matrix-docker-ansible-deploy/group_vars/matrix_servers

4736 lines
244 KiB
Plaintext
Raw Normal View History

---
# This variables file wires together the various components (roles) used by the playbook.
#
# Roles used by playbook are pretty minimal and kept independent of one another as much as possible.
# To deliver a turnkey fully-featured Matrix server, this playbook needs
# to connect them all together. It does so by overriding role variables.
#
# You can also override ANY variable (seen here or in any given role),
# by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).
########################################################################
# #
# Playbook #
# #
########################################################################
# Controls whether to install Docker or not
# Also see `devture_docker_sdk_for_python_installation_enabled`.
matrix_playbook_docker_installation_enabled: true
# Controls whether to attach Traefik labels to services.
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
# yet still use Traefik installed in another way.
matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
# Controls the additional network that reverse-proxyable services will be connected to.
matrix_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"
matrix_playbook_ssl_retrieval_method: "{{ 'lets-encrypt' if devture_traefik_certs_dumper_enabled else matrix_ssl_retrieval_method }}"
matrix_playbook_ssl_enabled: "{{ matrix_playbook_ssl_retrieval_method in ['lets-encrypt', 'self-signed', 'manually-managed'] }}"
########################################################################
# #
# /Playbook #
# #
########################################################################
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_default_owner: "{{ matrix_user_username }}"
aux_directory_default_group: "{{ matrix_user_groupname }}"
aux_file_default_owner: "{{ matrix_user_username }}"
aux_file_default_group: "{{ matrix_user_groupname }}"
########################################################################
# #
# /aux #
# #
########################################################################
########################################################################
# #
# base #
# #
########################################################################
2022-11-23 18:18:35 +08:00
matrix_homeserver_container_extra_arguments_auto: |
{{
(['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
+
(['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
+
(['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+
2023-01-03 09:07:04 +08:00
(['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
+
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
(['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/androidsms-registration.yaml,dst=/matrix-mautrix-androidsms-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/imessage-registration.yaml,dst=/matrix-mautrix-imessage-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
+
(['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
}}
2022-11-23 18:18:35 +08:00
matrix_homeserver_app_service_config_files_auto: |
{{
(['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
+
(['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
+
(['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
+
(['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
+
(['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
+
(['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
+
(['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
+
(['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
+
(['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
+
(['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+
2023-01-03 09:07:04 +08:00
(['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else [])
+
(['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
+
(['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
+
(['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else [])
+
(['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
+
(['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
+
(['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
+
(['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
+
(['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else [])
+
(['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
+
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
(['/matrix-mautrix-androidsms-registration.yaml'] if matrix_mautrix_wsproxy_enabled else [])
+
(['/matrix-mautrix-imessage-registration.yaml'] if matrix_mautrix_wsproxy_enabled else [])
+
(['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
+
(['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
+
(['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
+
(['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
+
(['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
+
(['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
+
(['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+
(['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
}}
matrix_addons_homeserver_container_network: "{{ matrix_homeserver_proxy_container_network if matrix_homeserver_proxy_enabled else matrix_homeserver_container_network }}"
matrix_addons_homeserver_client_api_url: "{{ matrix_homeserver_proxy_client_api_url if matrix_homeserver_proxy_enabled else matrix_homeserver_container_url }}"
matrix_addons_homeserver_systemd_services_list: "{{ ([matrix_homeserver_proxy_ident + '.service']) if matrix_homeserver_proxy_enabled else matrix_homeserver_systemd_services_list }}"
# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features.
matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit'] else '') }}"
########################################################################
# #
# /base #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
# This list is not exhaustive and final.
# Synapse workers are still injected into the list at runtime.
# Additional JVB workers (jitsi_jvb.yml -- roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
#
# Priority levels are like this:
# - core services (the homeserver) get a level of ~1000
# - services that core services depend on (database, Redis, ntfy, etc.) get a lower level - between 500 and 1000
# - reverse-proxying services get level 3000
# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
# - they can start before the reverse-proxy
# - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
# - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix
# - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
#
# `matrix-bot-postmoogle.service` has a higher priority number (4000), unlike other bots' priority (2200),
# because it requires SSL certificates. If Traefik is used, then Postmoogle needs to start at least after Traefik (3500) and Traefik certs dumper (3500).
devture_systemd_service_manager_services_list_auto: |
{{
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
+
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron', 'bot-buscarron']}] if matrix_bot_buscarron_enabled else [])
+
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb']}] if matrix_bot_go_neb_enabled else [])
+
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit', 'bot-honoroit']}] if matrix_bot_honoroit_enabled else [])
+
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot', 'bot-matrix-registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
+
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot', 'bot-matrix-reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
+
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot', 'bot-maubot']}] if matrix_bot_maubot_enabled else [])
+
([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir', 'bot-mjolnir']}] if matrix_bot_mjolnir_enabled else [])
+
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else [])
+
([{'name': 'matrix-bot-postmoogle.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'postmoogle', 'bot-postmoogle']}] if matrix_bot_postmoogle_enabled else [])
+
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node']}] if matrix_appservice_kakaotalk_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-appservice-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-slack']}] if matrix_appservice_slack_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-webhooks']}] if matrix_appservice_webhooks_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else [])
+
([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot']}] if matrix_hookshot_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else [])
+
2023-01-03 09:07:04 +08:00
([{'name': 'matrix-mautrix-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-slack']}] if matrix_mautrix_slack_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-hangouts']}] if matrix_mautrix_hangouts_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else [])
+
([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
2023-12-15 01:20:02 +08:00
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
+
([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
+
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
([{'name': 'matrix-mautrix-wsproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy']}] if matrix_mautrix_wsproxy_enabled else [])
+
([{'name': 'matrix-mautrix-wsproxy-syncproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy-syncproxy']}] if matrix_mautrix_wsproxy_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-instagram']}] if matrix_mx_puppet_instagram_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-slack']}] if matrix_mx_puppet_slack_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-steam']}] if matrix_mx_puppet_steam_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-twitter']}] if matrix_mx_puppet_twitter_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
+
([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny', 'client-cinny']}] if matrix_client_cinny_enabled else [])
+
([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element', 'client-element']}] if matrix_client_element_enabled else [])
+
([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else [])
+
2023-08-31 00:23:52 +08:00
([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else [])
+
([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
+
2023-02-21 05:34:16 +08:00
([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
+
([{'name': 'matrix-dimension.service', 'priority': 4000, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-dynamic-dns.service', 'priority': 5000, 'groups': ['matrix', 'dynamic-dns']}] if matrix_dynamic_dns_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-email2matrix.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'email2matrix']}] if matrix_email2matrix_enabled else [])
+
([{'name': (etherpad_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if etherpad_enabled else [])
+
([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
+
2023-04-03 13:53:46 +08:00
([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if jitsi_enabled else [])
+
2023-04-03 13:53:46 +08:00
([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else [])
+
2023-04-03 13:53:46 +08:00
([{'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if jitsi_enabled else [])
+
2023-04-03 13:53:46 +08:00
([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else [])
+
([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else [])
2023-07-12 14:09:27 +08:00
+
([{'name': (exim_relay_identifier ~ '.service'), 'priority': 2000, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else [])
+
([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'nginx-proxy', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else [])
+
(matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable') | list )
+
([{'name': (matrix_homeserver_proxy_ident + '.service'), 'priority': 3000, 'groups': ['matrix', 'reverse-proxies']}] if matrix_homeserver_proxy_enabled else [])
+
([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else [])
+
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else [])
+
([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
+
([{'name': (prometheus_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus']}] if prometheus_enabled else [])
+
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
+
([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-postgres-exporter']}] if prometheus_postgres_exporter_enabled else [])
+
([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-nginxlog-exporter']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
+
2023-02-17 22:23:59 +08:00
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration']}] if matrix_registration_enabled else [])
+
([{'name': 'matrix-sliding-sync.service', 'priority': 4000, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000, 'groups': ['matrix']}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+
([{'name': 'matrix-synapse-auto-compressor.timer', 'priority': 5000, 'groups': ['matrix', 'synapse-auto-compressor']}] if matrix_synapse_auto_compressor_enabled else [])
+
2022-11-23 17:45:25 +08:00
([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
+
([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'synapse-reverse-proxy-companion', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
+
([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
2023-02-10 20:37:08 +08:00
+
([{'name': (matrix_static_files_ident + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-static-files']}] if matrix_static_files_enabled else [])
+
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
+
([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
+
([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.timesync #
# #
########################################################################
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
########################################################################
# #
# /com.devture.ansible.role.timesync #
# #
########################################################################
######################################################################
#
# com.devture.ansible.role.playbook_state_preserver
#
######################################################################
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}"
devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml"
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml"
######################################################################
#
# /com.devture.ansible.role.playbook_state_preserver
#
######################################################################
######################################################################
#
# matrix-base
#
######################################################################
2020-08-17 22:02:40 +08:00
matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
matrix_homeserver_systemd_services_list: |-
{{
(
([('matrix-' + matrix_homeserver_implementation + '.service')] if matrix_homeserver_implementation != 'synapse' else [])
+
([('matrix-' + matrix_homeserver_implementation + '.service')] if matrix_homeserver_implementation == 'synapse' and not matrix_synapse_reverse_proxy_companion_enabled else [])
+
(['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
) | unique
}}
matrix_homeserver_container_client_api_endpoint: |-
{{
{
'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:'+ matrix_synapse_container_client_api_port|string),
'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
'conduit': ('matrix-conduit:' + matrix_conduit_port_number|string),
}[matrix_homeserver_implementation]
}}
matrix_homeserver_container_federation_api_endpoint: |-
{{
{
'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string),
'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
'conduit': ('matrix-conduit:' + matrix_conduit_port_number|string),
}[matrix_homeserver_implementation]
}}
matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"
######################################################################
#
# /matrix-base
#
######################################################################
######################################################################
#
# matrix-bridge-appservice-discord
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_discord_enabled: false
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-appservice-discord's client-server port to the local host.
matrix_appservice_discord_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9005') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
# If the homeserver disables presence, it's likely better (less wasteful) to also disable presence on the bridge side.
2021-04-22 19:22:07 +08:00
matrix_appservice_discord_bridge_disablePresence: "{{ not matrix_synapse_presence_enabled }}"
matrix_appservice_discord_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}"
# We only make this use Postgres if our own Postgres server is enabled.
# It's only then (for now) that we can automatically create the necessary database and user for this service.
matrix_appservice_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_appservice_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-appservice-discord
#
######################################################################
2020-01-10 00:00:03 +08:00
######################################################################
#
# matrix-appservice-webhooks
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_webhooks_enabled: false
matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-01-10 00:00:03 +08:00
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-appservice-webhooks' client-server port to the local host.
matrix_appservice_webhooks_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_webhooks_matrix_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-01-10 00:00:03 +08:00
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}"
2020-01-10 00:00:03 +08:00
matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}"
2020-01-10 00:00:03 +08:00
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}"
2020-01-10 00:00:03 +08:00
matrix_appservice_webhooks_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-01-10 00:00:03 +08:00
}}
######################################################################
#
# /matrix-appservice-webhooks
#
######################################################################
2019-06-10 22:52:48 +08:00
######################################################################
#
# matrix-appservice-slack
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_slack_enabled: false
matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2021-01-14 08:29:11 +08:00
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-slack over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-appservice-slack's client-server port to the local host.
matrix_appservice_slack_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_slack_slack_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}"
2019-06-10 22:52:48 +08:00
matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}"
2019-06-10 22:52:48 +08:00
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}"
2019-06-10 22:52:48 +08:00
matrix_appservice_slack_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2019-06-10 22:52:48 +08:00
}}
# Postgres is the default, except if not using internal Postgres server
matrix_appservice_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
matrix_appservice_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
2019-06-10 22:52:48 +08:00
######################################################################
#
# /matrix-bridge-appservice-slack
#
######################################################################
######################################################################
#
# matrix-bridge-appservice-irc
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_irc_enabled: false
matrix_appservice_irc_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2021-01-23 04:28:53 +08:00
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-appservice-irc's client-server port to the local host.
