mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 01:53:24 +00:00 
			
		
		
		
	Merge remote-tracking branch 'github/master'
This commit is contained in:
		| @@ -1,3 +1,12 @@ | |||||||
|  | # 2020-06-05 | ||||||
|  |  | ||||||
|  | ## SMS bridging support | ||||||
|  |  | ||||||
|  | Thanks to [benkuly](https://github.com/benkuly)'s efforts, the playbook now supports bridging to SMS (with one telephone number only) via [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge). | ||||||
|  |  | ||||||
|  | See our [Setting up Matrix SMS bridging](docs/configuring-playbook-matrix-bridge-sms.md) documentation page for getting started. | ||||||
|  |  | ||||||
|  |  | ||||||
| # 2020-05-19 | # 2020-05-19 | ||||||
|  |  | ||||||
| ## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server | ## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server | ||||||
|   | |||||||
| @@ -1,24 +1,29 @@ | |||||||
| # Alternative architectures | # Alternative architectures | ||||||
|  |  | ||||||
| As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. | As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. | ||||||
|  |  | ||||||
| To that end add the following variable to your `vars.yaml` file: | To that end add the following variable to your `vars.yaml` file: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | matrix_architecture: <your-matrix-server-architecture> | ||||||
| ``` | ``` | ||||||
| matrix_architecture = <your-matrix-server-architecture> |  | ||||||
| ``` |  | ||||||
| Currently supported architectures are the following: | Currently supported architectures are the following: | ||||||
| - `amd64` (the default) | - `amd64` (the default) | ||||||
| - `arm64` | - `arm64` | ||||||
| - `arm32` | - `arm32` | ||||||
|  |  | ||||||
| so for the Raspberry Pi the following should be in your `vars.yaml` file: | so for the Raspberry Pi, the following should be in your `vars.yaml` file: | ||||||
| ``` |  | ||||||
| matrix_architecture = "arm32" | ```yaml | ||||||
|  | matrix_architecture: "arm32" | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Implementation details | ## Implementation details | ||||||
| This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. |  | ||||||
|  | This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection. | ||||||
|  |  | ||||||
| On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: | On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: | ||||||
| - matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, | - `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well | ||||||
| - matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, | - `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well | ||||||
| - matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. | - `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling. | ||||||
|   | |||||||
| @@ -49,7 +49,7 @@ docker run -it --rm \ | |||||||
| -v `pwd`:/work \ | -v `pwd`:/work \ | ||||||
| -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ | -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ | ||||||
| --entrypoint=/bin/sh \ | --entrypoint=/bin/sh \ | ||||||
| devture/ansible:2.8.1-r0 | devture/ansible:2.9.9-r0 | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). | The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). | ||||||
|   | |||||||
| @@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" | |||||||
| 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. | 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. | ||||||
| 5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`) | 5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`) | ||||||
| 6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. | 6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. | ||||||
| 7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id` | 7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. | ||||||
|  |  | ||||||
| Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. | Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. | ||||||
|  |  | ||||||
|   | |||||||
| @@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true | |||||||
| matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE | matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | You can generate a strong shared secret with a command like this: `pwgen -s 64 1` | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Authenticating only using a password provider | ## Authenticating only using a password provider | ||||||
|  |  | ||||||
|   | |||||||
| @@ -136,7 +136,7 @@ backend matrix-backend | |||||||
| 	reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2 | 	reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2 | ||||||
| 	# Rewrite redirects as ProxyPassReverse does | 	# Rewrite redirects as ProxyPassReverse does | ||||||
| 	acl response-is-redirect res.hdr(Location) -m found | 	acl response-is-redirect res.hdr(Location) -m found | ||||||
| 	rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect | 	rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| Make sure to: | Make sure to: | ||||||
|   | |||||||
| @@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als | |||||||
|  |  | ||||||
| If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org). | If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org). | ||||||
|  |  | ||||||
| To upgrade the services: | To upgrade services: | ||||||
|  |  | ||||||
| - update your playbook directory (`git pull`), so you'd obtain everything new we've done | - update your playbook directory (`git pull`), so you'd obtain everything new we've done | ||||||
|  |  | ||||||
| - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of | - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of | ||||||
|  |  | ||||||
| - re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all` | - re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all` | ||||||
|  |  | ||||||
| - restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` | - restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` | ||||||
|  |  | ||||||
| **Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). | **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). | ||||||
|   | |||||||
| @@ -6,16 +6,16 @@ | |||||||
|  |  | ||||||
| - [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`). | - [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`). | ||||||
|  |  | ||||||
| - a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* | - A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* | ||||||
