix-whatsapp/mautrix-whatsapp"
+    mode: '755'
+
+- name: Include appservice tasks
+  ansible.builtin.import_tasks: appservice.yml
+
+- name: Chmod registration file
+  ansible.builtin.file:
+    path: /opt/mautrix-whatsapp/appservice-registration.yaml
+    mode: '0644'

roles/extras/tasks/npm.yml

@@ -0,0 +1,13 @@
+---
+
+- name: Clone git repo for {{ matrix_extra }}
+  ansible.builtin.git:
+    repo: "{{ matrix_extra_git_repo }}"
+    dest: /opt/{{ matrix_extra }}/src
+    force: true
+
+- name: Install {{ matrix_extra }}
+  community.general.npm:
+    path: /opt/{{ matrix_extra }}/src
+  register: install
+  notify: Restart matrix target

roles/extras/tasks/pip.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Install {{ matrix_extra }}
+  ansible.builtin.pip:
+    chdir: '/opt/{{ matrix_extra }}'
+    name: "{{ pip_packages }}"
+    state: latest
+    virtualenv: "/opt/{{ matrix_extra }}"
+    virtualenv_python: '/usr/bin/python3'
+  register: install
+  notify: Restart matrix target

roles/extras/tasks/repo.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Add apt key {{ item.repo }}
+  ansible.builtin.apt_key:
+    id: "{{ matrix_extra_repos[item.repo].key.id }}"
+    url: "{{ matrix_extra_repos[item.repo].key.url }}"
+  when: matrix_extra_repos[item.repo].key is defined
+
+- name: Add repo {{ item.repo }}
+  ansible.builtin.apt_repository:
+    repo: "{{ matrix_extra_repos[item.repo].repo }}"
+    filename: "{{ item.repo }}"
+    mode: '644'
+
+- name: Install dependencies from {{ item.repo }}
+  ansible.builtin.apt:
+    name: "{{ item.packages }}"
+    default_release: "{{ matrix_extra_repos[item.repo].default_release | default(omit) }}"

roles/extras/tasks/signald.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Add user to signald group - {{ matrix_extra }}
+  ansible.builtin.user:
+    name: "{{ matrix_extra }}"
+    groups: signald
+    append: true
+  become_user: root
+
+- name: Set signald directory permissions
+  ansible.builtin.file:
+    path: /var/lib/signald/{{ item }}
+    state: directory
+    owner: signald
+    group: signald
+    mode: 0770
+  loop:
+    - data
+    - attachments
+    - avatars
+  become_user: signald
+
+- name: Copy /etc/default/signald env
+  ansible.builtin.template:
+    src: signald-env
+    dest: /etc/default/signald
+    mode: 0755
+  become_user: root

roles/extras/templates/config/.last-updated

@@ -0,0 +1 @@
+2021-11-20

roles/extras/templates/config/README.md

@@ -0,0 +1,34 @@
+Mautrix bridge config updates last checked on 2022-08-25
+To add a mautrix bridge, create a var file and based on an older one and a new config file like this:
+
+```
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+{{ super() }}
+        additional options for the backfill section, needs to be indentded. Omit super()
+        above if the required options are different from the usual.
+{% endblock %}
+
+{% block bridge %}
+    additional options for the bridge section, needs to be indented
+{% endblock %}
+
+{% block additional %}
+additional sections here
+{% endblock %}
+
+```
+
+Any block can be omitted if not needed
+
+Available blocks in vars:
+```
+mautrix_blocks:
+  - public
+  - provisioning
+  - relay
+  - delivery_error_reports
+  - displayname_template
+  - backfill
+```

roles/extras/templates/config/maubot.yaml.j2

@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+database: postgres://{{ psql_dbs['maubot']['user'] }}:{{ psql_dbs['maubot']['password']|urlencode() }}@localhost/maubot
+server:
+    hostname: localhost
+    public_url: {{ matrix_external_url }}
+
+homeservers:
+    {{ matrix_domain }}:
+        url: http://localhost:8009
+        secret: {{ matrix_registration_shared_secret }}
+
+admins:
+    {{ maubot_admin_user }}: {{ maubot_admin_password }}
+