matrix_appservice_irc_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9999') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
# The IRC bridge docs say that if homeserver presence is disabled, it's better to also disable
# IRC bridge presence, for performance reasons.
2021-04-22 19:22:07 +08:00
matrix_appservice_irc_homeserver_enablePresence: "{{ matrix_synapse_presence_enabled }}"
matrix_appservice_irc_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
matrix_appservice_irc_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
matrix_appservice_irc_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-appservice-irc
#
######################################################################
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
######################################################################
#
# matrix-bridge-appservice-kakaotalk
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_kakaotalk_enabled: false
matrix_appservice_kakaotalk_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-appservice-kakaotalk-node.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
}}
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_appservice_kakaotalk_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
######################################################################
#
# /matrix-bridge-appservice-kakaotalk
#
######################################################################
2021-08-21 23:32:45 +08:00
######################################################################
#
2021-08-23 20:02:28 +08:00
# matrix-bridge-beeper-linkedin
2021-08-21 23:32:45 +08:00
#
######################################################################
# We don't enable bridges by default.
matrix_beeper_linkedin_enabled: false
matrix_beeper_linkedin_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2021-08-21 23:32:45 +08:00
matrix_beeper_linkedin_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
2021-08-21 23:32:45 +08:00
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2021-08-21 23:32:45 +08:00
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}"
2021-08-21 23:32:45 +08:00
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
2021-08-21 23:32:45 +08:00
matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-02-09 15:52:53 +08:00
matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
2021-08-21 23:32:45 +08:00
matrix_beeper_linkedin_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"
2021-08-21 23:32:45 +08:00
2021-08-23 20:02:28 +08:00
######################################################################
#
# /matrix-bridge-beeper-linkedin
#
######################################################################
2021-08-21 23:32:45 +08:00
######################################################################
#
# matrix-bridge-go-skype-bridge
#
######################################################################
# We don't enable bridges by default.
matrix_go_skype_bridge_enabled: false
matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_go_skype_bridge_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"
matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_go_skype_bridge_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-go-skype-bridge
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_discord_enabled: false
matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_discord_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_discord_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname else [])
) | unique
}}
matrix_mautrix_discord_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-discord
#
######################################################################
2023-01-03 09:07:04 +08:00
######################################################################
#
# matrix-bridge-mautrix-slack
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_slack_enabled: false
matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_slack_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.as.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-slack
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-facebook
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_facebook_enabled: false
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_facebook_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_facebook_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_facebook_container_labels_traefik_enabled else [])
) | unique
}}
matrix_mautrix_facebook_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname else [])
}}
matrix_mautrix_facebook_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_facebook_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}"
2019-06-15 14:42:40 +08:00
matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
2019-06-15 14:42:40 +08:00
matrix_mautrix_facebook_appservice_public_enabled: true
matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
matrix_mautrix_facebook_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9008') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-02-09 15:52:53 +08:00
matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
matrix_mautrix_facebook_metrics_enabled: "{{ prometheus_enabled }}"
matrix_mautrix_facebook_metrics_proxying_enabled: "{{ matrix_mautrix_facebook_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_facebook_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_facebook_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-facebook"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_facebook_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-facebook
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-googlechat
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_googlechat_enabled: false
matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_googlechat_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_googlechat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9007') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_googlechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-googlechat
#
######################################################################
2021-10-12 19:45:04 +08:00
######################################################################
#
# matrix-bridge-mautrix-hangouts
2021-10-12 19:45:04 +08:00
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_hangouts_enabled: false
2021-10-12 19:45:04 +08:00
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2021-10-12 19:45:04 +08:00
matrix_mautrix_hangouts_systemd_required_services_list: |
2021-10-12 19:45:04 +08:00
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
2021-10-12 19:45:04 +08:00
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2021-10-12 19:45:04 +08:00
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
2021-10-12 19:45:04 +08:00
matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
2021-10-12 19:45:04 +08:00
matrix_mautrix_hangouts_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9007') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2021-10-12 19:45:04 +08:00
matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2021-10-12 19:45:04 +08:00
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_hangouts_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
2021-10-12 19:45:04 +08:00
######################################################################
#
# /matrix-bridge-mautrix-hangouts
2021-10-12 19:45:04 +08:00
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_instagram_enabled: false
matrix_mautrix_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_instagram_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_instagram_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_instagram_container_labels_traefik_enabled else [])
) | unique
}}
matrix_mautrix_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_mautrix_instagram_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname else [])
}}
matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-02-09 15:52:53 +08:00
matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
matrix_mautrix_instagram_metrics_enabled: "{{ prometheus_enabled }}"
matrix_mautrix_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_instagram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-instagram"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-instagram
#
######################################################################
2020-10-24 18:15:03 +08:00
######################################################################
#
# matrix-bridge-mautrix-signal
#
######################################################################
# We don't enable bridges by default.
2020-10-24 18:15:03 +08:00
matrix_mautrix_signal_enabled: false
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2020-10-24 18:15:03 +08:00
matrix_mautrix_signal_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-10-24 18:15:03 +08:00
}}
2023-12-18 23:51:13 +08:00
matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
2020-10-24 18:15:03 +08:00
2023-12-18 23:51:13 +08:00
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
2020-10-24 18:15:03 +08:00
2023-12-18 23:51:13 +08:00
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
2020-10-26 03:46:57 +08:00
2020-10-24 18:15:03 +08:00
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled }}"
# TODO - add support for exposing metrics
matrix_mautrix_signal_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
2020-10-24 18:15:03 +08:00
######################################################################
#
# /matrix-bridge-mautrix-signal
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-telegram
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_telegram_enabled: false
# Images are multi-arch (amd64 and arm64, but not arm32).
matrix_mautrix_telegram_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_telegram_lottieconverter_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_telegram_lottieconverter_container_image_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"
2021-01-13 23:51:45 +08:00
matrix_mautrix_telegram_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9006') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_telegram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-telegram
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_twitter_enabled: false
matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_twitter_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if devture_postgres_enabled else '' }}"
######################################################################
#
# /matrix-bridge-mautrix-twitter
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-gmessages
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_gmessages_enabled: false
matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_gmessages_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
2023-07-21 21:49:52 +08:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled }}"
# TODO - add support for exposing metrics
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-gmessages
#
######################################################################
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
######################################################################
#
# matrix-bridge-mautrix-wsproxy
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_wsproxy_enabled: false
matrix_mautrix_wsproxy_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}"
matrix_mautrix_wsproxy_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_nginx_proxy_container_network != matrix_mautrix_wsproxy_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network else [])
) | unique
}}
matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /matrix-bridge-mautrix-wsproxy
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-whatsapp
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_whatsapp_enabled: false
matrix_mautrix_whatsapp_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_whatsapp_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_whatsapp_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_whatsapp_container_labels_traefik_enabled else [])
) | unique
}}
matrix_mautrix_whatsapp_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_whatsapp_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname else [])
}}
matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled }}"
matrix_mautrix_whatsapp_metrics_proxying_enabled: "{{ matrix_mautrix_whatsapp_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-whatsapp
#
######################################################################
2020-05-22 19:50:59 +08:00
######################################################################
#
# matrix-sms-bridge
#
######################################################################
# We don't enable bridges by default.
matrix_sms_bridge_enabled: false
matrix_sms_bridge_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-05-22 19:50:59 +08:00
}}
matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}"
2020-05-22 19:50:59 +08:00
2021-11-17 03:03:21 +08:00
matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}"
2020-05-22 19:50:59 +08:00
######################################################################
#
# /matrix-sms-bridge
#
######################################################################
2021-05-12 20:24:39 +08:00
######################################################################
#
# matrix-bridge-heisenbridge
#
######################################################################
# We don't enable bridges by default.
matrix_heisenbridge_enabled: false
matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"
2021-05-12 20:24:39 +08:00
matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"
2021-05-12 20:24:39 +08:00
matrix_heisenbridge_systemd_wanted_services_list: |
{{
['matrix-' + matrix_homeserver_implementation + '.service']
2021-05-12 20:24:39 +08:00
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
######################################################################
#
# /matrix-bridge-heisenbridge
#
######################################################################
2022-01-04 04:22:42 +08:00
######################################################################
#
# matrix-bridge-hookshot
#
######################################################################
# We don't enable bridges by default.
matrix_hookshot_enabled: false
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}"
2022-01-04 04:22:42 +08:00
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}"
2022-01-04 04:22:42 +08:00
matrix_hookshot_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2022-01-04 04:22:42 +08:00
matrix_hookshot_systemd_wanted_services_list: |
{{
matrix_addons_homeserver_systemd_services_list
Add support for experimental encryption in Hookshot Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042 commit 49932b8f3c17c4c4db7a884658c42f9a8b0550ca Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:21:31 2023 +0200 Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml Also, this task always does work and side-effects, so it should always report changes (`changed_when: true`). commit 6bdf7a9dcb73385313a1f34d52e27ad0cf95fb3e Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:12:41 2023 +0200 Add Hookshot validation task to ensure queue settings are set when encryption is enabled commit 8c531b7971b5dfd15ca541b5072b3eb8237cdcf9 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:10:17 2023 +0200 Add missing variables rewiring in group_vars/matrix_servers for Hookshot commit 7d26dabc2fe692f5e1236c0e250f85996f3fd0c2 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:08:19 2023 +0200 Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port commit 74f91138c92f1d1b69eb973803b882849e31a259 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:06:17 2023 +0200 Fix syntax for connecting to additional networks for Hookshot commit ca7b41f3f2d0c2900b2805294476f70e82461304 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:05:28 2023 +0200 Fix indentation and remove unnecessary if-statements commit ac4a918d58fc76e7332446a65609b56c5e4da00c Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:04:44 2023 +0200 Add missing --network for Hookshot This seems to have been removed by accident. commit 6a81fa208fca28951fc131cbf33b95ec78748a40 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:02:47 2023 +0200 Make automatic Redis enabling safer, when Hookshot encryption enabled If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled. commit 75a8e0f2a6cbf1562cb99c68ad1f20e4d47735ed Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:01:10 2023 +0200 Fix typo commit 98ad182eaccc7ab457ead4e03cc0d4f2a525a47d Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:37:40 2023 +0100 Add defaults for Hookshot's encryption commit 29fa9fab151f513908d3e45882003da107a63c93 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:35:11 2023 +0100 Improve wording of Hookshot's encryption section commit 4f835e0560012754d7ce0b56619a97c68a297992 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:28:52 2023 +0100 use safer mount options for the container's files commit 8c93327e25c5e6af2442c676d5f264d4051c80e2 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:26:01 2023 +0100 fix filename commit 03a7bb6e7798dd95f7894311e4dd34dfa09f70fa Merge: e55d7694 06047763 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:23:44 2023 +0100 Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption commit 06047763bbd427dde117c6635ac7301198571158 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:15:54 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit e55d769465bd299081464e68d34851729d42d5ff Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:13:50 2023 +0100 clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency commit 66706e4535704deba63e5aa2102f324f9b14dae3 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:08:20 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit f6aaeb9a16f84409d31188e696885afed89fbdcc Merge: e5d34002 869dd33f Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:22:34 2023 +0100 Merge branch 'master' into HarHarLinks/hookshot-encryption commit e5d34002fd6c39c3e18df04e20d0c8b25475db78 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:09:27 2023 +0100 Add Jinja loop to allow adding multiple networks commit 69f947782d6e072c3edc4ee4c7d5ccf69eccf3fd Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:52:41 2023 +0100 split if statements for the message queue and experimental encryption support into seperate statements commit 4c13be1c89ffb1b06475c7da546f7956e67b36a1 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:31:19 2023 +0100 change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551) commit 9905309aa9448f91297f8c7618bf62682eee2af7 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:14:04 2023 +0100 amend docs commit 94abf2d5bde63919c6b5597f3142eea5fed73815 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:05:22 2023 +0100 draft encryption support for hookshot