|  |  | ||||||
| - the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. | - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. | ||||||
|  |  | ||||||
| - either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature. | - Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature. | ||||||
|  |  | ||||||
| - an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). | - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). | ||||||
|  |  | ||||||
| - properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)) | - Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)). | ||||||
|  |  | ||||||
| - some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP) | - Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)). | ||||||
|  |  | ||||||
| When ready to proceed, continue with [Configuring DNS](configuring-dns.md). | When ready to proceed, continue with [Configuring DNS](configuring-dns.md). | ||||||
|   | |||||||
| @@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible: | |||||||
| - `matrix-riot-web` | - `matrix-riot-web` | ||||||
| - `matrix-coturn` | - `matrix-coturn` | ||||||
| - `matrix-ma1sd` | - `matrix-ma1sd` | ||||||
|  | - `matrix-mailer` | ||||||
| - `matrix-mautrix-facebook` | - `matrix-mautrix-facebook` | ||||||
| - `matrix-mautrix-hangouts` | - `matrix-mautrix-hangouts` | ||||||
| - `matrix-mx-puppet-skype` | - `matrix-mx-puppet-skype` | ||||||
|   | |||||||
| @@ -537,11 +537,13 @@ matrix_jitsi_web_stun_servers: | | |||||||
| # | # | ||||||
| ###################################################################### | ###################################################################### | ||||||
|  |  | ||||||
| # By default, this playbook sets up a postfix mailer server (running in a container). | # By default, this playbook sets up an exim mailer server (running in a container). | ||||||
| # This is so that Synapse can send email reminders for unread messages. | # This is so that Synapse can send email reminders for unread messages. | ||||||
| # Other services (like ma1sd), also use the mailer. | # Other services (like ma1sd), also use the mailer. | ||||||
| matrix_mailer_enabled: true | matrix_mailer_enabled: true | ||||||
|  |  | ||||||
|  | matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" | ||||||
|  |  | ||||||
| ###################################################################### | ###################################################################### | ||||||
| # | # | ||||||
| # /matrix-mailer | # /matrix-mailer | ||||||
| @@ -636,6 +638,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: true | |||||||
| matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048" | matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048" | ||||||
| matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048" | matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048" | ||||||
|  |  | ||||||
|  | matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" | ||||||
|  |  | ||||||
| matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}" | matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}" | ||||||
| matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" | matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" | ||||||
| matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" | matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" | ||||||
| @@ -673,7 +677,13 @@ matrix_ssl_domains_to_obtain_certificates_for: | | |||||||
|     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) |     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) | ||||||
|   }} |   }} | ||||||
|  |  | ||||||
| matrix_ssl_architecture: "{{ matrix_architecture }}" | matrix_ssl_architecture: "{{ | ||||||
|  | 	{ | ||||||
|  | 		'amd64': 'amd64', | ||||||
|  | 		'arm32': 'arm32v6', | ||||||
|  | 		'arm64': 'arm64v8', | ||||||
|  | 	}[matrix_architecture] | ||||||
|  | }}" | ||||||
|  |  | ||||||
| ###################################################################### | ###################################################################### | ||||||
| # | # | ||||||
| @@ -780,7 +790,7 @@ matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy | |||||||
| matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" | matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" | ||||||
| # | # | ||||||
| # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. | # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. | ||||||
| matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" | matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" | ||||||
| # | # | ||||||
| # For exposing the Synapse Metrics API's port (plain HTTP) to the local host. | # For exposing the Synapse Metrics API's port (plain HTTP) to the local host. | ||||||
| matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}" | matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}" | ||||||
|   | |||||||
| @@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" | |||||||
| # This is where you access Jitsi. | # This is where you access Jitsi. | ||||||
| matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" | matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" | ||||||
|  |  | ||||||
|  | matrix_federation_public_port: 8448 | ||||||
|  |  | ||||||
| matrix_user_username: "matrix" | matrix_user_username: "matrix" | ||||||
| matrix_user_groupname: "matrix" | matrix_user_groupname: "matrix" | ||||||
|  |  | ||||||
| @@ -32,6 +34,13 @@ matrix_systemd_path: "/etc/systemd/system" | |||||||
| matrix_cron_path: "/etc/cron.d" | matrix_cron_path: "/etc/cron.d" | ||||||
| matrix_local_bin_path: "/usr/local/bin" | matrix_local_bin_path: "/usr/local/bin" | ||||||
|  |  | ||||||
|  | matrix_host_command_docker: "/usr/bin/env docker" | ||||||
|  | matrix_host_command_sleep: "/usr/bin/env sleep" | ||||||
|  | matrix_host_command_chown: "/usr/bin/env chown" | ||||||
|  | matrix_host_command_fusermount: "/usr/bin/env fusermount" | ||||||
|  | matrix_host_command_openssl: "/usr/bin/env openssl" | ||||||
|  | matrix_host_command_systemctl: "/usr/bin/env systemctl" | ||||||
|  |  | ||||||
| matrix_ntpd_package: "ntp" | matrix_ntpd_package: "ntp" | ||||||
| matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}" | matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| #jinja2: lstrip_blocks: "True" | #jinja2: lstrip_blocks: "True" | ||||||
| { | { | ||||||
| 	"m.server": "{{ matrix_server_fqn_matrix }}:8448" | 	"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}" | ||||||