roles/extras/templates/config/mautrix-bridge.yaml.j2

@@ -0,0 +1,128 @@
+# {{ ansible_managed }}
+
+{% set bridge_service = matrix_extra | replace('mautrix-','') %}
+
+homeserver:
+    address: http://localhost:8009
+    domain: {{ matrix_domain }}
+
+appservice:
+    address: http://localhost:{{ mautrix_port }}
+    hostname: localhost
+    port: {{ mautrix_port }}
+    database: postgres://{{ psql_dbs[matrix_extra]['user'] }}:{{ psql_dbs[matrix_extra]['password']|urlencode() }}@localhost/{{ matrix_extra }}
+
+{% if 'public' in mautrix_blocks %}
+    public:
+        enabled: true
+        prefix: /{{ bridge_service }}
+        external: {{ matrix_external_url }}/{{ bridge_service }}
+{% if not 'provisioning' in mautrix_blocks %}
+        shared_secret: null
+{% endif %}
+{% endif %}
+
+{% if 'provisioning' in mautrix_blocks %}
+    provisioning:
+        enabled: false
+        shared_secret: null
+{% endif %}
+
+    bot_displayname: {{ bridge_service | capitalize }} {{ matrix_bridge_name_suffix }}
+
+    ephemeral_events: {{ matrix_bridge_ephemeral_events }}
+
+# FIXME Prometheus telemetry config. Requires prometheus-client to be installed.
+metrics:
+    enabled: false
+    listen_port: 8000
+
+bridge:
+{% if 'displayname_template' in mautrix_blocks %}
+    displayname_template: '{displayname}'
+{% endif %}
+
+    sync_with_custom_puppets: {{ not matrix_bridge_ephemeral_events }}
+    sync_direct_chat_list: true
+    
+    double_puppet_server_map:
+        {{ matrix_domain }}: {{ matrix_external_url }}
+    double_puppet_allow_discovery: true
+# FIXME Support other_homeservers
+    login_shared_secret_map:
+        {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}"
+{% if matrix_extra_other_homeserver_shared_secret_auth is defined %}
+{% for item in matrix_extra_other_homeserver_shared_secret_auth | dict2items %}
+        {{ item.key }}: "{{ item.value }}"
+{% endfor %}
+{% endif %}
+
+    encryption:
+        allow: true
+        default: {{ mautrix_default_encrypt }}
+
+    delivery_receipts: true
+{% if 'delivery_error_reports' in mautrix_blocks %}
+    delivery_error_reports: true
+{% endif %}
+
+{% if 'backfill' in mautrix_blocks %}
+    backfill:
+{% block backfill %}
+        invite_own_puppet: true
+        initial_limit: 1000
+        missed_limit: 5000
+{% endblock backfill %}
+{% endif %}
+
+    permissions:
+        '*': {{ mautrix_permissions.relay }}
+        {{ matrix_domain }}: {{ mautrix_permissions.user }}
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+        {{ item }}: {{ mautrix_permissions.user }}
+{% endfor %}
+{% endif %}
+{% if matrix_bridge_admins is defined %}
+{% for item in matrix_bridge_admins %}
+        '{{ item }}': {{ mautrix_permissions.admin }}
+{% endfor %}
+{% endif %}
+
+{% if 'relay' in mautrix_blocks %}
+    relay:
+        enabled: true
+{% endif %}
+
+{% block bridge %}{% endblock %}
+
+{% block additional %}{% endblock %}
+
+logging:
+    version: 1
+    formatters:
+        colored:
+            (): {{ matrix_extra | replace('-','_') }}.util.ColorFormatter
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+        normal:
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+    handlers:
+        file:
+            class: logging.handlers.RotatingFileHandler
+            formatter: normal
+            filename: ./{{ matrix_extra }}.log
+            maxBytes: 10485760
+            backupCount: 10
+        console:
+            class: logging.StreamHandler
+            formatter: colored
+    
+    loggers:
+{% for logger in mautrix_loggers %}
+        {{ logger }}:
+            level: INFO
+{% endfor %}
+    root:
+        level: INFO
+        handlers: [file,console]
+

roles/extras/templates/config/mautrix-facebook.yaml.j2

@@ -0,0 +1,9 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block bridge %}
+    periodic_reconnect:
+        interval: 86400
+    temporary_disconnect_notices: false
+    refresh_on_reconnection_fail: true
+{% endblock %}
+

roles/extras/templates/config/mautrix-googlechat.yaml.j2

@@ -0,0 +1,12 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+        invite_own_puppet: true
+        initial_thread_limit: 100
+        initial_nonthread_limit: 1000
+{% endblock %}
+
+{% block bridge %}
+    initial_chat_sync: 100
+{% endblock %}
+