2023-12-16 15:23:35 +08:00
+
([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
}}
# Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
# We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
# because connectivity is still potentially troublesome and is to be investigated.
matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else '' }}"
Add support for experimental encryption in Hookshot Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042 commit 49932b8f3c17c4c4db7a884658c42f9a8b0550ca Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:21:31 2023 +0200 Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml Also, this task always does work and side-effects, so it should always report changes (`changed_when: true`). commit 6bdf7a9dcb73385313a1f34d52e27ad0cf95fb3e Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:12:41 2023 +0200 Add Hookshot validation task to ensure queue settings are set when encryption is enabled commit 8c531b7971b5dfd15ca541b5072b3eb8237cdcf9 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:10:17 2023 +0200 Add missing variables rewiring in group_vars/matrix_servers for Hookshot commit 7d26dabc2fe692f5e1236c0e250f85996f3fd0c2 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:08:19 2023 +0200 Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port commit 74f91138c92f1d1b69eb973803b882849e31a259 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:06:17 2023 +0200 Fix syntax for connecting to additional networks for Hookshot commit ca7b41f3f2d0c2900b2805294476f70e82461304 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:05:28 2023 +0200 Fix indentation and remove unnecessary if-statements commit ac4a918d58fc76e7332446a65609b56c5e4da00c Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:04:44 2023 +0200 Add missing --network for Hookshot This seems to have been removed by accident. commit 6a81fa208fca28951fc131cbf33b95ec78748a40 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:02:47 2023 +0200 Make automatic Redis enabling safer, when Hookshot encryption enabled If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled. commit 75a8e0f2a6cbf1562cb99c68ad1f20e4d47735ed Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:01:10 2023 +0200 Fix typo commit 98ad182eaccc7ab457ead4e03cc0d4f2a525a47d Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:37:40 2023 +0100 Add defaults for Hookshot's encryption commit 29fa9fab151f513908d3e45882003da107a63c93 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:35:11 2023 +0100 Improve wording of Hookshot's encryption section commit 4f835e0560012754d7ce0b56619a97c68a297992 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:28:52 2023 +0100 use safer mount options for the container's files commit 8c93327e25c5e6af2442c676d5f264d4051c80e2 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:26:01 2023 +0100 fix filename commit 03a7bb6e7798dd95f7894311e4dd34dfa09f70fa Merge: e55d7694 06047763 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:23:44 2023 +0100 Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption commit 06047763bbd427dde117c6635ac7301198571158 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:15:54 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit e55d769465bd299081464e68d34851729d42d5ff Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:13:50 2023 +0100 clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency commit 66706e4535704deba63e5aa2102f324f9b14dae3 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:08:20 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit f6aaeb9a16f84409d31188e696885afed89fbdcc Merge: e5d34002 869dd33f Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:22:34 2023 +0100 Merge branch 'master' into HarHarLinks/hookshot-encryption commit e5d34002fd6c39c3e18df04e20d0c8b25475db78 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:09:27 2023 +0100 Add Jinja loop to allow adding multiple networks commit 69f947782d6e072c3edc4ee4c7d5ccf69eccf3fd Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:52:41 2023 +0100 split if statements for the message queue and experimental encryption support into seperate statements commit 4c13be1c89ffb1b06475c7da546f7956e67b36a1 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:31:19 2023 +0100 change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551) commit 9905309aa9448f91297f8c7618bf62682eee2af7 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:14:04 2023 +0100 amend docs commit 94abf2d5bde63919c6b5597f3142eea5fed73815 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:05:22 2023 +0100 draft encryption support for hookshot
2023-12-16 15:23:35 +08:00
matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"
Add support for experimental encryption in Hookshot Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042 commit 49932b8f3c17c4c4db7a884658c42f9a8b0550ca Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:21:31 2023 +0200 Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml Also, this task always does work and side-effects, so it should always report changes (`changed_when: true`). commit 6bdf7a9dcb73385313a1f34d52e27ad0cf95fb3e Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:12:41 2023 +0200 Add Hookshot validation task to ensure queue settings are set when encryption is enabled commit 8c531b7971b5dfd15ca541b5072b3eb8237cdcf9 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:10:17 2023 +0200 Add missing variables rewiring in group_vars/matrix_servers for Hookshot commit 7d26dabc2fe692f5e1236c0e250f85996f3fd0c2 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:08:19 2023 +0200 Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port commit 74f91138c92f1d1b69eb973803b882849e31a259 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:06:17 2023 +0200 Fix syntax for connecting to additional networks for Hookshot commit ca7b41f3f2d0c2900b2805294476f70e82461304 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:05:28 2023 +0200 Fix indentation and remove unnecessary if-statements commit ac4a918d58fc76e7332446a65609b56c5e4da00c Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:04:44 2023 +0200 Add missing --network for Hookshot This seems to have been removed by accident. commit 6a81fa208fca28951fc131cbf33b95ec78748a40 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:02:47 2023 +0200 Make automatic Redis enabling safer, when Hookshot encryption enabled If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled. commit 75a8e0f2a6cbf1562cb99c68ad1f20e4d47735ed Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:01:10 2023 +0200 Fix typo commit 98ad182eaccc7ab457ead4e03cc0d4f2a525a47d Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:37:40 2023 +0100 Add defaults for Hookshot's encryption commit 29fa9fab151f513908d3e45882003da107a63c93 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:35:11 2023 +0100 Improve wording of Hookshot's encryption section commit 4f835e0560012754d7ce0b56619a97c68a297992 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:28:52 2023 +0100 use safer mount options for the container's files commit 8c93327e25c5e6af2442c676d5f264d4051c80e2 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:26:01 2023 +0100 fix filename commit 03a7bb6e7798dd95f7894311e4dd34dfa09f70fa Merge: e55d7694 06047763 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:23:44 2023 +0100 Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption commit 06047763bbd427dde117c6635ac7301198571158 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:15:54 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit e55d769465bd299081464e68d34851729d42d5ff Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:13:50 2023 +0100 clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency commit 66706e4535704deba63e5aa2102f324f9b14dae3 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:08:20 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit f6aaeb9a16f84409d31188e696885afed89fbdcc Merge: e5d34002 869dd33f Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:22:34 2023 +0100 Merge branch 'master' into HarHarLinks/hookshot-encryption commit e5d34002fd6c39c3e18df04e20d0c8b25475db78 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:09:27 2023 +0100 Add Jinja loop to allow adding multiple networks commit 69f947782d6e072c3edc4ee4c7d5ccf69eccf3fd Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:52:41 2023 +0100 split if statements for the message queue and experimental encryption support into seperate statements commit 4c13be1c89ffb1b06475c7da546f7956e67b36a1 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:31:19 2023 +0100 change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551) commit 9905309aa9448f91297f8c7618bf62682eee2af7 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:14:04 2023 +0100 amend docs commit 94abf2d5bde63919c6b5597f3142eea5fed73815 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:05:22 2023 +0100 draft encryption support for hookshot
2023-12-16 15:23:35 +08:00
matrix_hookshot_container_additional_networks_auto: |
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([redis_container_network] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
2024-01-02 23:10:26 +08:00
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
) | unique
2022-01-04 04:22:42 +08:00
}}
matrix_hookshot_container_http_host_bind_ports_defaultmapping:
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}"
matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}"
2022-01-04 04:22:42 +08:00
2024-01-02 23:10:26 +08:00
matrix_hookshot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_hookshot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
2022-01-11 07:19:29 +08:00
# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled.
matrix_hookshot_metrics_enabled: "{{ prometheus_enabled }}"
2024-01-02 23:10:26 +08:00
matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_hookshot_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_hookshot_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/hookshot"
matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2024-01-02 23:10:26 +08:00
matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_hookshot_urlprefix: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}"
2022-01-04 04:22:42 +08:00
######################################################################
#
# /matrix-bridge-hookshot
#
######################################################################
2020-03-17 08:33:11 +08:00
2020-04-12 22:17:30 +08:00
######################################################################
#
# matrix-bridge-mx-puppet-slack
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_slack_enabled: false
2022-03-10 17:41:41 +08:00
matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-04-12 22:17:30 +08:00
matrix_mx_puppet_slack_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-04-12 22:17:30 +08:00
}}
matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}"
2020-04-12 22:17:30 +08:00
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}"
2020-04-12 22:17:30 +08:00
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
2020-04-12 22:17:30 +08:00
######################################################################
#
# /matrix-bridge-mx-puppet-slack
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_twitter_enabled: false
2022-03-10 17:41:41 +08:00
matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_mx_puppet_twitter_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_mx_puppet_twitter_appservice_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mx-puppet-twitter
#
######################################################################
2020-04-12 22:17:30 +08:00
2020-06-27 18:40:27 +08:00
######################################################################
#
# matrix-bridge-mx-puppet-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_instagram_enabled: false
2022-03-10 17:41:41 +08:00
matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-06-27 18:40:27 +08:00
matrix_mx_puppet_instagram_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-06-27 18:40:27 +08:00
}}
matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}"
2020-06-27 18:40:27 +08:00
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}"
2020-06-27 18:40:27 +08:00
matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
2020-06-27 18:40:27 +08:00
######################################################################
#
# /matrix-bridge-mx-puppet-instagram
#
######################################################################
2020-06-11 23:54:36 +08:00
######################################################################
#
# matrix-bridge-mx-puppet-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_discord_enabled: false
2022-03-10 17:41:41 +08:00
matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-06-11 23:54:36 +08:00
matrix_mx_puppet_discord_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-06-11 23:54:36 +08:00
}}
matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}"
2020-06-11 23:54:36 +08:00
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}"
2020-06-11 23:54:36 +08:00
matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
2020-06-11 23:54:36 +08:00
######################################################################
#
# /matrix-bridge-mx-puppet-discord
#
######################################################################
2020-07-01 19:46:58 +08:00
######################################################################
#
# matrix-bridge-mx-puppet-steam
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_steam_enabled: false
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2020-07-01 19:46:58 +08:00
matrix_mx_puppet_steam_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2020-07-01 19:46:58 +08:00
}}
matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}"
2020-07-01 19:46:58 +08:00
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}"
2020-07-01 19:46:58 +08:00
matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
2020-07-01 19:46:58 +08:00
######################################################################
#
# /matrix-bridge-mx-puppet-steam
#
######################################################################
2020-06-27 18:40:27 +08:00
2021-02-13 12:13:30 +08:00
######################################################################
#
# matrix-bridge-mx-puppet-groupme
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_groupme_enabled: false
2022-03-10 17:41:41 +08:00
matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2021-02-13 12:13:30 +08:00
matrix_mx_puppet_groupme_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
2021-02-13 12:13:30 +08:00
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2021-02-13 12:13:30 +08:00
}}
matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}"
2021-02-13 12:13:30 +08:00
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}"
2021-02-13 12:13:30 +08:00
matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
2021-02-13 12:13:30 +08:00
######################################################################
#
# /matrix-bridge-mx-puppet-groupme
#
######################################################################
2020-07-20 19:13:08 +08:00
######################################################################
#
# matrix-bot-matrix-reminder-bot
#
######################################################################
# We don't enable bots by default.
matrix_bot_matrix_reminder_bot_enabled: false
matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else [])
}}
# Postgres is the default, except if not using internal Postgres server
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_bot_matrix_reminder_bot_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_matrix_reminder_bot_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else [])
) | unique
}}
matrix_bot_matrix_reminder_bot_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2020-07-20 19:13:08 +08:00
######################################################################
#
# /matrix-bot-matrix-reminder-bot
#
######################################################################
######################################################################
#
# matrix-bot-matrix-registration-bot
#
######################################################################
# We don't enable bots by default.
matrix_bot_matrix_registration_bot_enabled: false
matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_bot_matrix_registration_bot_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
######################################################################
#
# /matrix-bot-matrix-registration-bot
#
######################################################################
2022-06-24 02:24:52 +08:00
######################################################################
#
# matrix-bot-maubot
2022-06-24 02:24:52 +08:00
#
######################################################################
# We don't enable bots by default.
matrix_bot_maubot_enabled: false
2022-06-24 02:24:52 +08:00
matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2022-06-24 02:24:52 +08:00
matrix_bot_maubot_systemd_required_services_list: |
2022-06-24 02:24:52 +08:00
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2022-07-09 17:44:11 +08:00
+
2022-06-24 02:24:52 +08:00
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
2022-06-25 00:19:23 +08:00
matrix_bot_maubot_registration_shared_secret: |-
{{
{
'synapse': matrix_synapse_registration_shared_secret,
'dendrite': matrix_dendrite_client_api_registration_shared_secret,
2022-06-25 00:19:23 +08:00
}[matrix_homeserver_implementation]
}}
matrix_bot_maubot_management_interface_http_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_bot_maubot_management_interface_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_maubot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
2022-06-24 02:24:52 +08:00
######################################################################
#
# /matrix-bot-maubot
2022-06-24 02:24:52 +08:00
#
######################################################################
2022-01-07 02:30:10 +08:00
######################################################################
#
# matrix-bot-honoroit
#
######################################################################
# We don't enable bots by default.
matrix_bot_honoroit_enabled: false
matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_bot_honoroit_path_prefix: /honoroit
2022-01-07 02:30:10 +08:00
# For consistency with other things hosted at the matrix FQN, we adjust the metrics endpoint
# so that metrics would be served at `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`).
matrix_bot_honoroit_container_labels_traefik_metrics_path: /metrics/honoroit
2022-01-07 02:30:10 +08:00
matrix_bot_honoroit_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2022-01-07 02:30:10 +08:00
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
# Postgres is the default, except if not using internal Postgres server
matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_honoroit_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
2022-10-25 23:25:07 +08:00
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2022-01-07 02:30:10 +08:00
matrix_bot_honoroit_container_network: "{{ matrix_docker_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-bot-honoroit' }}"
# For now, we attach this to the matrix-nginx-proxy network (unless that's the same network as the main one for us),
# because that's where the homeserver is expected to be accessed from.
# In the future, this will need to be redone.
matrix_bot_honoroit_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_bot_honoroit_container_network != matrix_nginx_proxy_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_honoroit_container_network else [])
) | unique
}}
matrix_bot_honoroit_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2022-01-07 02:30:10 +08:00
######################################################################
#
# /matrix-bot-honoroit
#
######################################################################
2022-04-23 21:19:24 +08:00
######################################################################
#
# matrix-bot-buscarron
#
######################################################################
# We don't enable bots by default.
matrix_bot_buscarron_enabled: false
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2022-04-23 21:19:24 +08:00
matrix_bot_buscarron_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2022-04-23 21:19:24 +08:00
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
# Postgres is the default, except if not using internal Postgres server
matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
2022-04-23 21:19:24 +08:00
matrix_bot_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
matrix_bot_buscarron_container_network: "{{ matrix_docker_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-bot-buscarron' }}"
# For now, we attach this to the matrix-nginx-proxy network (unless that's the same network as the main one for us),
# because that's where the homeserver is expected to be accessed from.
# In the future, this will need to be redone.
matrix_bot_buscarron_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
2023-02-26 01:36:57 +08:00
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_bot_buscarron_container_network != matrix_nginx_proxy_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_buscarron_container_network else [])
) | unique
}}
matrix_bot_buscarron_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2022-04-23 21:19:24 +08:00
######################################################################
#
# /matrix-bot-buscarron
#
######################################################################
2022-08-23 01:10:35 +08:00
######################################################################
#
# matrix-bot-postmoogle
#
######################################################################
# We don't enable bots by default.
matrix_bot_postmoogle_enabled: false
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_bot_postmoogle_ssl_path: |-
{{
{
'playbook-managed-traefik': devture_traefik_certs_dumper_dumped_certificates_dir_path,
'other-traefik-container': devture_traefik_certs_dumper_dumped_certificates_dir_path,
'playbook-managed-nginx': (matrix_ssl_config_dir_path if matrix_playbook_ssl_retrieval_method != 'none' else ''),
'other-nginx-non-container': (matrix_ssl_config_dir_path if matrix_playbook_ssl_retrieval_method != 'none' else ''),
'other-on-same-host': '',
'other-on-another-host': '',
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_playbook_bot_postmoogle_nginx_proxy_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/fullchain.pem {% endfor %}"
matrix_playbook_bot_postmoogle_nginx_proxy_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/privkey.pem {% endfor %}"
matrix_playbook_bot_postmoogle_traefik_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/{{ domain }}/certificate.crt {% endfor %}"
matrix_playbook_bot_postmoogle_traefik_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/{{ domain }}/privatekey.key {% endfor %}"
matrix_bot_postmoogle_tls_cert: |-
{{
{
'playbook-managed-traefik': matrix_playbook_bot_postmoogle_traefik_tls_cert,
'other-traefik-container': matrix_playbook_bot_postmoogle_traefik_tls_cert,
'playbook-managed-nginx': (matrix_playbook_bot_postmoogle_nginx_proxy_tls_cert if matrix_playbook_ssl_retrieval_method != 'none' else ''),
'other-nginx-non-container': (matrix_playbook_bot_postmoogle_nginx_proxy_tls_cert if matrix_playbook_ssl_retrieval_method != 'none' else ''),
'other-on-same-host': '',
'other-on-another-host': '',
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_bot_postmoogle_tls_key: |-
{{
{
'playbook-managed-traefik': matrix_playbook_bot_postmoogle_traefik_key,
'other-traefik-container': matrix_playbook_bot_postmoogle_traefik_key,
'playbook-managed-nginx': (matrix_playbook_bot_postmoogle_nginx_proxy_key if matrix_playbook_ssl_retrieval_method != 'none' else ''),
'other-nginx-non-container': (matrix_playbook_bot_postmoogle_nginx_proxy_key if matrix_playbook_ssl_retrieval_method != 'none' else ''),
'other-on-same-host': '',
'other-on-another-host': '',
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_bot_postmoogle_domains %}{{ devture_traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}"
2022-08-23 01:10:35 +08:00
matrix_bot_postmoogle_systemd_required_services_list_auto: |
2022-08-23 01:10:35 +08:00
{{
matrix_addons_homeserver_systemd_services_list
2022-08-23 01:10:35 +08:00
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_postmoogle_database_hostname == matrix_bot_postmoogle_database_hostname else [])
+
(matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled else [])
2022-08-23 01:10:35 +08:00
}}
# Postgres is the default, except if not using internal Postgres server
matrix_bot_postmoogle_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_postmoogle_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
matrix_bot_postmoogle_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_bot_postmoogle_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_postmoogle_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else [])