| } | } | ||||||
|   | |||||||
| @@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" | |||||||
| matrix_appservice_discord_bridge_disablePresence: false | matrix_appservice_discord_bridge_disablePresence: false | ||||||
| matrix_appservice_discord_bridge_enableSelfServiceBridging: false | matrix_appservice_discord_bridge_enableSelfServiceBridging: false | ||||||
|  |  | ||||||
| matrix_appservice_discord_configuration_yaml: | | matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: "True" |  | ||||||
|   bridge: |  | ||||||
|     # Domain part of the bridge, e.g. matrix.org |  | ||||||
|     domain: {{ matrix_appservice_discord_bridge_domain }} |  | ||||||
|     # This should be your publically facing URL because Discord may use it to |  | ||||||
|     # fetch media from the media store. |  | ||||||
|     homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }} |  | ||||||
|     # Interval at which to process users in the 'presence queue'. If you have |  | ||||||
|     # 5 users, one user will be processed every 500 milliseconds according to the |  | ||||||
|     # value below. This has a minimum value of 250. |  | ||||||
|     # WARNING: This has a high chance of spamming the homeserver with presence |  | ||||||
|     # updates since it will send one each time somebody changes state or is online. |  | ||||||
|     presenceInterval: 500 |  | ||||||
|     # Disable setting presence for 'ghost users' which means Discord users on Matrix |  | ||||||
|     # will not be shown as away or online. |  | ||||||
|     disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }} |  | ||||||
|     # Disable sending typing notifications when somebody on Discord types. |  | ||||||
|     disableTypingNotifications: false |  | ||||||
|     # Disable deleting messages on Discord if a message is redacted on Matrix. |  | ||||||
|     disableDeletionForwarding: false |  | ||||||
|     # Enable users to bridge rooms using !discord commands. See |  | ||||||
|     # https://t2bot.io/discord for instructions. |  | ||||||
|     enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} |  | ||||||
|     # Disable sending of read receipts for Matrix events which have been |  | ||||||
|     # successfully bridged to Discord. |  | ||||||
|     disableReadReceipts: false |  | ||||||
|     # Disable Join Leave echos from matrix |  | ||||||
|     disableJoinLeaveNotifications: false |  | ||||||
|   # Authentication configuration for the discord bot. |  | ||||||
|   auth: |  | ||||||
|     clientID: {{ matrix_appservice_discord_client_id|string|to_json }} |  | ||||||
|     botToken: {{ matrix_appservice_discord_bot_token }} |  | ||||||
|   logging: |  | ||||||
|     # What level should the logger output to the console at. |  | ||||||
|     console: "warn" #silly, verbose, info, http, warn, error, silent |  | ||||||
|     lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format |  | ||||||
|     # files: |  | ||||||
|     #   - file: "debug.log" |  | ||||||
|     #     disable: |  | ||||||
|     #       - "PresenceHandler" # Will not capture presence logging |  | ||||||
|     #   - file: "warn.log" # Will capture warnings |  | ||||||
|     #     level: "warn" |  | ||||||
|     #   - file: "botlogs.log" # Will capture logs from DiscordBot |  | ||||||
|     #     level: "info" |  | ||||||
|     #     enable: |  | ||||||
|     #       - "DiscordBot" |  | ||||||
|   database: |  | ||||||
|     userStorePath: "/data/user-store.db" |  | ||||||
|     roomStorePath: "/data/room-store.db" |  | ||||||
|     # You may either use SQLite or Postgresql for the bridge database, which contains |  | ||||||
|     # important mappings for events and user puppeting configurations. |  | ||||||
|     # Use the filename option for SQLite, or connString for Postgresql. |  | ||||||
|     # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite |  | ||||||
|     # WARNING: You will almost certainly be fine with sqlite unless your bridge |  | ||||||
|     # is in heavy demand and you suffer from IO slowness. |  | ||||||
|     filename: "/data/discord.db" |  | ||||||
|     # connString: "postgresql://user:password@localhost/database_name" |  | ||||||
|   room: |  | ||||||
|     # Set the default visibility of alias rooms, defaults to "public". |  | ||||||
|     # One of: "public", "private" |  | ||||||
|     defaultVisibility: "public" |  | ||||||
|   channel: |  | ||||||
|       # Pattern of the name given to bridged rooms. |  | ||||||
|       # Can use :guild for the guild name and :name for the channel name. |  | ||||||
|       namePattern: "[Discord] :guild :name" |  | ||||||
|       # Changes made to rooms when a channel is deleted. |  | ||||||
|       deleteOptions: |  | ||||||
|         # Prefix the room name with a string. |  | ||||||
|         #namePrefix: "[Deleted]" |  | ||||||
|         # Prefix the room topic with a string. |  | ||||||
|         #topicPrefix: "This room has been deleted" |  | ||||||
|         # Disable people from talking in the room by raising the event PL to 50 |  | ||||||
|         disableMessaging: false |  | ||||||
|         # Remove the discord alias from the room. |  | ||||||
|         unsetRoomAlias: true |  | ||||||
|         # Remove the room from the directory. |  | ||||||
|         unlistFromDirectory: true |  | ||||||
|         # Set the room to be unavaliable for joining without an invite. |  | ||||||
|         setInviteOnly: true |  | ||||||
|         # Make all the discord users leave the room. |  | ||||||
|         ghostsLeave: true |  | ||||||
|   limits: |  | ||||||
|       # Delay in milliseconds between discord users joining a room. |  | ||||||
|       roomGhostJoinDelay: 6000 |  | ||||||
|       # Delay in milliseconds before sending messages to discord to avoid echos. |  | ||||||
|       # (Copies of a sent message may arrive from discord before we've |  | ||||||
|       # fininished handling it, causing us to echo it back to the room) |  | ||||||
|       discordSendDelay: 750 |  | ||||||
|   ghosts: |  | ||||||
|       # Pattern for the ghosts nick, available is :nick, :username, :tag and :id |  | ||||||
|       nickPattern: ":nick" |  | ||||||
|       # Pattern for the ghosts username, available is :username, :tag and :id |  | ||||||
|       usernamePattern: ":username#:tag" |  | ||||||
|  |  | ||||||
| matrix_appservice_discord_configuration_extension_yaml: | | matrix_appservice_discord_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
| @@ -60,7 +60,7 @@ | |||||||