roles/extras/templates/config/mautrix-instagram.yaml.j2

@@ -0,0 +1,13 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block bridge %}
+    periodic_reconnect:
+        interval: 86400
+    private_chat_name_template: '{displayname} (Instagram)'
+    unimportant_bridge_notices: false
+{% endblock %}
+
+{% block additional %}
+instagram:
+    device_seed: {{ matrix_instagram_device_seed }}
+{% endblock %}

roles/extras/templates/config/mautrix-signal.yaml.j2

@@ -0,0 +1,17 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+{{ super() }}
+{% endblock %}
+
+{% block bridge %}
+    public_portals: true
+    relaybot: '@realaybot:{{ matrix_domain }}'
+{% endblock %}
+
+{% block additional %}
+signal:
+    avatar_dir: /var/lib/signald/data
+    data_dir: /var/lib/signald/data
+    delete_unknown_accounts_on_start: true
+{% endblock %}

roles/extras/templates/config/mautrix-telegram.yaml.j2

@@ -0,0 +1,31 @@
+{% extends 'mautrix-bridge.yaml.j2' %}
+
+{% block backfill %}
+{{ super() }}
+        normal_groups: true
+{% endblock %}
+
+{% block bridge %}
+    invite_link_resolve: true
+    max_document_size: {{ matrix_max_upload_size_mb }}
+
+    bridge_notices:
+        default: true
+ 
+    relay_user_distinguishers: []
+ 
+    state_event_formats:
+        join: ''
+        leave: ''
+
+    sync_channel_members: true
+    public_portals: true
+
+{% endblock %}
+
+{% block additional %}
+telegram:
+    api_id: {{ matrix_telegram_api_id }}
+    api_hash: {{ matrix_telegram_api_hash }}
+    bot_token: {{ matrix_telegram_bot_token }}
+{% endblock %}

roles/extras/templates/config/mautrix-whatsapp.yaml.j2

@@ -0,0 +1,83 @@
+# {{ ansible_managed }}
+
+homeserver:
+    address: http://localhost:8009
+    domain: {{ matrix_domain }}
+
+appservice:
+    address: http://localhost:29318
+    hostname: localhost
+    port: 29318
+
+    database:
+        type: postgres
+        uri: postgres://{{ psql_dbs['mautrix-whatsapp']['user'] }}:{{ psql_dbs['mautrix-whatsapp']['password']|urlencode() }}@localhost/mautrix-whatsapp
+
+    id: whatsapp
+
+    bot:
+        username: whatsappbot
+        displayname: WhatsApp {{ matrix_bridge_name_suffix }}
+
+    ephemeral_events: {{ matrix_bridge_ephemeral_events }}
+
+whatsapp:
+    os_name: {{ mautrix_whatsapp_web_name }}
+
+bridge:
+    username_template: whatsapp_{{ '{{.}}' }}
+    personal_filtering_spaces: true
+    delivery_receipts: true
+    # Should polls be sent using MSC3381 event types?
+    extev_polls: true
+    
+
+    history_sync:
+        backfill: true
+        request_full_sync: true
+
+    sync_with_custom_puppets: {{ not matrix_bridge_ephemeral_events }}
+    sync_direct_chat_list: true
+
+    double_puppet_server_map:
+        {{ matrix_domain }}: {{ matrix_external_url }}
+    double_puppet_allow_discovery: true
+# FIXME Support other_homeservers
+
+    login_shared_secret_map:
+        {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}"
+# FIXME support other servers
+{% if matrix_extra_other_homeserver_shared_secret_auth is defined %}
+{% for item in matrix_extra_other_homeserver_shared_secret_auth | dict2items %}
+        {{ item.key }}: "{{ item.value }}"
+{% endfor %}
+{% endif %}
+
+    allow_user_invite: true
+    url_previews: true
+
+    encryption:
+        allow: true
+        default: false
+
+    provisioning:
+        prefix: /_matrix/provision
+        shared_secret: disable
+
+    permissions:
+        "*": relay
+        "{{ matrix_domain }}": user
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+        "{{ item }}": user
+{% endfor %}
+{% endif %}
+{% if matrix_bridge_admins is defined %}
+{% for item in matrix_bridge_admins %}
+        "{{ item }}": admin
+{% endfor %}
+{% endif %}
+
+    relay:
+        enabled: true
+