) | unique
}}
2022-08-23 01:10:35 +08:00
######################################################################
#
# /matrix-bot-postmoogle
#
######################################################################
2020-07-20 19:13:08 +08:00
######################################################################
#
# matrix-bot-chatgpt
#
######################################################################
# We don't enable bots by default.
matrix_bot_chatgpt_enabled: false
matrix_bot_chatgpt_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_bot_chatgpt_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_chatgpt_container_additional_networks_auto: "{{ [] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network] }}"
matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_bot_chatgpt_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
######################################################################
#
# /matrix-bot-chatgpt
#
######################################################################
2021-03-12 02:23:01 +08:00
######################################################################
#
# matrix-bot-go-neb
#
######################################################################
# We don't enable bots by default.
matrix_bot_go_neb_enabled: false
matrix_bot_go_neb_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
matrix_bot_go_neb_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-bot-go-neb' }}"
matrix_bot_go_neb_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_bot_go_neb_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_go_neb_container_network else [])
) | unique
}}
matrix_bot_go_neb_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '4050') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-03-12 02:23:01 +08:00
matrix_bot_go_neb_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier + '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2021-03-12 02:23:01 +08:00
}}
######################################################################
#
# /matrix-bot-go-neb
#
######################################################################
2021-03-24 11:46:08 +08:00
######################################################################
#
# matrix-bot-mjolnir
#
######################################################################
# We don't enable bots by default.
matrix_bot_mjolnir_enabled: false
2022-03-10 17:41:41 +08:00
matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2021-03-24 11:46:08 +08:00
matrix_bot_mjolnir_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
2021-04-03 06:07:24 +08:00
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2021-04-03 06:07:24 +08:00
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
2021-03-24 11:46:08 +08:00
}}
######################################################################
#
# /matrix-bot-mjolnir
#
######################################################################
######################################################################
#
# matrix-bot-draupnir
#
######################################################################
# We don't enable bots by default.
matrix_bot_draupnir_enabled: false
matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_bot_draupnir_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
######################################################################
#
# /matrix-bot-draupnir
#
######################################################################
######################################################################
#
# etke/backup_borg
#
######################################################################
backup_borg_enabled: false
backup_borg_identifier: matrix-backup-borg
2023-02-13 18:44:42 +08:00
backup_borg_retention_prefix: matrix-
backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
backup_borg_username: "{{ matrix_user_username }}"
backup_borg_uid: "{{ matrix_user_uid }}"
backup_borg_gid: "{{ matrix_user_gid }}"
backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}"
backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/postgres' if devture_postgres_enabled else '' }}"
backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}"
backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
backup_borg_location_source_directories:
- "{{ matrix_base_data_path }}"
backup_borg_location_exclude_patterns: |
{{
([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else [])
+
([devture_postgres_data_path] if devture_postgres_enabled else [])
}}
backup_borg_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
######################################################################
#
# /etke/backup_borg
#
######################################################################
Cactus comments (#2089) * Add construct for cactus comments role * Adjust config files * Add docker self build to defaults * Adjust tasks * Fix smaller syntax errors * Fix env argument * Add tmp path to allow container writing there Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir * Change port back to 5000 as not configurable in container * Try to add appservice config file for synapse to use * Inject appservice file * Correct copied variable name * Comment out unused app service file injection would need mounting the appservice file to the synapse container i guess * Move role before synapse to be able to inject during runtime * Remove unused parts * Change default user id to mirror official docs * Add docs * Update roles/matrix-cactus-comments/tasks/setup_install.yml Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Generate secrets if necessary, adjust docs * Rename cactusbot userid * Shorten salt strings Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Use tmpfs instead of persistent mount * Remove proxy option as it is nonsense * Add download and serving of cc-client files * Add documentation on client * Clarify docs a bit * Add nginx proxy to required services Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use container address Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct comment of user id Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use releases or local distributed client Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Move homeserver url to defaults Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct truth value Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add documentation of variables Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Tabs vs. spaces Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Make nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Complete ake nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix file permission Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix lint errors Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-09-09 19:37:52 +08:00
######################################################################
#
# matrix-cactus-comments
#
######################################################################
matrix_cactus_comments_enabled: false
# Derive secret values from homeserver secret
matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}"
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}"
Cactus comments (#2089) * Add construct for cactus comments role * Adjust config files * Add docker self build to defaults * Adjust tasks * Fix smaller syntax errors * Fix env argument * Add tmp path to allow container writing there Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir * Change port back to 5000 as not configurable in container * Try to add appservice config file for synapse to use * Inject appservice file * Correct copied variable name * Comment out unused app service file injection would need mounting the appservice file to the synapse container i guess * Move role before synapse to be able to inject during runtime * Remove unused parts * Change default user id to mirror official docs * Add docs * Update roles/matrix-cactus-comments/tasks/setup_install.yml Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Generate secrets if necessary, adjust docs * Rename cactusbot userid * Shorten salt strings Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Use tmpfs instead of persistent mount * Remove proxy option as it is nonsense * Add download and serving of cc-client files * Add documentation on client * Clarify docs a bit * Add nginx proxy to required services Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use container address Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct comment of user id Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use releases or local distributed client Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Move homeserver url to defaults Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct truth value Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add documentation of variables Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Tabs vs. spaces Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Make nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Complete ake nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix file permission Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix lint errors Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-09-09 19:37:52 +08:00
matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
matrix_cactus_comments_systemd_required_services_list: |
{{
(['docker.service'])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+
(['matrix-' + matrix_homeserver_implementation + '.service'])
}}
matrix_cactus_comments_client_nginx_path: "{{ '/cactus-comments/' if matrix_nginx_proxy_enabled else matrix_cactus_comments_client_path + '/' }}"
Cactus comments (#2089) * Add construct for cactus comments role * Adjust config files * Add docker self build to defaults * Adjust tasks * Fix smaller syntax errors * Fix env argument * Add tmp path to allow container writing there Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir * Change port back to 5000 as not configurable in container * Try to add appservice config file for synapse to use * Inject appservice file * Correct copied variable name * Comment out unused app service file injection would need mounting the appservice file to the synapse container i guess * Move role before synapse to be able to inject during runtime * Remove unused parts * Change default user id to mirror official docs * Add docs * Update roles/matrix-cactus-comments/tasks/setup_install.yml Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Generate secrets if necessary, adjust docs * Rename cactusbot userid * Shorten salt strings Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Use tmpfs instead of persistent mount * Remove proxy option as it is nonsense * Add download and serving of cc-client files * Add documentation on client * Clarify docs a bit * Add nginx proxy to required services Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use container address Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct comment of user id Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use releases or local distributed client Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Move homeserver url to defaults Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct truth value Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add documentation of variables Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Tabs vs. spaces Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Make nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Complete ake nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix file permission Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix lint errors Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-09-09 19:37:52 +08:00
######################################################################
#
# /matrix-cactus-comments
#
######################################################################
2021-03-24 11:46:08 +08:00
######################################################################
#
# matrix-corporal
#
######################################################################
matrix_corporal_enabled: false
matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-corporal's web-server ports to the local host.
matrix_corporal_container_http_gateway_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '41080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_corporal_container_http_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '41081') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_corporal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_corporal_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_nginx_proxy_container_network != matrix_corporal_container_network else [])
) | unique
}}
matrix_corporal_systemd_required_services_list: |
{{
(['docker.service'])
+
(['matrix-' + matrix_homeserver_implementation + '.service'])
}}
matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}"
matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
# This is only useful if there's REST auth provider to make use of it.
matrix_corporal_http_gateway_internal_rest_auth_enabled: "{{ matrix_synapse_ext_password_provider_rest_auth_enabled }}"
matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}"
######################################################################
#
# /matrix-corporal
#
######################################################################
2023-02-21 05:34:16 +08:00
######################################################################
#
# matrix-rageshake
2023-02-21 05:34:16 +08:00
#
######################################################################
# We don't enable rageshake by default.
matrix_rageshake_enabled: false
matrix_rageshake_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2023-02-21 05:34:16 +08:00
matrix_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}"
matrix_rageshake_container_network: "{{ matrix_docker_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-rageshake' }}"
matrix_rageshake_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9110') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_rageshake_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /matrix-rageshake
#
######################################################################
######################################################################
#
# matrix-coturn
#
######################################################################
matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
# We make the assumption that `ansible_host` points to an external IP address, which may not always be the case.
# Users are free to set `matrix_coturn_turn_external_ip_address` to an empty string
# to allow auto-detection (via an EchoIP service) to happen at runtime.
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}"
matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_retrieval_method != 'none' }}"
matrix_coturn_tls_cert_path: |-
{{
{
'playbook-managed-traefik': '/certificate.crt',
'other-traefik-container': '/certificate.crt',
'playbook-managed-nginx': '/fullchain.pem',
'other-nginx-non-container': '/fullchain.pem',
'other-on-same-host': '',
'other-on-another-host': '',
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_coturn_tls_key_path: |-
{{
{
'playbook-managed-traefik': '/privatekey.key',
'other-traefik-container': '/privatekey.key',
'playbook-managed-nginx': '/privkey.pem',
'other-nginx-non-container': '/privkey.pem',
'other-on-same-host': '',
'other-on-another-host': '',
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_coturn_container_additional_volumes: |
{{
(
[
{
'src': (matrix_ssl_config_dir_path + '/live/' + matrix_server_fqn_matrix + '/fullchain.pem'),
'dst': '/fullchain.pem',
'options': 'ro',
},
{
'src': (matrix_ssl_config_dir_path + '/live/' + matrix_server_fqn_matrix + '/privkey.pem'),
'dst': '/privkey.pem',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] and matrix_coturn_tls_enabled else []
)
+
(
[
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'),
'dst': '/certificate.crt',
'options': 'ro',
},
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'),
'dst': '/privatekey.key',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
)
}}
matrix_coturn_systemd_required_services_list: |
{{
['docker.service']
+
([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
}}
2019-03-19 16:24:39 +08:00
######################################################################
#
# /matrix-coturn
#
######################################################################
######################################################################
#
# matrix-dimension
#
######################################################################
matrix_dimension_enabled: false
matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_dimension_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
matrix_dimension_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-dimension' }}"
matrix_dimension_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_dimension_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_dimension_container_network else [])
) | unique
}}
matrix_dimension_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8184') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_dimension_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_dimension_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_dimension_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_dimension_homeserver_clientServerUrl: "{{ matrix_homeserver_container_url }}"
matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}"
matrix_dimension_homeserver_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
2021-11-15 18:07:54 +08:00
matrix_dimension_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
# Postgres is the default, except if not using internal Postgres server
matrix_dimension_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_dimension_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-dimension
#
######################################################################
2021-01-21 07:06:35 +08:00
######################################################################
#
# etke/etherpad
2021-01-21 07:06:35 +08:00
#
######################################################################
etherpad_enabled: false
etherpad_identifier: matrix-etherpad
etherpad_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2022-11-04 17:36:10 +08:00
etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
2023-04-03 13:53:46 +08:00
etherpad_framing_enabled: "{{ matrix_dimension_enabled or jitsi_enabled }}"
etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
etherpad_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
etherpad_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9001') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
etherpad_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else etherpad_identifier }}"
etherpad_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != etherpad_container_network else [])
) | unique
}}
etherpad_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
etherpad_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
etherpad_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
etherpad_systemd_required_services_list: |
2021-01-21 07:06:35 +08:00
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2021-01-21 07:06:35 +08:00
}}
etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
etherpad_database_name: matrix_etherpad
etherpad_database_username: matrix_etherpad
etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
2021-01-21 07:06:35 +08:00
######################################################################
#
# /etke/etherpad
2021-01-21 07:06:35 +08:00
#
######################################################################
2020-11-08 09:34:16 +08:00
######################################################################
#
# matrix-dynamic-dns
#
######################################################################
2020-11-11 05:30:38 +08:00
matrix_dynamic_dns_enabled: false
2020-11-08 09:34:16 +08:00
######################################################################
#
# /matrix-dynamic-dns
#
######################################################################
2019-08-05 18:06:49 +08:00
######################################################################
#
# matrix-email2matrix
#
######################################################################
matrix_email2matrix_enabled: false
matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
2019-08-05 18:06:49 +08:00
######################################################################
#
# /matrix-email2matrix
#
######################################################################
2020-03-23 23:19:15 +08:00
######################################################################
#
2023-04-03 13:53:46 +08:00
# jitsi
2020-03-23 23:19:15 +08:00
#
######################################################################
2023-04-03 13:53:46 +08:00
jitsi_enabled: false
jitsi_architecture: "{{ matrix_architecture }}"
jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
jitsi_identifier: matrix-jitsi
jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
jitsi_uid: "{{ matrix_user_uid }}"
jitsi_gid: "{{ matrix_user_gid }}"
2020-03-23 23:19:15 +08:00
jitsi_user_username: "{{ matrix_user_username }}"
2020-03-23 23:19:15 +08:00
# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Jitsi HTTP port to the local host.