| # We intentionally suppress Ansible changes. | # We intentionally suppress Ansible changes. | ||||||
| - name: Generate AppService Discord invite link | - name: Generate AppService Discord invite link | ||||||
|   shell: >- |   shell: >- | ||||||
|     /usr/bin/docker run --rm --name matrix-appservice-discord-link-gen |     {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen | ||||||
|     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|     --cap-drop=ALL |     --cap-drop=ALL | ||||||
|     -v {{ matrix_appservice_discord_config_path }}:/cfg |     -v {{ matrix_appservice_discord_config_path }}:/cfg | ||||||
|   | |||||||
| @@ -0,0 +1,93 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | bridge: | ||||||
|  |   # Domain part of the bridge, e.g. matrix.org | ||||||
|  |   domain: {{ matrix_appservice_discord_bridge_domain }} | ||||||
|  |   # This should be your publically facing URL because Discord may use it to | ||||||
|  |   # fetch media from the media store. | ||||||
|  |   homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }} | ||||||
|  |   # Interval at which to process users in the 'presence queue'. If you have | ||||||
|  |   # 5 users, one user will be processed every 500 milliseconds according to the | ||||||
|  |   # value below. This has a minimum value of 250. | ||||||
|  |   # WARNING: This has a high chance of spamming the homeserver with presence | ||||||
|  |   # updates since it will send one each time somebody changes state or is online. | ||||||
|  |   presenceInterval: 500 | ||||||
|  |   # Disable setting presence for 'ghost users' which means Discord users on Matrix | ||||||
|  |   # will not be shown as away or online. | ||||||
|  |   disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }} | ||||||
|  |   # Disable sending typing notifications when somebody on Discord types. | ||||||
|  |   disableTypingNotifications: false | ||||||
|  |   # Disable deleting messages on Discord if a message is redacted on Matrix. | ||||||
|  |   disableDeletionForwarding: false | ||||||
|  |   # Enable users to bridge rooms using !discord commands. See | ||||||
|  |   # https://t2bot.io/discord for instructions. | ||||||
|  |   enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} | ||||||
|  |   # Disable sending of read receipts for Matrix events which have been | ||||||
|  |   # successfully bridged to Discord. | ||||||
|  |   disableReadReceipts: false | ||||||
|  |   # Disable Join Leave echos from matrix | ||||||
|  |   disableJoinLeaveNotifications: false | ||||||
|  | # Authentication configuration for the discord bot. | ||||||
|  | auth: | ||||||
|  |   clientID: {{ matrix_appservice_discord_client_id|string|to_json }} | ||||||
|  |   botToken: {{ matrix_appservice_discord_bot_token }} | ||||||
|  | logging: | ||||||
|  |   # What level should the logger output to the console at. | ||||||
|  |   console: "warn" #silly, verbose, info, http, warn, error, silent | ||||||
|  |   lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format | ||||||
|  |   # files: | ||||||
|  |   #   - file: "debug.log" | ||||||
|  |   #     disable: | ||||||
|  |   #       - "PresenceHandler" # Will not capture presence logging | ||||||
|  |   #   - file: "warn.log" # Will capture warnings | ||||||
|  |   #     level: "warn" | ||||||
|  |   #   - file: "botlogs.log" # Will capture logs from DiscordBot | ||||||
|  |   #     level: "info" | ||||||
|  |   #     enable: | ||||||
|  |   #       - "DiscordBot" | ||||||
|  | database: | ||||||
|  |   userStorePath: "/data/user-store.db" | ||||||
|  |   roomStorePath: "/data/room-store.db" | ||||||
|  |   # You may either use SQLite or Postgresql for the bridge database, which contains | ||||||
|  |   # important mappings for events and user puppeting configurations. | ||||||
|  |   # Use the filename option for SQLite, or connString for Postgresql. | ||||||
|  |   # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite | ||||||
|  |   # WARNING: You will almost certainly be fine with sqlite unless your bridge | ||||||
|  |   # is in heavy demand and you suffer from IO slowness. | ||||||
|  |   filename: "/data/discord.db" | ||||||
|  |   # connString: "postgresql://user:password@localhost/database_name" | ||||||
|  | room: | ||||||
|  |   # Set the default visibility of alias rooms, defaults to "public". | ||||||
|  |   # One of: "public", "private" | ||||||
|  |   defaultVisibility: "public" | ||||||
|  | channel: | ||||||
|  |     # Pattern of the name given to bridged rooms. | ||||||
|  |     # Can use :guild for the guild name and :name for the channel name. | ||||||
|  |     namePattern: "[Discord] :guild :name" | ||||||
|  |     # Changes made to rooms when a channel is deleted. | ||||||
|  |     deleteOptions: | ||||||
|  |       # Prefix the room name with a string. | ||||||
|  |       #namePrefix: "[Deleted]" | ||||||
|  |       # Prefix the room topic with a string. | ||||||
|  |       #topicPrefix: "This room has been deleted" | ||||||
|  |       # Disable people from talking in the room by raising the event PL to 50 | ||||||
|  |       disableMessaging: false | ||||||
|  |       # Remove the discord alias from the room. | ||||||
|  |       unsetRoomAlias: true | ||||||
|  |       # Remove the room from the directory. | ||||||
|  |       unlistFromDirectory: true | ||||||
|  |       # Set the room to be unavaliable for joining without an invite. | ||||||
|  |       setInviteOnly: true | ||||||
|  |       # Make all the discord users leave the room. | ||||||
|  |       ghostsLeave: true | ||||||
|  | limits: | ||||||
|  |     # Delay in milliseconds between discord users joining a room. | ||||||
|  |     roomGhostJoinDelay: 6000 | ||||||
|  |     # Delay in milliseconds before sending messages to discord to avoid echos. | ||||||
|  |     # (Copies of a sent message may arrive from discord before we've | ||||||
|  |     # fininished handling it, causing us to echo it back to the room) | ||||||
|  |     discordSendDelay: 750 | ||||||
|  | ghosts: | ||||||
|  |     # Pattern for the ghosts nick, available is :nick, :username, :tag and :id | ||||||
|  |     nickPattern: ":nick" | ||||||
|  |     # Pattern for the ghosts username, available is :username, :tag and :id | ||||||
|  |     usernamePattern: ":username#:tag" | ||||||
| @@ -11,13 +11,13 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ | |||||||
| 			{{ matrix_appservice_discord_docker_image }} \ | 			{{ matrix_appservice_discord_docker_image }} \ | ||||||