roles/extras/templates/config/mx-puppet-discord.yaml.j2

@@ -0,0 +1,91 @@
+# {{ ansible_managed }}
+bridge:
+  port: 8434
+  bindAddress: localhost
+
+  domain: {{ matrix_domain }}
+  homeserverUrl: http://localhost:8009
+
+  mediaUrl: {{ matrix_external_url }}
+
+# FIXME Support other_homeservers
+  loginSharedSecretMap:
+    {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}"
+
+  displayname: Discord {{ matrix_bridge_name_suffix }}
+  avatarUrl: {{ discord_avatar_url }}
+
+  enableGroupSync: true
+
+presence:
+  enabled: {{ synapse_presence }}
+  interval: 500
+
+provisioning:
+  whitelist:
+    - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}"
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+    - "@.*:{{ item | replace(".", "\\\\.") }}"
+{% endfor %}
+{% endif %}
+
+  #blacklist:
+
+relay:
+  whitelist:
+    - ".*"
+
+  #blacklist:
+
+selfService:
+  whitelist:
+    - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}"
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+    - "@.*:{{ item | replace(".", "\\\\.") }}"
+{% endfor %}
+{% endif %}
+
+  #blacklist:
+    #- "@user:server\\.com"
+
+# Map of homeserver URLs to their C-S API endpoint
+#
+# Useful for double-puppeting if .well-known is unavailable for some reason
+homeserverUrlMap:
+  {{ matrix_domain }}: http://localhost:8009
+
+namePatterns:
+  user: :name
+  userOverride: :displayname
+  room: :name
+  group: :name
+
+database:
+  connString: "postgres://{{ psql_dbs['mx-puppet-discord']['user'] }}:{{ psql_dbs['mx-puppet-discord']['password']|urlencode() }}@localhost/mx-puppet-discord"
+
+#FIXME: do metrics
+metrics:
+  # If enabled, the metrics are served at http://localhost:$port$path
+  enabled: false
+  # On which port the prometheus metrics will be served
+  port: 8000
+  # Path on which the metrics are available, the default is /metrics
+  path: "/metrics"
+
+limits:
+  maxAutojoinUsers: 2000
+  roomUserAutojoinDelay: 500
+
+logging:
+  # silly, verbose, info, warn, error
+  console: info
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+
+  files:
+    - file: "bridge.log"
+      level: warn
+      datePattern: YYYY-MM-DD
+      maxFiles: 30d
+      maxSize: 50m

roles/extras/templates/config/mx-puppet-slack.yaml.j2

@@ -0,0 +1,84 @@
+# {{ ansible_managed }}
+bridge:
+  port: 8432
+  bindAddress: localhost
+
+  domain: {{ matrix_domain }}
+  homeserverUrl: http://localhost:8009
+
+# FIXME Support other_homeservers
+  loginSharedSecretMap: 
+    {{ matrix_domain }}: "{{ synapse_shared_secret_auth }}" 
+
+  displayname: Slack {{ matrix_bridge_name_suffix }}
+  avatarUrl: {{ slack_avatar_url }}
+
+  enableGroupSync: true
+
+# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
+oauth:
+  enabled: true
+  # Slack app credentials.
+  # N.B. This must be quoted so YAML wouldn't parse it as a float.
+  clientId: "{{ matrix_slack_oauth_client_id }}"
+  clientSecret: {{ matrix_slack_oauth_client_secret }}
+  redirectPath: {{ nginx_upstreams.mx_puppet_slack.locations[0].name }}/oauth
+  redirectUri: {{ matrix_external_url }}{{ nginx_upstreams.mx_puppet_slack.locations[0].name }}/oauth
+
+presence:
+  enabled: {{ synapse_presence }}
+  interval: 500
+
+provisioning:
+  whitelist:
+    - "@.*:{{ matrix_domain | replace(".", "\\\\.") }}"
+{% if matrix_bridge_other_homeservers is defined %}
+{% for item in matrix_bridge_other_homeservers %}
+    - "@.*:{{ item | replace(".", "\\\\.") }}"
+{% endfor %}
+{% endif %}
+
+  #blacklist:
+
+  # Shared secret for the provisioning API for use by integration managers.
+  # If this is not set, the provisioning API will not be enabled.
+  #sharedSecret: random string
+  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
+  apiPrefix: /_matrix/provision
+
+relay:
+  whitelist:
+    - ".*"
+
+  #blacklist:
+
+homeserverUrlMap:
+  {{ matrix_domain }}: http://localhost:8009
+
+database:
+  connString: "postgres://{{ psql_dbs['mx-puppet-slack']['user'] }}:{{ psql_dbs['mx-puppet-slack']['password']|urlencode() }}@localhost/mx-puppet-slack"
+
+namePatterns:
+  user: :name
+  room: :name
+  group: :name
+
+#FIXME: do metrics
+metrics:
+  # If enabled, the metrics are served at http://localhost:$port$path
+  enabled: false
+  # On which port the prometheus metrics will be served
+  port: 8000
+  # Path on which the metrics are available, the default is /metrics
+  path: "/metrics"
+
+logging:
+  # silly, verbose, info, warn, error
+  console: info
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+  files:
+    - file: "bridge.log"
+      level: info
+      datePattern: YYYY-MM-DD
+      maxFiles: 14d
+      maxSize: 50m