2023-04-03 13:53:46 +08:00
jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_web_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_jvb_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-03-23 23:19:15 +08:00
2023-04-03 13:53:46 +08:00
jitsi_prosody_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
2023-04-03 13:53:46 +08:00
jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-04-03 13:53:46 +08:00
jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
2020-03-23 23:19:15 +08:00
2023-04-03 13:53:46 +08:00
jitsi_web_stun_servers: |
{{
[
'stun:' + matrix_server_fqn_matrix + ':5349',
'stun:' + matrix_server_fqn_matrix + ':3478',
]
if matrix_coturn_enabled
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
}}
2020-03-23 23:19:15 +08:00
2023-04-03 13:53:46 +08:00
# The Jitsi instance installed by this playbook is meant for embedding into Matrix clients, so framing is allowed.
jitsi_web_framing_enabled: true
jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
jitsi_turn_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turns_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port if matrix_coturn_enabled else '' }}"
jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port if matrix_coturn_enabled else '' }}"
2021-01-21 07:06:59 +08:00
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
2023-04-03 13:53:46 +08:00
# unless explicitly disabled by setting `jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `jitsi_etherpad_enabled` to true,
# while also setting `etherpad_enabled` to false.
2023-04-03 13:53:46 +08:00
jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
2021-01-21 07:06:59 +08:00
# Allow verification using JWT and matrix-UVS
jitsi_prosody_auth_matrix_uvs_sync_power_levels: "{{ matrix_user_verification_service_enabled }}"
2023-04-03 13:53:46 +08:00
jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"
jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"
2023-04-03 13:53:46 +08:00
# Gravatar is enabled by default upstream, but there's no need to leak data there needlessly
# when embedding Jitsi in Matrix rooms.
jitsi_disable_gravatar: true
2020-03-23 23:19:15 +08:00
######################################################################
#
2023-04-03 13:53:46 +08:00
# /jitsi
2020-03-23 23:19:15 +08:00
#
######################################################################
2023-04-03 13:53:46 +08:00
######################################################################
#
# matrix-ldap-registration-proxy
#
######################################################################
# This is only for users with a specific LDAP setup
matrix_ldap_registration_proxy_enabled: false
######################################################################
#
# /matrix-ldap-registration-proxy
#
######################################################################
2020-03-23 23:19:15 +08:00
########################################################################
# #
# exim-relay #
# #
########################################################################
# We set up an Exim email relay by default.
# This is so that the homeserver and various other services can send emails through it.
# To completely disable this service, use: `exim_relay_enabled: false`
exim_relay_identifier: "matrix-exim-relay"
exim_relay_base_path: "{{ matrix_base_data_path }}/exim-relay"
exim_relay_uid: "{{ matrix_user_uid }}"
exim_relay_gid: "{{ matrix_user_gid }}"
exim_relay_container_network: "{{ matrix_docker_network }}"
exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"
exim_relay_sender_address: "matrix@{{ matrix_domain }}"
########################################################################
# #
# /exim-relay #
# #
########################################################################
######################################################################
#
# matrix-ma1sd
#
######################################################################
# We no longer install the ma1sd identity server by default.
#
# The main reason we used to install ma1sd by default in the past was to
# prevent Element from talking to the `matrix.org` / `vector.im` identity servers,
# by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead,
# thus preventing contact list leaks.
#
# Since Element no longer defaults to using a public identity server if another one is not provided,
# we can stop installing ma1sd.
matrix_ma1sd_enabled: false
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# ma1sd's web-server port.
matrix_ma1sd_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_ma1sd_container_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2021-11-17 03:03:21 +08:00
# We enable Synapse integration via its Postgres database by default.
# When using another Identity store, you might wish to disable this and define
# your own configuration in `matrix_ma1sd_configuration_extension_yaml`.
matrix_ma1sd_synapsesql_enabled: true
matrix_ma1sd_synapsesql_type: postgresql
matrix_ma1sd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user | urlencode() }}&password={{ matrix_synapse_database_password | urlencode() }}
matrix_ma1sd_dns_overwrite_enabled: true
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
# The `matrix_ma1sd_dns_overwrite_homeserver_client_value` value when matrix_nginx_proxy_enabled is false covers the general case,
# but may be inaccurate if matrix-corporal is enabled.
matrix_ma1sd_dns_overwrite_homeserver_client_value: "{{ matrix_homeserver_container_url }}"
# By default, we send mail through the `matrix-mailer` service.
matrix_ma1sd_threepid_medium_email_identity_from: "{{ exim_relay_sender_address }}"
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "matrix-mailer"
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0
matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
matrix_ma1sd_systemd_required_services_list: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
matrix_ma1sd_systemd_wanted_services_list: |
{{
(['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-' + matrix_homeserver_implementation + '.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
}}
# Postgres is the default, except if not using internal Postgres server
matrix_ma1sd_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_ma1sd_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-ma1sd
#
######################################################################
2023-07-12 14:09:27 +08:00
######################################################################
#
# matrix-media-repo
#
######################################################################
matrix_media_repo_enabled: false
2023-12-21 03:38:46 +08:00
matrix_media_repo_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else matrix_media_repo_identifier }}"
2023-07-12 14:09:27 +08:00
2023-12-21 03:38:46 +08:00
matrix_media_repo_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_media_repo_container_network else [])
) | unique
}}
2023-07-12 14:09:27 +08:00
2023-12-21 03:38:46 +08:00
matrix_media_repo_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
2023-07-12 14:09:27 +08:00
matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_media_repo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_media_repo_database_username: matrix_media_repo
matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}"
matrix_media_repo_database_name: matrix_media_repo
matrix_media_repo_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname else [])
2023-07-12 14:09:27 +08:00
}}
######################################################################
#
# /matrix-media-repo
#
######################################################################
######################################################################
#
# matrix-nginx-proxy
#
######################################################################
# This playbook installs its own nginx if
# - it's explicitly enabled
# - Traefik is in use. Not all services are Traefik-native yet, so we use reverse-proxy to some via a local-only matrix-nginx-proxy
matrix_nginx_proxy_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'playbook-managed-traefik', 'other-traefik-container'] }}"
# matrix-nginx-proxy is only to handle HTTPS only if it's the chosen reverse-proxy.
# It may be enabled even if it's not chosen. See `matrix_nginx_proxy_enabled`.
matrix_ssl_retrieval_method: "{{ 'lets-encrypt' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'none' }}"
matrix_nginx_proxy_https_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' }}"
# matrix-nginx-proxy is to publish ports only if it's the chosen reverse-proxy.
# It may be enabled even if it's not chosen. See `matrix_nginx_proxy_enabled`.
matrix_nginx_proxy_container_http_host_bind_port: "{{ '80' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '' }}"
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '' }}"
# matrix-nginx-proxy is to trust reverse-proxy forwarded protocol and headers, unless it's the "main" (chosen) reverse-proxy
matrix_nginx_proxy_trust_forwarded_proto: "{{ matrix_playbook_reverse_proxy_type != 'playbook-managed-nginx' }}"
matrix_nginx_proxy_x_forwarded_for: "{{ '$remote_addr' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '$proxy_add_x_forwarded_for' }}"
matrix_nginx_proxy_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([jitsi_container_network] if jitsi_enabled and matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' and jitsi_container_network != matrix_nginx_proxy_container_network else [])
) | unique
}}
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
{{
{
'synapse': matrix_synapse_max_upload_size_mb,
'dendrite': (matrix_dendrite_max_file_size_bytes / 1024 / 1024) | round,
2022-08-05 03:35:41 +08:00
'conduit': (matrix_conduit_max_request_size / 1024 / 1024) | round,
}[matrix_homeserver_implementation]|int
}}
matrix_nginx_proxy_proxy_matrix_enabled: true
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
2023-08-31 00:23:52 +08:00
matrix_nginx_proxy_proxy_schildichat_enabled: "{{ matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled: "{{ matrix_mautrix_wsproxy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
2023-04-03 13:53:46 +08:00
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
2023-02-26 17:03:42 +08:00
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_ntfy_enabled: "{{ ntfy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}"
2021-11-17 03:14:28 +08:00
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}"
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}"
# NOTE: we cannot disable this, even though matrix-media-repo is already natively exposed at the Traefik level.
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3045#issuecomment-1867327001
2023-07-12 14:09:27 +08:00
matrix_nginx_proxy_proxy_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
matrix_nginx_proxy_proxy_media_repo_addr_with_container: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_port }}"
2023-07-12 14:09:27 +08:00
matrix_nginx_proxy_proxy_media_repo_addr_sans_container: "127.0.0.1:{{ matrix_media_repo_port }}"
# By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy.
# Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy.
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: |-
{{
{
'synapse': (matrix_synapse_federation_port_enabled and not matrix_synapse_tls_federation_listener_enabled),
'dendrite': matrix_dendrite_federation_enabled,
2022-08-05 03:35:41 +08:00
'conduit': matrix_conduit_allow_federation,
}[matrix_homeserver_implementation]|bool
}}
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088"
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088"
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8008' }}"
matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8048' }}"
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:8048"
2021-11-15 18:07:54 +08:00
matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
2022-07-18 17:28:39 +08:00
matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}"
2022-08-05 03:35:41 +08:00
matrix_nginx_proxy_proxy_conduit_enabled: "{{ matrix_conduit_enabled }}"
matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}"
matrix_nginx_proxy_proxy_conduit_client_api_addr_sans_container: "127.0.0.1:{{ matrix_conduit_port_number|string }}"
matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}"
matrix_nginx_proxy_proxy_conduit_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_conduit_port_number|string }}"
# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"
2020-06-29 03:47:39 +08:00
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
# OCSP stapling does not make sense when self-signed certificates are used.
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074
matrix_nginx_proxy_ocsp_stapling_enabled: "{{ matrix_playbook_ssl_retrieval_method != 'self-signed' }}"
matrix_nginx_proxy_systemd_wanted_services_list: |
{{
['matrix-' + matrix_homeserver_implementation + '.service']
+
(matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else [])
+
(['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
+
(['matrix-corporal.service'] if matrix_corporal_enabled else [])
+
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
+
([(matrix_media_repo_identifier + '.service')] if matrix_media_repo_enabled else [])
2023-07-12 14:09:27 +08:00
+
(['matrix-client-cinny.service'] if matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
2022-04-23 21:19:24 +08:00
+
(['matrix-client-element.service'] if matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
2023-08-31 00:23:52 +08:00
(['matrix-client-schildichat.service'] if matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([(grafana_identifier + '.service')] if grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-dimension.service'] if matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-rageshake.service'] if matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
2023-02-21 05:34:16 +08:00
+
(['matrix-sygnal.service'] if matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([(ntfy_identifier + '.service')] if ntfy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([(jitsi_identifier + '-web.service')] if jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
([etherpad_identifier + '.service'] if etherpad_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+
(['matrix-hookshot.service'] if matrix_hookshot_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
}}
matrix_ssl_domains_to_obtain_certificates_for: |
{{
([matrix_server_fqn_matrix])
+
([matrix_server_fqn_element] if matrix_client_element_enabled else [])
+
2021-05-15 17:23:36 +08:00
([matrix_server_fqn_hydrogen] if matrix_client_hydrogen_enabled else [])
+
2022-01-06 00:33:21 +08:00
([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else [])
+
2023-08-31 00:23:52 +08:00
([matrix_server_fqn_schildichat] if matrix_client_schildichat_enabled else [])
+
2022-04-23 21:19:24 +08:00
([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else [])
+
2019-03-07 13:22:08 +08:00
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
+
([matrix_server_fqn_etherpad] if (etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled) else [])
2022-11-04 17:36:10 +08:00
+
2021-03-12 02:23:01 +08:00
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
+
2023-04-03 13:53:46 +08:00
([matrix_server_fqn_jitsi] if jitsi_enabled else [])
2020-03-23 23:19:15 +08:00
+
([matrix_server_fqn_grafana] if grafana_enabled else [])
2021-01-29 17:30:04 +08:00
+
([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
+
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
([matrix_server_fqn_mautrix_wsproxy] if matrix_mautrix_wsproxy_enabled else [])
+
([ntfy_hostname] if ntfy_enabled else [])
+
2023-02-21 05:34:16 +08:00
([matrix_server_fqn_rageshake] if matrix_rageshake_enabled else [])
+
(matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else [])
2022-09-09 15:47:00 +08:00
+
matrix_ssl_additional_domains_to_obtain_certificates_for
}}
matrix_ssl_architecture: "{{
2022-04-04 00:42:29 +08:00
{
'amd64': 'amd64',
'arm32': 'arm32v6',
'arm64': 'arm64v8',
}[matrix_architecture]
}}"
matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}"
matrix_nginx_proxy_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_nginx_proxy_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