| 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml | 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-appservice-discord | ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord | ||||||
| ExecStop=-/usr/bin/docker rm matrix-appservice-discord | ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-appservice-discord | SyslogIdentifier=matrix-appservice-discord | ||||||
|   | |||||||
| @@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: [] | |||||||
| matrix_appservice_irc_appservice_token: '' | matrix_appservice_irc_appservice_token: '' | ||||||
| matrix_appservice_irc_homeserver_token: '' | matrix_appservice_irc_homeserver_token: '' | ||||||
|  |  | ||||||
| matrix_appservice_irc_configuration_yaml: | | matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: True |  | ||||||
|   homeserver: |  | ||||||
|     # The URL to the home server for client-server API calls, also used to form the |  | ||||||
|     # media URLs as displayed in bridged IRC channels: |  | ||||||
|     url: {{ matrix_appservice_irc_homeserver_url }} |  | ||||||
|     # |  | ||||||
|     # The URL of the homeserver hosting media files. This is only used to transform |  | ||||||
|     # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By |  | ||||||
|     # default, this is the homeserver URL, specified above. |  | ||||||
|     # |  | ||||||
|     media_url: {{ matrix_appservice_irc_homeserver_media_url }} |  | ||||||
|  |  | ||||||
|     # Drop Matrix messages which are older than this number of seconds, according to |  | ||||||
|     # the event's origin_server_ts. |  | ||||||
|     # If the bridge is down for a while, the homeserver will attempt to send all missed |  | ||||||
|     # events on reconnection. These events may be hours old, which can be confusing to |  | ||||||
|     # IRC users if they are then bridged. This option allows these old messages to be |  | ||||||
|     # dropped. |  | ||||||
|     # CAUTION: This is a very coarse heuristic. Federated homeservers may have different |  | ||||||
|     # clock times and hence produce different origin_server_ts values, which may be old |  | ||||||
|     # enough to cause *all* events from the homeserver to be dropped. |  | ||||||
|     # Default: 0 (don't ever drop) |  | ||||||
|     # dropMatrixMessagesAfterSecs: 300 # 5 minutes |  | ||||||
|  |  | ||||||
|     # The 'domain' part for user IDs on this home server. Usually (but not always) |  | ||||||
|     # is the "domain name" part of the HS URL. |  | ||||||
|     domain: {{ matrix_appservice_irc_homeserver_domain }} |  | ||||||
|  |  | ||||||
|     # Should presence be enabled for matrix clients on this bridge. If disabled on the |  | ||||||
|     # homeserver then it should also be disabled here to avoid excess traffic. |  | ||||||
|     # Default: true |  | ||||||
|     enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} |  | ||||||
|  |  | ||||||
|   ircService: |  | ||||||
|     # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot |  | ||||||
|     # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in |  | ||||||
|     # the database. |  | ||||||
|     # |  | ||||||
|     # To generate a .pem file: |  | ||||||
|     # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 |  | ||||||
|     # |  | ||||||
|     # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords |  | ||||||
|     # for storage in the database. Passwords are stored by using the admin room command |  | ||||||
|     # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of |  | ||||||
|     # the Matrix user, this password will be sent as the server password (PASS command). |  | ||||||
|     passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification |  | ||||||
|  |  | ||||||
|     # Config for Matrix -> IRC bridging |  | ||||||
|     matrixHandler: |  | ||||||
|       # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). |  | ||||||
|       eventCacheSize: 4096 |  | ||||||
|  |  | ||||||
|     servers: {{ matrix_appservice_irc_ircService_servers|to_json }} |  | ||||||
|  |  | ||||||
|     # Configuration for an ident server. If you are running a public bridge it is |  | ||||||
|     # advised you setup an ident server so IRC mods can ban specific matrix users |  | ||||||
|     # rather than the application service itself. |  | ||||||
|     ident: |  | ||||||
|       # True to listen for Ident requests and respond with the |  | ||||||
|       # matrix user's user_id (converted to ASCII, respecting RFC 1413). |  | ||||||
|       # Default: false. |  | ||||||
|       enabled: false |  | ||||||
|       # The port to listen on for incoming ident requests. |  | ||||||
|       # Ports below 1024 require root to listen on, and you may not want this to |  | ||||||
|       # run as root. Instead, you can get something like an Apache to yank up |  | ||||||
|       # incoming requests to 113 to a high numbered port. Set the port to listen |  | ||||||
|       # on instead of 113 here. |  | ||||||
|       # Default: 113. |  | ||||||
|       port: 1113 |  | ||||||
|       # The address to listen on for incoming ident requests. |  | ||||||
|       # Default: 0.0.0.0 |  | ||||||
|       address: "::" |  | ||||||
|  |  | ||||||
|     # Configuration for logging. Optional. Default: console debug level logging |  | ||||||
|     # only. |  | ||||||
|     logging: |  | ||||||
|       # Level to log on console/logfile. One of error|warn|info|debug |  | ||||||
|       level: "debug" |  | ||||||
|       # The file location to log to. This is relative to the project directory. |  | ||||||
|       #logfile: "debug.log" |  | ||||||
|       # The file location to log errors to. This is relative to the project |  | ||||||
|       # directory. |  | ||||||
|       #errfile: "errors.log" |  | ||||||
|       # Whether to log to the console or not. |  | ||||||
|       toConsole: true |  | ||||||
|       # The max number of files to keep. Files will be overwritten eventually due |  | ||||||
|       # to rotations. |  | ||||||
|       maxFiles: 5 |  | ||||||
|  |  | ||||||
|     # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: |  | ||||||
|     #   $ npm install prom-client@6.3.0 |  | ||||||
|     # Metrics will then be available via GET /metrics on the bridge listening port (-p). |  | ||||||
|     metrics: |  | ||||||
|       # Whether to actually enable the metric endpoint. Default: false |  | ||||||
|       enabled: true |  | ||||||
|       # When collecting remote user active times, which "buckets" should be used. Defaults are given below. |  | ||||||