roles/extras/templates/matrix-extra.service

@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description={{ matrix_extra }}
+After=matrix-synapse.service
+PartOf=matrix.target
+
+[Service]
+Type=simple
+User={{ matrix_extra }}
+WorkingDirectory={{ matrix_extra_workdir }}
+{% if matrix_extra_wait_before_start %}
+ExecStartPre=/bin/sleep 30
+{% endif %}
+ExecStart={{ exec }}
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=matrix.target

roles/extras/templates/signald-env

@@ -0,0 +1,3 @@
+SIGNALD_TRUST_ALL_KEYS=true
+SIGNALD_TRUST_NEW_KEYS=true
+SIGNALD_DATABASE=postgresql://{{ psql_dbs['signald']['user'] }}:{{ psql_dbs['signald']['password']|urlencode() }}@localhost/signald

roles/extras/vars/defaults.yml

@@ -0,0 +1,11 @@
+---
+
+matrix_extra_wait_before_start: false
+matrix_extra_workdir: /opt/{{ matrix_extra }}
+
+mautrix_permissions:
+  relay: relay
+  user: user
+  admin: admin
+mautrix_blocks: []
+mautrix_default_encrypt: false

roles/extras/vars/maubot.yml

@@ -0,0 +1,15 @@
+---
+
+depends: "{{ python_depends }}"
+
+matrix_extra_tasks:
+  - pip
+  - maubot
+
+pip_packages:
+  - maubot
+  - psycopg2
+
+exec: '{{ matrix_extra_workdir }}/bin/python3 -m maubot -c {{ matrix_extra_workdir }}/config.yaml'
+
+matrix_extra_wait_before_start: true

roles/extras/vars/mautrix-facebook.yml

@@ -0,0 +1,30 @@
+---
+
+depends: "{{ python_depends }}"
+
+matrix_extra_tasks:
+  - pip
+  - appservice
+
+pip_packages:
+  - 'mautrix-facebook[all]'
+
+registrationgen_exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_facebook
+  -g
+  -r '{{ matrix_extra_workdir }}/appservice-registration.yaml'
+  -c '{{ matrix_extra_workdir }}/config.yaml'
+exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_facebook
+  -c {{ matrix_extra_workdir }}/config.yaml
+
+
+mautrix_port: 29319
+mautrix_loggers:
+  - mau
+  - paho
+  - aiohttp
+mautrix_blocks:
+  - public
+  - backfill
+  - displayname_template

roles/extras/vars/mautrix-googlechat.yml

@@ -0,0 +1,29 @@
+---
+
+depends: "{{ python_depends }}"
+
+matrix_extra_tasks:
+  - pip
+  - appservice
+
+pip_packages:
+  - 'mautrix-googlechat[all]'
+
+registrationgen_exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_googlechat
+  -g
+  -r '{{ matrix_extra_workdir }}/appservice-registration.yaml'
+  -c '{{ matrix_extra_workdir }}/config.yaml'
+exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_googlechat
+  -c {{ matrix_extra_workdir }}/config.yaml
+
+mautrix_port: 29320
+mautrix_loggers:
+  - mau
+  - maugclib
+  - aiohttp
+  - backfill
+
+mautrix_block:
+  - provisioning