######################################################################
#
# /matrix-nginx-proxy
#
######################################################################
######################################################################
# #
# matrix-homeserver-proxy #
# #
######################################################################
# The playbook always enables the homeserver proxy for now.
# TODO - consider not enabling it if not necessary
matrix_homeserver_proxy_enabled: true
matrix_homeserver_proxy_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_homeserver_proxy_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string + ':' + matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
matrix_homeserver_proxy_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([
{
'synapse': matrix_synapse_container_network,
'dendrite': matrix_dendrite_container_network,
'conduit': matrix_conduit_container_network,
}[matrix_homeserver_implementation] | string
])
) | unique
}}
matrix_homeserver_proxy_client_api_addr: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else matrix_homeserver_container_client_api_endpoint }}"
matrix_homeserver_proxy_client_api_client_max_body_size_mb: |-
{{
{
'synapse': matrix_synapse_max_upload_size_mb,
'dendrite': (matrix_dendrite_max_file_size_bytes / 1024 / 1024) | round,
'conduit': (matrix_conduit_max_request_size / 1024 / 1024) | round,
}[matrix_homeserver_implementation]|int
}}
matrix_homeserver_proxy_federation_api_addr: "{{ matrix_homeserver_container_federation_api_endpoint }}"
# matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}"
# matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}"
# matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}"
# # NOTE: we cannot disable this, even though matrix-media-repo is already natively exposed at the Traefik level.
# # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3045#issuecomment-1867327001
# matrix_nginx_proxy_proxy_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
# matrix_nginx_proxy_proxy_media_repo_addr_with_container: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_port }}"
# matrix_nginx_proxy_proxy_media_repo_addr_sans_container: "127.0.0.1:{{ matrix_media_repo_port }}"
# matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
# matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
# matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
matrix_homeserver_proxy_systemd_wanted_services_list_auto: |
{{
matrix_homeserver_systemd_services_list
+
(['matrix-corporal.service'] if matrix_corporal_enabled else [])
+
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
+
([(matrix_media_repo_identifier + '.service')] if matrix_media_repo_enabled else [])
}}
# matrix_nginx_proxy_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
# matrix_nginx_proxy_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
######################################################################
# #
# /matrix-homeserver-proxy #
# #
######################################################################
########################################################################
# #
# com.devture.ansible.role.postgres #
# #
########################################################################
# To completely disable installing Postgres, use `devture_postgres_enabled: false`.
devture_postgres_identifier: matrix-postgres
devture_postgres_architecture: "{{ matrix_architecture }}"
devture_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
devture_postgres_uid: "{{ matrix_user_uid }}"
devture_postgres_gid: "{{ matrix_user_gid }}"
devture_postgres_connection_username: matrix
devture_postgres_db_name: matrix
devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}"
devture_postgres_max_connections: "{{ 500 if matrix_synapse_workers_enabled else 200 }}"
devture_postgres_managed_databases_auto: |
{{
([{
'name': matrix_synapse_database_database,
'username': matrix_synapse_database_user,
'password': matrix_synapse_database_password,
}] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_dendrite_federation_api_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_key_server_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_media_api_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_room_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_sync_api_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_user_api_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
2023-03-18 15:22:30 +08:00
},{
'name': matrix_dendrite_relay_api_database,
2023-03-18 15:43:12 +08:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_push_server_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_mscs_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
}] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_sliding_sync_database_name,
'username': matrix_sliding_sync_database_username,
'password': matrix_sliding_sync_database_password,
}] if (matrix_sliding_sync_enabled) else [])
+
([{
'name': matrix_ma1sd_database_name,
'username': matrix_ma1sd_database_username,
'password': matrix_ma1sd_database_password,
}] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_bot_matrix_reminder_bot_database_name,
'username': matrix_bot_matrix_reminder_bot_database_username,
'password': matrix_bot_matrix_reminder_bot_database_password,
}] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname) else [])
+
2022-01-07 02:30:10 +08:00
([{
'name': matrix_bot_honoroit_database_name,
'username': matrix_bot_honoroit_database_username,
'password': matrix_bot_honoroit_database_password,
}] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname) else [])
2022-01-07 02:30:10 +08:00
+
2022-08-23 01:10:35 +08:00
([{
'name': matrix_bot_postmoogle_database_name,
'username': matrix_bot_postmoogle_database_username,
'password': matrix_bot_postmoogle_database_password,
}] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_connection_hostname) else [])
2022-08-23 01:10:35 +08:00
+
2022-07-09 17:55:49 +08:00
([{
'name': matrix_bot_maubot_database_name,
'username': matrix_bot_maubot_database_username,
'password': matrix_bot_maubot_database_password,
}] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else [])
2022-01-07 02:30:10 +08:00
+
2022-04-23 21:19:24 +08:00
([{
'name': matrix_bot_buscarron_database_name,
'username': matrix_bot_buscarron_database_username,
'password': matrix_bot_buscarron_database_password,
}] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else [])
2022-04-23 21:19:24 +08:00
+
([{
'name': matrix_registration_database_name,
'username': matrix_registration_database_username,
'password': matrix_registration_database_password,
}] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_appservice_discord_database_name,
'username': matrix_appservice_discord_database_username,
'password': matrix_appservice_discord_database_password,
}] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_appservice_slack_database_name,
'username': matrix_appservice_slack_database_username,
'password': matrix_appservice_slack_database_password,
}] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_appservice_irc_database_name,
'username': matrix_appservice_irc_database_username,
'password': matrix_appservice_irc_database_password,
}] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
([{
'name': matrix_appservice_kakaotalk_database_name,
'username': matrix_appservice_kakaotalk_database_username,
'password': matrix_appservice_kakaotalk_database_password,
}] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else [])
Add matrix-appservice-kakaotalk support Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk This is pretty similar to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977 which just appeared, but has mostly been done independently. I've taken some inspiration and did some fixups based on that PR. Thanks to https://github.com/hnarjis for taking the time to contribute! Notable differences between this branch compared to that PR: - better naming and documentation around the "configuration" variables - no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service` - stores configuration in `config/`, not in `data/` - passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it - starts containers more securely - with `matrix:matrix` user:group (not `root`) and reduced capabilities (`--cap-drop=ALL`) - uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets) - `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.) - `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`) - less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well. - configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`) - logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`) - somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`) - removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 19:34:21 +08:00
+
2021-08-21 23:32:45 +08:00
([{
'name': matrix_beeper_linkedin_database_name,
'username': matrix_beeper_linkedin_database_username,
'password': matrix_beeper_linkedin_database_password,
}] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else [])
2021-08-21 23:32:45 +08:00
+
([{
'name': matrix_go_skype_bridge_database_name,
'username': matrix_go_skype_bridge_database_username,
'password': matrix_go_skype_bridge_database_password,
}] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else [])
+
2020-12-22 23:16:56 +08:00
([{
'name': matrix_mautrix_facebook_database_name,
'username': matrix_mautrix_facebook_database_username,
'password': matrix_mautrix_facebook_database_password,
}] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_mautrix_hangouts_database_name,
'username': matrix_mautrix_hangouts_database_username,
'password': matrix_mautrix_hangouts_database_password,
}] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
2021-10-12 19:45:04 +08:00
([{
'name': matrix_mautrix_googlechat_database_name,
'username': matrix_mautrix_googlechat_database_username,
'password': matrix_mautrix_googlechat_database_password,
}] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else [])
2021-10-12 19:45:04 +08:00
+
([{
'name': matrix_mautrix_instagram_database_name,
'username': matrix_mautrix_instagram_database_username,
'password': matrix_mautrix_instagram_database_password,
}] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_mautrix_signal_database_name,
'username': matrix_mautrix_signal_database_username,
'password': matrix_mautrix_signal_database_password,
}] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
+
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 20:05:32 +08:00
([{
'name': matrix_mautrix_wsproxy_syncproxy_database_name,
'username': matrix_mautrix_wsproxy_syncproxy_database_username,
'password': matrix_mautrix_wsproxy_syncproxy_database_password,
}] if (matrix_mautrix_wsproxy_enabled and matrix_mautrix_wsproxy_syncproxy_database_engine == 'postgres' and matrix_mautrix_wsproxy_syncproxy_database_hostname == 'matrix-postgres') else [])
+
2020-12-22 23:16:56 +08:00
([{
'name': matrix_mautrix_telegram_database_name,
'username': matrix_mautrix_telegram_database_username,
'password': matrix_mautrix_telegram_database_password,
}] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_mautrix_twitter_database_name,
'username': matrix_mautrix_twitter_database_username,
'password': matrix_mautrix_twitter_database_password,
}] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_mautrix_gmessages_database_name,
'username': matrix_mautrix_gmessages_database_username,
'password': matrix_mautrix_gmessages_database_password,
}] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else [])
+
2020-12-22 23:16:56 +08:00
([{
'name': matrix_mautrix_whatsapp_database_name,
'username': matrix_mautrix_whatsapp_database_username,
'password': matrix_mautrix_whatsapp_database_password,
}] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
2022-07-22 22:55:44 +08:00
'name': matrix_mautrix_discord_database_name,
'username': matrix_mautrix_discord_database_username,
'password': matrix_mautrix_discord_database_password,
}] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
2022-11-03 06:11:32 +08:00
([{
'name': matrix_mautrix_slack_database_name,
'username': matrix_mautrix_slack_database_username,
'password': matrix_mautrix_slack_database_password,
2023-01-03 09:07:04 +08:00
}] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else [])
2022-11-03 06:11:32 +08:00
+
2020-12-22 23:16:56 +08:00
([{
'name': matrix_mx_puppet_slack_database_name,
'username': matrix_mx_puppet_slack_database_username,
'password': matrix_mx_puppet_slack_database_password,
}] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_mx_puppet_twitter_database_name,
'username': matrix_mx_puppet_twitter_database_username,
'password': matrix_mx_puppet_twitter_database_password,
}] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_mx_puppet_instagram_database_name,
'username': matrix_mx_puppet_instagram_database_username,
'password': matrix_mx_puppet_instagram_database_password,
}] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_mx_puppet_discord_database_name,
'username': matrix_mx_puppet_discord_database_username,
'password': matrix_mx_puppet_discord_database_password,
}] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
([{
'name': matrix_mx_puppet_steam_database_name,
'username': matrix_mx_puppet_steam_database_username,
'password': matrix_mx_puppet_steam_database_password,
}] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 23:16:56 +08:00
+
2021-02-13 13:50:00 +08:00
([{
'name': matrix_mx_puppet_groupme_database_name,
'username': matrix_mx_puppet_groupme_database_username,
'password': matrix_mx_puppet_groupme_database_password,
}] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else [])
2021-02-13 13:50:00 +08:00
+
([{
'name': matrix_dimension_database_name,
'username': matrix_dimension_database_username,
'password': matrix_dimension_database_password,
}] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else [])
2021-01-21 07:06:35 +08:00
+
([{
'name': etherpad_database_name,
'username': etherpad_database_username,
'password': etherpad_database_password,
}] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': prometheus_postgres_exporter_database_name,
'username': prometheus_postgres_exporter_database_username,
'password': prometheus_postgres_exporter_database_password,
}] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else [])
2023-07-12 14:09:27 +08:00
+
([{
'name': matrix_media_repo_database_name,
'username': matrix_media_repo_database_username,
'password': matrix_media_repo_database_password,
}] if (matrix_media_repo_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname) else [])
}}
########################################################################
# #
# /com.devture.ansible.role.postgres #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.postgres_backup #
# #
########################################################################
devture_postgres_backup_enabled: false
devture_postgres_backup_identifier: matrix-postgres-backup
devture_postgres_backup_architecture: "{{ matrix_architecture }}"
devture_postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup"
devture_postgres_backup_systemd_required_services_list: |
{{
(['docker.service'])
+
([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else [])
}}
devture_postgres_backup_container_network: "{{ matrix_docker_network }}"
devture_postgres_backup_uid: "{{ matrix_user_uid }}"
devture_postgres_backup_gid: "{{ matrix_user_gid }}"