|       # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). |  | ||||||
|       remoteUserAgeBuckets: |  | ||||||
|         - "1h" |  | ||||||
|         - "1d" |  | ||||||
|         - "1w" |  | ||||||
|  |  | ||||||
|     # Configuration for the provisioning API. |  | ||||||
|     # |  | ||||||
|     # GET /_matrix/provision/link |  | ||||||
|     # GET /_matrix/provision/unlink |  | ||||||
|     # GET /_matrix/provision/listlinks |  | ||||||
|     # |  | ||||||
|     provisioning: |  | ||||||
|       # True to enable the provisioning HTTP endpoint. Default: false. |  | ||||||
|       enabled: false |  | ||||||
|       # The number of seconds to wait before giving up on getting a response from |  | ||||||
|       # an IRC channel operator. If the channel operator does not respond within the |  | ||||||
|       # allotted time period, the provisioning request will fail. |  | ||||||
|       # Default: 300 seconds (5 mins) |  | ||||||
|       requestTimeoutSeconds: 300 |  | ||||||
|  |  | ||||||
|   # Options here are generally only applicable to large-scale bridges and may have |  | ||||||
|   # consequences greater than other options in this configuration file. |  | ||||||
|   advanced: |  | ||||||
|     # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited |  | ||||||
|     # however for large bridges it is important to rate limit the bridge to avoid |  | ||||||
|     # accidentally overloading the homeserver. Defaults to 1000, which should be |  | ||||||
|     # enough for the vast majority of use cases. |  | ||||||
|     maxHttpSockets: 1000 |  | ||||||
|  |  | ||||||
|   # Use an external database to store bridge state. |  | ||||||
|   database: |  | ||||||
|     # database engine (must be 'postgres' or 'nedb'). Default: nedb |  | ||||||
|     engine: "nedb" |  | ||||||
|     # Either a PostgreSQL connection string, or a path to the NeDB storage directory. |  | ||||||
|     # For postgres, it must start with postgres:// |  | ||||||
|     # For NeDB, it must start with nedb://. The path is relative to the project directory. |  | ||||||
|     connectionString: "nedb:///data" |  | ||||||
|  |  | ||||||
| matrix_appservice_irc_configuration_extension_yaml: | | matrix_appservice_irc_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration for Appservice IRC servers goes here. |   # Your custom YAML configuration for Appservice IRC servers goes here. | ||||||
|   | |||||||
| @@ -58,7 +58,7 @@ | |||||||
|   register: irc_passkey_file |   register: irc_passkey_file | ||||||
|  |  | ||||||
| - name: Generate Appservice IRC passkey if it doesn't exist | - name: Generate Appservice IRC passkey if it doesn't exist | ||||||
|   shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 |   shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" | ||||||
|   become: true |   become: true | ||||||
|   become_user: "{{ matrix_user_username }}" |   become_user: "{{ matrix_user_username }}" | ||||||
|   when: "not irc_passkey_file.stat.exists" |   when: "not irc_passkey_file.stat.exists" | ||||||
| @@ -93,7 +93,7 @@ | |||||||
| # to produce a final registration.yaml file, as we desire. | # to produce a final registration.yaml file, as we desire. | ||||||
| - name: Generate Appservice IRC registration-template.yaml | - name: Generate Appservice IRC registration-template.yaml | ||||||
|   shell: >- |   shell: >- | ||||||
|     /usr/bin/docker run --rm --name matrix-appservice-irc-gen |     {{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen | ||||||
|     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|     --cap-drop=ALL |     --cap-drop=ALL | ||||||
|     -v {{ matrix_appservice_irc_config_path }}:/config:z |     -v {{ matrix_appservice_irc_config_path }}:/config:z | ||||||
|   | |||||||
							
								
								
									
										134
									
								
								roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										134
									
								
								roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,134 @@ | |||||||
|  | #jinja2: lstrip_blocks: True | ||||||
|  | homeserver: | ||||||
|  |   # The URL to the home server for client-server API calls, also used to form the | ||||||
|  |   # media URLs as displayed in bridged IRC channels: | ||||||
|  |   url: {{ matrix_appservice_irc_homeserver_url }} | ||||||
|  |   # | ||||||
|  |   # The URL of the homeserver hosting media files. This is only used to transform | ||||||
|  |   # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By | ||||||
|  |   # default, this is the homeserver URL, specified above. | ||||||
|  |   # | ||||||
|  |   media_url: {{ matrix_appservice_irc_homeserver_media_url }} | ||||||
|  |  | ||||||
|  |   # Drop Matrix messages which are older than this number of seconds, according to | ||||||
|  |   # the event's origin_server_ts. | ||||||
|  |   # If the bridge is down for a while, the homeserver will attempt to send all missed | ||||||
|  |   # events on reconnection. These events may be hours old, which can be confusing to | ||||||
|  |   # IRC users if they are then bridged. This option allows these old messages to be | ||||||
|  |   # dropped. | ||||||
|  |   # CAUTION: This is a very coarse heuristic. Federated homeservers may have different | ||||||
|  |   # clock times and hence produce different origin_server_ts values, which may be old | ||||||
|  |   # enough to cause *all* events from the homeserver to be dropped. | ||||||
|  |   # Default: 0 (don't ever drop) | ||||||
|  |   # dropMatrixMessagesAfterSecs: 300 # 5 minutes | ||||||
|  |  | ||||||
|  |   # The 'domain' part for user IDs on this home server. Usually (but not always) | ||||||
|  |   # is the "domain name" part of the HS URL. | ||||||
|  |   domain: {{ matrix_appservice_irc_homeserver_domain }} | ||||||
|  |  | ||||||
|  |   # Should presence be enabled for matrix clients on this bridge. If disabled on the | ||||||
|  |   # homeserver then it should also be disabled here to avoid excess traffic. | ||||||
|  |   # Default: true | ||||||
|  |   enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} | ||||||
|  |  | ||||||
|  | ircService: | ||||||
|  |   # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot | ||||||
|  |   # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in | ||||||
|  |   # the database. | ||||||
|  |   # | ||||||
|  |   # To generate a .pem file: | ||||||
|  |   # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 | ||||||
|  |   # | ||||||