roles/extras/vars/mautrix-instagram.yml

@@ -0,0 +1,30 @@
+---
+
+depends: "{{ python_depends }}"
+
+matrix_extra_tasks:
+  - pip
+  - appservice
+
+pip_packages:
+  - 'git+https://github.com/mautrix/instagram.git#egg=mautrix-instagram[all]'
+
+registrationgen_exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_instagram
+  -g
+  -r '{{ matrix_extra_workdir }}/appservice-registration.yaml'
+  -c '{{ matrix_extra_workdir }}/config.yaml'
+exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_instagram
+  -c {{ matrix_extra_workdir }}/config.yaml
+
+mautrix_port: 29330
+mautrix_loggers:
+  - mau
+  - mauigpapi
+  - aiohttp
+  - paho.mqtt
+mautrix_blocks:
+  - relay
+  - delivery_error_reports
+  - backfill

roles/extras/vars/mautrix-signal.yml

@@ -0,0 +1,34 @@
+---
+
+depends: "{{ python_depends }}"
+repo_depends:
+  - repo: signald
+    packages:
+      - signald
+
+matrix_extra_tasks:
+  - signald
+  - pip
+  - appservice
+
+pip_packages:
+  - 'mautrix-signal[all]'
+
+registrationgen_exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_signal
+  -g
+  -r '{{ matrix_extra_workdir }}/appservice-registration.yaml'
+  -c '{{ matrix_extra_workdir }}/config.yaml'
+exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_signal
+  -c {{ matrix_extra_workdir }}/config.yaml
+
+mautrix_port: 29328
+mautrix_loggers:
+  - mau
+  - aiohttp
+mautrix_blocks:
+  - relay
+  - delivery_error_reports
+  - displayname_template
+mautrix_default_encrypt: true

roles/extras/vars/mautrix-telegram.yml

@@ -0,0 +1,35 @@
+---
+
+depends: "{{ python_depends }}"
+
+matrix_extra_tasks:
+  - pip
+  - appservice
+
+pip_packages:
+  - 'mautrix-telegram[all]'
+
+registrationgen_exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_telegram
+  -g
+  -r '{{ matrix_extra_workdir }}/appservice-registration.yaml'
+  -c '{{ matrix_extra_workdir }}/config.yaml'
+exec: >
+  {{ matrix_extra_workdir }}/bin/python -m mautrix_telegram
+  -c {{ matrix_extra_workdir }}/config.yaml
+
+mautrix_port: 29317
+mautrix_loggers:
+  - mau
+  - telethon
+  - aiohttp
+mautrix_blocks:
+  - public
+  - provisioning
+  - delivery_error_reports
+  - displayname_template
+  - backfill
+mautrix_permissions:
+  relay: relaybot
+  user: full
+  admin: admin

roles/extras/vars/mautrix-whatsapp.yml

@@ -0,0 +1,16 @@
+---
+
+depends:
+  - ffmpeg
+
+matrix_extra_tasks:
+  - mautrix-whatsapp
+
+registrationgen_exec: >
+  {{ matrix_extra_workdir }}/mautrix-whatsapp
+  -g
+  -r '{{ matrix_extra_workdir }}/appservice-registration.yaml'
+  -c '{{ matrix_extra_workdir }}/config.yaml'
+exec: >
+  {{ matrix_extra_workdir }}/mautrix-whatsapp
+  -c {{ matrix_extra_workdir }}/config.yaml

roles/extras/vars/mx-puppet-discord.yml

@@ -0,0 +1,17 @@
+---
+
+depends:
+  - git
+  - nodejs
+  - npm
+  - yarnpkg
+
+matrix_extra_tasks:
+  - npm
+  - appservice
+
+matrix_extra_git_repo: 'https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git'
+matrix_extra_workdir: /opt/{{ matrix_extra }}/src
+
+registrationgen_exec: "npm run start -- -r -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'"
+exec: "npm run start -- -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'"

roles/extras/vars/mx-puppet-slack.yml

@@ -0,0 +1,17 @@
+---
+
+depends:
+  - git
+  - nodejs
+  - npm
+  - yarnpkg
+
+matrix_extra_tasks:
+  - npm
+  - appservice
+
+matrix_extra_git_repo: 'https://github.com/Sorunome/mx-puppet-slack.git'
+matrix_extra_workdir: /opt/{{ matrix_extra }}/src
+
+registrationgen_exec: "npm run start -- -r -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'"
+exec: "npm run start -- -f '/opt/{{ matrix_extra }}/appservice-registration.yaml' -c '/opt/{{ matrix_extra }}/config.yaml'"