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
devture_postgres_backup_postgres_role_include_name: galaxy/postgres
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
########################################################################
# #
# /com.devture.ansible.role.postgres_backup #
# #
########################################################################
######################################################################
#
# matrix-sygnal
#
######################################################################
# Most people don't need their own push-server, because they also need their own app to utilize it from.
matrix_sygnal_enabled: false
# If someone instals Prometheus via the playbook, they most likely wish to monitor Sygnal.
matrix_sygnal_metrics_prometheus_enabled: "{{ prometheus_enabled }}"
2023-02-26 17:03:42 +08:00
matrix_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
matrix_sygnal_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-sygnal' }}"
matrix_sygnal_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '6000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2023-02-26 17:03:42 +08:00
matrix_sygnal_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_sygnal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sygnal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-26 17:03:42 +08:00
######################################################################
#
# /matrix-sygnal
#
######################################################################
######################################################################
#
# etke/ntfy
#
######################################################################
ntfy_enabled: false
ntfy_identifier: matrix-ntfy
ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
ntfy_uid: "{{ matrix_user_uid }}"
ntfy_gid: "{{ matrix_user_gid }}"
ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
ntfy_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else ntfy_identifier }}"
ntfy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
ntfy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
{{
[matrix_server_fqn_matrix]
}}
######################################################################
#
# /etky/ntfy
#
######################################################################
2020-09-10 19:39:00 +08:00
######################################################################
#
2023-02-17 22:23:59 +08:00
# etke/redis
2020-09-10 19:39:00 +08:00
#
######################################################################
Add support for experimental encryption in Hookshot Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042 commit 49932b8f3c17c4c4db7a884658c42f9a8b0550ca Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:21:31 2023 +0200 Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml Also, this task always does work and side-effects, so it should always report changes (`changed_when: true`). commit 6bdf7a9dcb73385313a1f34d52e27ad0cf95fb3e Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:12:41 2023 +0200 Add Hookshot validation task to ensure queue settings are set when encryption is enabled commit 8c531b7971b5dfd15ca541b5072b3eb8237cdcf9 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:10:17 2023 +0200 Add missing variables rewiring in group_vars/matrix_servers for Hookshot commit 7d26dabc2fe692f5e1236c0e250f85996f3fd0c2 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:08:19 2023 +0200 Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port commit 74f91138c92f1d1b69eb973803b882849e31a259 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:06:17 2023 +0200 Fix syntax for connecting to additional networks for Hookshot commit ca7b41f3f2d0c2900b2805294476f70e82461304 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:05:28 2023 +0200 Fix indentation and remove unnecessary if-statements commit ac4a918d58fc76e7332446a65609b56c5e4da00c Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:04:44 2023 +0200 Add missing --network for Hookshot This seems to have been removed by accident. commit 6a81fa208fca28951fc131cbf33b95ec78748a40 Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:02:47 2023 +0200 Make automatic Redis enabling safer, when Hookshot encryption enabled If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled. commit 75a8e0f2a6cbf1562cb99c68ad1f20e4d47735ed Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:01:10 2023 +0200 Fix typo commit 98ad182eaccc7ab457ead4e03cc0d4f2a525a47d Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:37:40 2023 +0100 Add defaults for Hookshot's encryption commit 29fa9fab151f513908d3e45882003da107a63c93 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:35:11 2023 +0100 Improve wording of Hookshot's encryption section commit 4f835e0560012754d7ce0b56619a97c68a297992 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:28:52 2023 +0100 use safer mount options for the container's files commit 8c93327e25c5e6af2442c676d5f264d4051c80e2 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:26:01 2023 +0100 fix filename commit 03a7bb6e7798dd95f7894311e4dd34dfa09f70fa Merge: e55d7694 06047763 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:23:44 2023 +0100 Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption commit 06047763bbd427dde117c6635ac7301198571158 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:15:54 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit e55d769465bd299081464e68d34851729d42d5ff Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:13:50 2023 +0100 clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency commit 66706e4535704deba63e5aa2102f324f9b14dae3 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:08:20 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev <slavi@devture.com> commit f6aaeb9a16f84409d31188e696885afed89fbdcc Merge: e5d34002 869dd33f Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:22:34 2023 +0100 Merge branch 'master' into HarHarLinks/hookshot-encryption commit e5d34002fd6c39c3e18df04e20d0c8b25475db78 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:09:27 2023 +0100 Add Jinja loop to allow adding multiple networks commit 69f947782d6e072c3edc4ee4c7d5ccf69eccf3fd Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:52:41 2023 +0100 split if statements for the message queue and experimental encryption support into seperate statements commit 4c13be1c89ffb1b06475c7da546f7956e67b36a1 Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:31:19 2023 +0100 change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551) commit 9905309aa9448f91297f8c7618bf62682eee2af7 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:14:04 2023 +0100 amend docs commit 94abf2d5bde63919c6b5597f3142eea5fed73815 Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:05:22 2023 +0100 draft encryption support for hookshot
2023-12-16 15:23:35 +08:00
redis_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}"
2023-02-17 22:23:59 +08:00
redis_identifier: matrix-redis
redis_uid: "{{ matrix_user_uid }}"
redis_gid: "{{ matrix_user_gid }}"
redis_base_path: "{{ matrix_base_data_path }}/redis"
2020-09-10 19:39:00 +08:00
######################################################################
#
2023-02-17 22:23:59 +08:00
# /etle/redis
2020-09-10 19:39:00 +08:00
#
######################################################################
######################################################################
#
# matrix-client-element
#
######################################################################
# By default, this playbook installs the Element web UI on the `matrix_server_fqn_element` domain.
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_client_element_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_client_element_container_network: "{{ matrix_addons_container_network }}"
matrix_client_element_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_element_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
matrix_client_element_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_element_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_element_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_element_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
# Use Dimension if enabled, otherwise fall back to Scalar
matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
matrix_client_element_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
2019-04-25 07:05:28 +08:00
matrix_client_element_enable_presence_by_hs_url: |
{{
none
2021-04-22 19:22:07 +08:00
if matrix_synapse_presence_enabled
else {matrix_client_element_default_hs_url: false}
}}
matrix_client_element_welcome_user_id: ~
matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
2020-03-23 23:19:15 +08:00
######################################################################
#
# /matrix-client-element
#
######################################################################
2021-05-15 17:23:36 +08:00
######################################################################
#
# matrix-client-hydrogen
#
######################################################################
matrix_client_hydrogen_enabled: false
matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_client_hydrogen_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8768') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2021-05-15 17:23:36 +08:00
matrix_client_hydrogen_container_network: "{{ matrix_addons_container_network }}"
matrix_client_hydrogen_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_hydrogen_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
matrix_client_hydrogen_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-05-15 17:23:36 +08:00
matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
2021-05-15 17:23:36 +08:00
######################################################################
#
# /matrix-client-hydrogen
#
######################################################################
2022-01-06 00:33:21 +08:00
######################################################################
#
# matrix-client-cinny
#
######################################################################
matrix_client_cinny_enabled: false
matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_client_cinny_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2022-01-06 00:33:21 +08:00
matrix_client_cinny_container_network: "{{ matrix_addons_container_network }}"
matrix_client_cinny_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_cinny_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
matrix_client_cinny_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2022-01-06 00:33:21 +08:00
matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
2022-01-06 00:33:21 +08:00
######################################################################
#
# /matrix-client-cinny
#
######################################################################
2023-08-31 00:23:52 +08:00
######################################################################
#
# matrix-client-schildichat
#
######################################################################
matrix_client_schildichat_enabled: false
2023-08-31 00:23:52 +08:00
matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_client_schildichat_container_network: "{{ matrix_addons_container_network }}"
2023-08-31 00:23:52 +08:00
matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_schildichat_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
2023-08-31 00:23:52 +08:00
matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}"
# Use Dimension if enabled, otherwise fall back to Scalar
matrix_client_schildichat_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_schildichat_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_schildichat_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_schildichat_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
matrix_client_schildichat_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"
matrix_client_schildichat_enable_presence_by_hs_url: |
{{
none
if matrix_synapse_presence_enabled
else {matrix_client_schildichat_default_hs_url: false}
}}
matrix_client_schildichat_welcome_user_id: ~
matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
######################################################################
#
# /matrix-client-schildichat
#
######################################################################
######################################################################
#
# matrix-synapse
#
######################################################################
matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"
matrix_synapse_username: "{{ matrix_user_username }}"
matrix_synapse_uid: "{{ matrix_user_uid }}"
matrix_synapse_gid: "{{ matrix_user_gid }}"
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
2022-07-18 17:28:39 +08:00
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
#
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
matrix_synapse_container_metrics_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9100') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"
#
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
matrix_synapse_container_manhole_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9000') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"
2023-02-17 22:23:59 +08:00
matrix_synapse_container_network: "{{ matrix_homeserver_container_network }}"
2023-02-17 22:23:59 +08:00
matrix_synapse_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
+
([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
)
2023-02-17 22:23:59 +08:00
}}
matrix_synapse_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_synapse_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_synapse_container_labels_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_client_root_redirection_url != '' }}"
matrix_synapse_container_labels_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
matrix_synapse_container_labels_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}"
# For exposing the Synapse worker (and metrics) ports to the local host.
matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}"
matrix_synapse_database_host: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"
matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"
# We do not enable TLS in Synapse by default, since it's handled by Traefik.
matrix_synapse_tls_federation_listener_enabled: false
matrix_synapse_tls_certificate_path: ~
matrix_synapse_tls_private_key_path: ~
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"
# If someone instals Prometheus via the playbook, they most likely wish to monitor Synapse.
matrix_synapse_metrics_enabled: "{{ prometheus_enabled }}"
matrix_synapse_email_enabled: "{{ exim_relay_enabled }}"
matrix_synapse_email_smtp_host: "{{ exim_relay_identifier }}"
matrix_synapse_email_smtp_port: 8025
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <{{ exim_relay_sender_address }}>"
2019-03-19 16:24:39 +08:00
# Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway.
#
# When Let's Encrypt certificates are used (the default case),
# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
matrix_synapse_turn_uris: |
{{
[]
+
[
2019-03-19 16:24:39 +08:00
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_playbook_ssl_retrieval_method != 'lets-encrypt' else []
+
[
2019-03-19 16:24:39 +08:00
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
] if matrix_coturn_enabled else []
}}
matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
matrix_synapse_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
matrix_synapse_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
+
2023-02-17 22:23:59 +08:00
([redis_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
+
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
}}
matrix_synapse_systemd_wanted_services_list_auto: |
{{
(['matrix-coturn.service'] if matrix_coturn_enabled else [])
+
([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
}}
# Synapse workers (used for parallel load-scaling) need Redis for IPC.
2023-02-17 22:23:59 +08:00
matrix_synapse_redis_enabled: "{{ redis_enabled }}"
matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else '' }}"
matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else '' }}"
2020-09-10 19:39:00 +08:00
matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
2023-07-12 14:09:27 +08:00
# Disable creation of media repository Synapse worker when using media-repo
matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
######################################################################
#
# /matrix-synapse
#
######################################################################
######################################################################
#
# matrix-synapse-auto-compressor
#
######################################################################
# Not enabled by default, for now
matrix_synapse_auto_compressor_enabled: false
matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_synapse_auto_compressor_container_additional_networks: |
{{
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_auto_compressor_container_network else [])
}}
matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_hostname: "{{ matrix_synapse_database_host if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_port: "{{ matrix_synapse_database_port if matrix_synapse_enabled else '5432' }}"
matrix_synapse_auto_compressor_database_name: "{{ matrix_synapse_database_database if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
######################################################################
#
# /matrix-synapse-auto-compressor
#
######################################################################
######################################################################
#
# matrix-synapse-reverse-proxy-companion
#
######################################################################
matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled and matrix_synapse_workers_enabled }}"
matrix_synapse_reverse_proxy_companion_container_network: "{{ matrix_synapse_container_network }}"
matrix_synapse_reverse_proxy_companion_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([] if matrix_homeserver_container_network in ['', matrix_synapse_reverse_proxy_companion_container_network] else [matrix_homeserver_container_network])
) | unique
}}
matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8008') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8048') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_client_root_redirection_enabled != '' }}"
matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_url: "{{ matrix_synapse_container_labels_client_root_redirection_url }}"
matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_client_synapse_client_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_enabled: "{{ matrix_synapse_container_labels_client_synapse_oidc_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_client_synapse_admin_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}"
matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
######################################################################
#
# /matrix-synapse-reverse-proxy-companion
#
######################################################################
######################################################################
#
# matrix-synapse-admin
#
######################################################################
matrix_synapse_admin_enabled: false
matrix_synapse_admin_nginx_proxy_integration_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_synapse_admin_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8766') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_synapse_admin_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-synapse-admin' }}"
matrix_synapse_admin_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_synapse_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /matrix-synapse-admin
#
######################################################################
2020-09-01 18:46:05 +08:00
######################################################################
#
# etke/prometheus_node_exporter
#
######################################################################
prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: matrix-prometheus-node-exporter
prometheus_node_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-node-exporter"
prometheus_node_exporter_uid: "{{ matrix_user_uid }}"
prometheus_node_exporter_gid: "{{ matrix_user_gid }}"
2023-03-18 16:26:29 +08:00
# _server_fqn is the old var, _hostname - the new one. Seamless migration
prometheus_node_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}"
2023-03-18 16:26:29 +08:00
prometheus_node_exporter_hostname: "{{ prometheus_node_exporter_server_fqn }}"
prometheus_node_exporter_container_network: "{{ matrix_docker_network }}"
prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
prometheus_node_exporter_container_labels_traefik_enabled: false
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /etke/prometheus_node_exporter
#
######################################################################
######################################################################
#
# etke/prometheus_postgres_exporter
#
######################################################################
prometheus_postgres_exporter_enabled: false
prometheus_postgres_exporter_identifier: matrix-prometheus-postgres-exporter
prometheus_postgres_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-postgres-exporter"
prometheus_postgres_exporter_uid: "{{ matrix_user_uid }}"
prometheus_postgres_exporter_gid: "{{ matrix_user_gid }}"
prometheus_postgres_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}"
prometheus_postgres_exporter_container_network: "{{ matrix_docker_network }}"
prometheus_postgres_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
prometheus_postgres_exporter_container_labels_traefik_enabled: false
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter
prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
prometheus_postgres_exporter_database_name: matrix_prometheus_postgres_exporter
prometheus_postgres_exporter_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
######################################################################
#
# /etke/prometheus_postgres_exporter
#
######################################################################
######################################################################
#
# matrix-prometheus-nginxlog-exporter
#
######################################################################
matrix_prometheus_nginxlog_exporter_enabled: false
######################################################################
#
# /matrix-prometheus-nginxlog-exporter
#
######################################################################
######################################################################
#
# prometheus
#
######################################################################
prometheus_enabled: false
prometheus_identifier: matrix-prometheus
prometheus_base_path: "{{ matrix_base_data_path }}/prometheus"
prometheus_uid: "{{ matrix_user_uid }}"
prometheus_gid: "{{ matrix_user_gid }}"
prometheus_container_additional_networks: |
{{
(
([prometheus_node_exporter_container_network] if prometheus_self_node_scraper_enabled and prometheus_node_exporter_container_network != prometheus_container_network else [])
+
([matrix_synapse_container_network] if matrix_prometheus_services_connect_scraper_synapse_enabled and matrix_synapse_container_network != prometheus_container_network else [])
+
([prometheus_postgres_exporter_container_network] if matrix_prometheus_services_connect_scraper_postgres_enabled and prometheus_postgres_exporter_container_network != prometheus_container_network else [])
+
([matrix_hookshot_container_network] if matrix_prometheus_services_connect_scraper_hookshot_enabled and matrix_hookshot_container_network != prometheus_container_network else [])
+
([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
2023-07-12 14:09:27 +08:00
+
([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
) | unique
}}
# Normally, matrix-nginx-proxy is enabled and nginx can reach Prometheus over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# Prometheus' HTTP port to the local host.