|  |   # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords | ||||||
|  |   # for storage in the database. Passwords are stored by using the admin room command | ||||||
|  |   # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of | ||||||
|  |   # the Matrix user, this password will be sent as the server password (PASS command). | ||||||
|  |   passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification | ||||||
|  |  | ||||||
|  |   # Config for Matrix -> IRC bridging | ||||||
|  |   matrixHandler: | ||||||
|  |     # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). | ||||||
|  |     eventCacheSize: 4096 | ||||||
|  |  | ||||||
|  |   servers: {{ matrix_appservice_irc_ircService_servers|to_json }} | ||||||
|  |  | ||||||
|  |   # Configuration for an ident server. If you are running a public bridge it is | ||||||
|  |   # advised you setup an ident server so IRC mods can ban specific matrix users | ||||||
|  |   # rather than the application service itself. | ||||||
|  |   ident: | ||||||
|  |     # True to listen for Ident requests and respond with the | ||||||
|  |     # matrix user's user_id (converted to ASCII, respecting RFC 1413). | ||||||
|  |     # Default: false. | ||||||
|  |     enabled: false | ||||||
|  |     # The port to listen on for incoming ident requests. | ||||||
|  |     # Ports below 1024 require root to listen on, and you may not want this to | ||||||
|  |     # run as root. Instead, you can get something like an Apache to yank up | ||||||
|  |     # incoming requests to 113 to a high numbered port. Set the port to listen | ||||||
|  |     # on instead of 113 here. | ||||||
|  |     # Default: 113. | ||||||
|  |     port: 1113 | ||||||
|  |     # The address to listen on for incoming ident requests. | ||||||
|  |     # Default: 0.0.0.0 | ||||||
|  |     address: "::" | ||||||
|  |  | ||||||
|  |   # Configuration for logging. Optional. Default: console debug level logging | ||||||
|  |   # only. | ||||||
|  |   logging: | ||||||
|  |     # Level to log on console/logfile. One of error|warn|info|debug | ||||||
|  |     level: "debug" | ||||||
|  |     # The file location to log to. This is relative to the project directory. | ||||||
|  |     #logfile: "debug.log" | ||||||
|  |     # The file location to log errors to. This is relative to the project | ||||||
|  |     # directory. | ||||||
|  |     #errfile: "errors.log" | ||||||
|  |     # Whether to log to the console or not. | ||||||
|  |     toConsole: true | ||||||
|  |     # The max number of files to keep. Files will be overwritten eventually due | ||||||
|  |     # to rotations. | ||||||
|  |     maxFiles: 5 | ||||||
|  |  | ||||||
|  |   # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: | ||||||
|  |   #   $ npm install prom-client@6.3.0 | ||||||
|  |   # Metrics will then be available via GET /metrics on the bridge listening port (-p). | ||||||
|  |   metrics: | ||||||
|  |     # Whether to actually enable the metric endpoint. Default: false | ||||||
|  |     enabled: true | ||||||
|  |     # When collecting remote user active times, which "buckets" should be used. Defaults are given below. | ||||||
|  |     # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). | ||||||
|  |     remoteUserAgeBuckets: | ||||||
|  |       - "1h" | ||||||
|  |       - "1d" | ||||||
|  |       - "1w" | ||||||
|  |  | ||||||
|  |   # Configuration for the provisioning API. | ||||||
|  |   # | ||||||
|  |   # GET /_matrix/provision/link | ||||||
|  |   # GET /_matrix/provision/unlink | ||||||
|  |   # GET /_matrix/provision/listlinks | ||||||
|  |   # | ||||||
|  |   provisioning: | ||||||
|  |     # True to enable the provisioning HTTP endpoint. Default: false. | ||||||
|  |     enabled: false | ||||||
|  |     # The number of seconds to wait before giving up on getting a response from | ||||||
|  |     # an IRC channel operator. If the channel operator does not respond within the | ||||||
|  |     # allotted time period, the provisioning request will fail. | ||||||
|  |     # Default: 300 seconds (5 mins) | ||||||
|  |     requestTimeoutSeconds: 300 | ||||||
|  |  | ||||||
|  | # Options here are generally only applicable to large-scale bridges and may have | ||||||
|  | # consequences greater than other options in this configuration file. | ||||||
|  | advanced: | ||||||
|  |   # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited | ||||||
|  |   # however for large bridges it is important to rate limit the bridge to avoid | ||||||
|  |   # accidentally overloading the homeserver. Defaults to 1000, which should be | ||||||
|  |   # enough for the vast majority of use cases. | ||||||
|  |   maxHttpSockets: 1000 | ||||||
|  |  | ||||||
|  | # Use an external database to store bridge state. | ||||||
|  | database: | ||||||
|  |   # database engine (must be 'postgres' or 'nedb'). Default: nedb | ||||||
|  |   engine: "nedb" | ||||||
|  |   # Either a PostgreSQL connection string, or a path to the NeDB storage directory. | ||||||
|  |   # For postgres, it must start with postgres:// | ||||||
|  |   # For NeDB, it must start with nedb://. The path is relative to the project directory. | ||||||
|  |   connectionString: "nedb:///data" | ||||||
| @@ -11,13 +11,13 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ | |||||||
| 			{{ matrix_appservice_irc_docker_image }} \ | 			{{ matrix_appservice_irc_docker_image }} \ | ||||||
| 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' | 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-appservice-irc | ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc | ||||||
| ExecStop=-/usr/bin/docker rm matrix-appservice-irc | ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-appservice-irc | SyslogIdentifier=matrix-appservice-irc | ||||||
|   | |||||||
| @@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: '' | |||||||
| matrix_appservice_slack_homeserver_token: '' | matrix_appservice_slack_homeserver_token: '' | ||||||
| matrix_appservice_slack_id_token: '' | matrix_appservice_slack_id_token: '' | ||||||
|  |  | ||||||
| matrix_appservice_slack_configuration_yaml: | | matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|     slack_hook_port: {{ matrix_appservice_slack_slack_port }} |  | ||||||
|     inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}" |  | ||||||
|     bot_username: "{{ matrix_appservice_slack_bot_name }}" |  | ||||||
|     username_prefix: {{ matrix_appservice_slack_user_prefix }} |  | ||||||
|  |  | ||||||
|     homeserver: |  | ||||||