prometheus_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
prometheus_config_rule_files_auto: |
{{
(['synapse-v2.rules'] if matrix_prometheus_services_connect_synapse_rules_enabled else [])
}}
prometheus_self_node_scraper_enabled: "{{ prometheus_node_exporter_enabled }}"
prometheus_self_node_scraper_static_configs_target: "{{ (prometheus_node_exporter_identifier + ':9100') if prometheus_node_exporter_enabled else '' }}"
prometheus_config_scrape_configs_auto: |
{{
(matrix_prometheus_services_connect_scraper_synapse_configs if matrix_prometheus_services_connect_scraper_synapse_enabled else [])
+
(matrix_prometheus_services_connect_scraper_postgres_scrape_configs if matrix_prometheus_services_connect_scraper_postgres_enabled else [])
+
(matrix_prometheus_services_connect_scraper_hookshot_scrape_configs if matrix_prometheus_services_connect_scraper_hookshot_enabled else [])
+
(matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
2023-07-12 14:09:27 +08:00
+
(matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
}}
######################################################################
#
# /prometheus
#
######################################################################
######################################################################
#
# matrix-prometheus-services-connect
#
######################################################################
matrix_prometheus_services_connect_synapse_enabled: "{{ prometheus_enabled and matrix_synapse_enabled }}"
2021-02-01 00:26:08 +08:00
matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
matrix_prometheus_services_connect_synapse_rules_download_dir_path: "{{ prometheus_config_path }}"
matrix_prometheus_services_connect_synapse_rules_download_owner: "{{ prometheus_uid }}"
matrix_prometheus_services_connect_synapse_rules_download_group: "{{ prometheus_gid }}"
matrix_prometheus_services_connect_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_prometheus_services_connect_scraper_postgres_enabled: "{{ prometheus_postgres_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_postgres_static_configs_target: "{{ prometheus_postgres_exporter_identifier }}:{{ prometheus_postgres_exporter_port | string }}"
matrix_prometheus_services_connect_scraper_hookshot_enabled: "{{ matrix_hookshot_enabled and matrix_hookshot_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port | string }}"
matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_container_hostname }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}"
2023-07-12 14:09:27 +08:00
matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"
######################################################################
#
# /matrix-prometheus-services-connect
#
######################################################################
######################################################################
#
# etke/grafana
#
######################################################################
grafana_enabled: false
grafana_identifier: matrix-grafana
grafana_uid: "{{ matrix_user_uid }}"
grafana_gid: "{{ matrix_user_gid }}"
grafana_hostname: "{{ matrix_server_fqn_grafana }}"
grafana_base_path: "{{ matrix_base_data_path }}/grafana"
grafana_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else grafana_identifier }}"
grafana_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([prometheus_container_network] if prometheus_enabled and prometheus_container_network != grafana_container_network else [])
) | unique
}}
grafana_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Grafana over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# Grafana's HTTP port to the local host.
grafana_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '3000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
grafana_provisioning_datasources: |
{{
([{
'name': (matrix_server_fqn_matrix + ' - Prometheus'),
'type': 'prometheus',
'access': 'proxy',
'url': 'http://matrix-prometheus:9090',
}] if prometheus_enabled else [])
}}
grafana_dashboard_download_urls: |
{{
(matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else [])
+
(prometheus_node_exporter_dashboard_urls if prometheus_node_exporter_enabled else [])
+
(prometheus_postgres_exporter_dashboard_urls if prometheus_postgres_exporter_enabled else [])
+
(matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
2023-07-12 14:09:27 +08:00
+
(matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
}}
grafana_provisioning_dashboard_template_files: |
{{
([{
'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
'name': 'nginx-proxy.json',
}] if matrix_prometheus_nginxlog_exporter_enabled else [])
2023-07-12 14:09:27 +08:00
+
([{
'path': 'roles/custom/matrix-media-repo/templates/grafana/media-repo.json',
'name': 'media-repo.json',
}] if matrix_media_repo_metrics_enabled else [])
}}
grafana_default_home_dashboard_path: |-
{{
{
'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled and matrix_synapse_metrics_enabled else ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else '')),
'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
}[matrix_homeserver_implementation]
}}
######################################################################
#
# /etke/grafana
#
######################################################################
2020-09-01 18:46:05 +08:00
######################################################################
#
# matrix-registration
#
######################################################################
matrix_registration_enabled: false
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-registration over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-registration's HTTP port to the local host.
matrix_registration_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8767') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-09-01 18:46:05 +08:00
matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://riot.im/app/' }}"
matrix_registration_shared_secret: |-
{{
{
'synapse': matrix_synapse_registration_shared_secret,
'dendrite': matrix_dendrite_client_api_registration_shared_secret,
'conduit': '',
}[matrix_homeserver_implementation]
}}
2020-09-01 18:46:05 +08:00
matrix_registration_server_location: "{{ matrix_homeserver_container_url }}"
2020-09-01 18:46:05 +08:00
matrix_registration_api_validate_certs: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
2020-09-01 18:46:05 +08:00
matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_registration_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
# Postgres is the default, except if not using internal Postgres server
matrix_registration_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_registration_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
2020-09-01 18:46:05 +08:00
######################################################################
#
# /matrix-registration
#
######################################################################
######################################################################
#
# matrix-sliding-sync
#
######################################################################
# We don't enable the sliding sync proxy by default.
matrix_sliding_sync_enabled: false
matrix_sliding_sync_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_sliding_sync_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_sliding_sync_path_prefix: /sliding-sync
matrix_sliding_sync_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_sliding_sync_container_network: "{{ matrix_homeserver_container_network }}"
matrix_sliding_sync_container_additional_networks: |
{{
(
2024-01-05 12:04:44 +08:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_sliding_sync_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([] if matrix_homeserver_container_network in ['', matrix_sliding_sync_container_network] else [matrix_homeserver_container_network])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_sliding_sync_container_network else [])
) | unique
}}
matrix_sliding_sync_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-05 12:04:44 +08:00
matrix_sliding_sync_systemd_required_services_list_auto: |
{{
matrix_homeserver_systemd_services_list
+
2024-01-05 12:04:44 +08:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_sliding_sync_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}"
matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.secret', rounds=655555) | to_uuid }}"
matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-sliding-sync
#
######################################################################
######################################################################
#
# matrix-dendrite
#
######################################################################
matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}"
matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}"
matrix_dendrite_container_additional_networks: |
{{
(
([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_container_network != matrix_dendrite_container_network and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
)
}}
matrix_dendrite_container_http_host_bind_address: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_dendrite_http_bind_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite_https_bind_port or not matrix_playbook_service_host_bind_interface_prefix else (matrix_playbook_service_host_bind_interface_prefix + matrix_dendrite_https_bind_port | string) }}"
matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
# Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway.
matrix_dendrite_client_api_turn_uris: |
{{
[
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
]
if matrix_coturn_enabled
else []
}}
matrix_dendrite_client_api_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
matrix_dendrite_disable_tls_validation: "{{ true if matrix_playbook_ssl_retrieval_method == 'self-signed' else false }}"
matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}"
matrix_dendrite_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
+
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
}}
matrix_dendrite_systemd_wanted_services_list: |
{{
(['matrix-coturn.service'] if matrix_coturn_enabled else [])
}}
matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
######################################################################
#
# /matrix-dendrite
#
######################################################################
2022-08-05 03:35:41 +08:00
2022-08-05 03:35:41 +08:00
######################################################################
#
# matrix-conduit
#
######################################################################
matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"
matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}"
2022-08-05 03:35:41 +08:00
######################################################################
#
# /matrix-conduit
#
######################################################################
######################################################################
#
# matrix-user-creator
#
######################################################################
matrix_user_creator_users_auto: |
{{
([{
'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
'initial_password': matrix_bot_matrix_registration_bot_bot_password,
'initial_type': 'admin',
}] if matrix_bot_matrix_registration_bot_enabled else [])
+
([{
'username': matrix_bot_chatgpt_matrix_bot_username_localpart,
'initial_password': matrix_bot_chatgpt_matrix_bot_password,
'initial_type': 'bot',
}] if matrix_bot_chatgpt_enabled and matrix_bot_chatgpt_matrix_bot_password | length > 0 else [])
+
2022-11-22 21:46:00 +08:00
([{
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
'initial_type': 'bot',
2022-11-22 21:46:00 +08:00
}] if matrix_bot_matrix_reminder_bot_enabled else [])
+
2022-11-22 21:46:00 +08:00
([{
'username': matrix_bot_honoroit_login,
'initial_password': matrix_bot_honoroit_password,
'initial_type': 'bot',
2022-11-22 21:46:00 +08:00
}] if matrix_bot_honoroit_enabled else [])
+
2022-11-22 21:46:00 +08:00
([{
'username': matrix_bot_postmoogle_login,
'initial_password': matrix_bot_postmoogle_password,
'initial_type': 'bot',
2022-11-22 21:46:00 +08:00
}] if matrix_bot_postmoogle_enabled else [])
+
2022-11-22 21:46:00 +08:00
([{
'username': matrix_bot_buscarron_login,
'initial_password': matrix_bot_buscarron_password,
'initial_type': 'bot',
2022-11-22 21:46:00 +08:00
}] if matrix_bot_buscarron_enabled else [])
}}
######################################################################
#
# /matrix-user-creator
#
######################################################################
######################################################################
#
# matrix-user-verification-service
#
######################################################################
matrix_user_verification_service_enabled: false
matrix_user_verification_service_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-' + matrix_homeserver_implementation + '.service'])
}}
matrix_user_verification_service_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else [])
) | unique
}}
# If Jitsi is managed by this playbook we can use the docker network - no need to expose a port.
# If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
# matrix-user-verfification-services's client-server port to port 3003.
# By default Matrix-User-Verification-Service binds to port 3000, which collides with grafana, therefore this uses port 3003.
2023-04-03 13:53:46 +08:00
matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (jitsi_enabled | bool and jitsi_enable_auth | bool and jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"
# URL exposed in the docker network
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
# We connect via the container network (private IPs), so we need to disable IP checks
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-user-verification-service
#
######################################################################
2023-02-10 20:37:08 +08:00
########################################################################
# #
# matrix-static-files #
# #
########################################################################
matrix_static_files_enabled: true
matrix_static_files_container_network: "{{ devture_traefik_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else matrix_well_known_ident }}"
matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
# Base domain serving is not enabled by default (see `matrix_static_files_container_labels_base_domain_enabled`),
# but we pass the hostname, so that enabling it is easy.
matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_domain }}"
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"
matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "https://{{ matrix_server_fqn_element }}/map_style.json"
matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}"
########################################################################
# #
# /matrix-static-files #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
devture_container_socket_proxy_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
devture_container_socket_proxy_identifier: matrix-container-socket-proxy
devture_container_socket_proxy_base_path: "{{ matrix_base_data_path }}/container-socket-proxy"
devture_container_socket_proxy_uid: "{{ matrix_user_uid }}"
devture_container_socket_proxy_gid: "{{ matrix_user_gid }}"
# Traefik requires read access to the containers APIs to do its job
devture_container_socket_proxy_api_containers_enabled: true
########################################################################
# #
# /com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.traefik #
# #
########################################################################
devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
Relocate Traefik (to matrix-traefik.service && /matrix/traefik base path) The migration is automatic. Existing users should experience a bit of downtime until the playbook runs to completion, but don't need to do anything manually. This change is provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2535 While my statements there ("Traefik is a shared component among sibling/related playbooks and should retain its global non-matrix-prefixed name and path") do make sense, there's another point of view as well. With the addition of docker-socket-proxy support in bf2b54080789f7e, we potentially introduced another non-`matrix-`-prefixed systemd service and global path (`/devture-container-socket-proxy`). It would have started to become messy. Traefik always being called `devture-traefik.service` and using the `/devture-traefik` path has the following downsides: - different playbooks may write to the same place, unintentionally, before you disable the Traefik role in some of them. If each playbook manages its own installation, no such conflicts arise and you'll learn about the conflict when one of them starts its Traefik service and fails because the ports are already in use - the data is scattered - backing up `/matrix` is no longer enough when some stuff lives in `/devture-traefik` or `/devture-container-socket-proxy` as well; similarly, deleting `/matrix` is no longer enough to clean up For this reason, the Traefik instance managed by this playbook will now be called `matrix-traefik` and live under `/matrix/traefik`. This also makes it obvious to users running multiple playbooks, which Traefik instance (powered by which playbook) is the active one. Previously, you'd look at `devture-traefik.service` and wonder which role was managing it.
2023-03-06 15:32:13 +08:00
devture_traefik_identifier: matrix-traefik
devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik"
devture_traefik_uid: "{{ matrix_user_uid }}"
devture_traefik_gid: "{{ matrix_user_gid }}"
devture_traefik_federation_entrypoint:
name: matrix-federation
port: "{{ matrix_federation_public_port }}"
host_bind_port: "{{ matrix_federation_public_port }}"
config: {}
devture_traefik_additional_entrypoints_auto: |
{{
([devture_traefik_federation_entrypoint] if (matrix_federation_public_port != devture_traefik_config_entrypoint_web_port) and (matrix_federation_public_port != devture_traefik_config_entrypoint_web_secure_port) else [])
}}
devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains_to_obtain_certificates_for }}"
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
devture_traefik_container_additional_networks_auto: |
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
}}
devture_traefik_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.traefik #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.traefik_certs_dumper #
# #
########################################################################
devture_traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled and devture_traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"
devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper
devture_traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper"
devture_traefik_certs_dumper_uid: "{{ matrix_user_uid }}"
devture_traefik_certs_dumper_gid: "{{ matrix_user_gid }}"
devture_traefik_certs_dumper_ssl_dir_path: "{{ devture_traefik_ssl_dir_path if devture_traefik_enabled else '' }}"
########################################################################
# #
# /com.devture.ansible.role.traefik_certs_dumper #
# #
########################################################################