|         media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" |  | ||||||
|         url: "{{ matrix_appservice_slack_homeserver_url }}" |  | ||||||
|         server_name: "{{ matrix_domain }}" |  | ||||||
|  |  | ||||||
|     dbdir: "/data" |  | ||||||
|  |  | ||||||
|     matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}" |  | ||||||
|  |  | ||||||
|  |  | ||||||
| matrix_appservice_slack_configuration_extension_yaml: | | matrix_appservice_slack_configuration_extension_yaml: | | ||||||
|     #slack_hook_port: 9898 |     #slack_hook_port: 9898 | ||||||
|   | |||||||
| @@ -0,0 +1,14 @@ | |||||||
|  | #jinja2: lstrip_blocks: True | ||||||
|  | slack_hook_port: {{ matrix_appservice_slack_slack_port }} | ||||||
|  | inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}" | ||||||
|  | bot_username: "{{ matrix_appservice_slack_bot_name }}" | ||||||
|  | username_prefix: {{ matrix_appservice_slack_user_prefix }} | ||||||
|  |  | ||||||
|  | homeserver: | ||||||
|  |     media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" | ||||||
|  |     url: "{{ matrix_appservice_slack_homeserver_url }}" | ||||||
|  |     server_name: "{{ matrix_domain }}" | ||||||
|  |  | ||||||
|  | dbdir: "/data" | ||||||
|  |  | ||||||
|  | matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}" | ||||||
| @@ -11,13 +11,13 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \ | |||||||
| 			{{ matrix_appservice_slack_docker_image }} \ | 			{{ matrix_appservice_slack_docker_image }} \ | ||||||
| 			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml | 			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-appservice-slack | ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack | ||||||
| ExecStop=-/usr/bin/docker rm matrix-appservice-slack | ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-appservice-slack | SyslogIdentifier=matrix-appservice-slack | ||||||
|   | |||||||
| @@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: '' | |||||||
| # Logging information (info and verbose is available) default is: info | # Logging information (info and verbose is available) default is: info | ||||||
| matrix_appservice_webhooks_log_level: 'info' | matrix_appservice_webhooks_log_level: 'info' | ||||||
|  |  | ||||||
| matrix_appservice_webhooks_configuration_yaml: | | matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|  |  | ||||||
|   # Configuration specific to the application service. All fields (unless otherwise marked) are required. |  | ||||||
|   homeserver: |  | ||||||
|     # The domain for the client-server API calls. |  | ||||||
|     url: "{{ matrix_appservice_webhooks_homeserver_url }}" |  | ||||||
|  |  | ||||||
|     # The domain part for user IDs on this home server. Usually, but not always, this is the same as the |  | ||||||
|     # home server's URL. |  | ||||||
|     domain: "{{ matrix_domain }}" |  | ||||||
|  |  | ||||||
|   # Configuration specific to the bridge. All fields (unless otherwise marked) are required. |  | ||||||
|   webhookBot: |  | ||||||
|     # The localpart to use for the bot. May require re-registering the application service. |  | ||||||
|     localpart: "_webhook" |  | ||||||
|  |  | ||||||
|   # Provisioning API options |  | ||||||
|   provisioning: |  | ||||||
|     # Your secret for the API. Required for all provisioning API requests. |  | ||||||
|     secret: '{{ matrix_appservice_webhooks_api_secret }}' |  | ||||||
|  |  | ||||||
|   # Configuration related to the web portion of the bridge. Handles the inbound webhooks |  | ||||||
|   web: |  | ||||||
|     hookUrlBase:  "{{ matrix_appservice_webhooks_inbound_uri_prefix }}" |  | ||||||
|  |  | ||||||
|   logging: |  | ||||||
|     console: true |  | ||||||
|     consoleLevel: {{ matrix_appservice_webhooks_log_level }} |  | ||||||
|     writeFiles: false |  | ||||||
|  |  | ||||||
| matrix_appservice_webhooks_configuration_extension_yaml: | | matrix_appservice_webhooks_configuration_extension_yaml: | | ||||||
|   # |   # | ||||||
|   | |||||||
| @@ -0,0 +1,28 @@ | |||||||
|  | #jinja2: lstrip_blocks: True | ||||||
|  | # Configuration specific to the application service. All fields (unless otherwise marked) are required. | ||||||
|  | homeserver: | ||||||
|  |   # The domain for the client-server API calls. | ||||||
|  |   url: "{{ matrix_appservice_webhooks_homeserver_url }}" | ||||||
|  |  | ||||||
|  |   # The domain part for user IDs on this home server. Usually, but not always, this is the same as the | ||||||
|  |   # home server's URL. | ||||||
|  |   domain: "{{ matrix_domain }}" | ||||||
|  |  | ||||||
|  | # Configuration specific to the bridge. All fields (unless otherwise marked) are required. | ||||||
|  | webhookBot: | ||||||
|  |   # The localpart to use for the bot. May require re-registering the application service. | ||||||
|  |   localpart: "_webhook" | ||||||
|  |  | ||||||
|  | # Provisioning API options | ||||||
|  | provisioning: | ||||||
|  |   # Your secret for the API. Required for all provisioning API requests. | ||||||
|  |   secret: '{{ matrix_appservice_webhooks_api_secret }}' | ||||||
|  |  | ||||||
|  | # Configuration related to the web portion of the bridge. Handles the inbound webhooks | ||||||
|  | web: | ||||||
|  |   hookUrlBase:  "{{ matrix_appservice_webhooks_inbound_uri_prefix }}" | ||||||
|  |  | ||||||
|  | logging: | ||||||
|  |   console: true | ||||||
|  |   consoleLevel: {{ matrix_appservice_webhooks_log_level }} | ||||||
|  |   writeFiles: false | ||||||
| @@ -11,13 +11,13 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \ | |||||||
| 			{{ matrix_appservice_webhooks_docker_image }} \ | 			{{ matrix_appservice_webhooks_docker_image }} \ | ||||||
| 			node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml | 			node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks | ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks | ||||||
| ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks | ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-appservice-webhooks | SyslogIdentifier=matrix-appservice-webhooks | ||||||
|   | |||||||
| @@ -38,160 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: '' | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_mautrix_facebook_configuration_yaml: | | matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: "True" |  | ||||||
|   # Homeserver details |  | ||||||
|   homeserver: |  | ||||||
|       # The address that this appservice can use to connect to the homeserver. |  | ||||||
|       address: {{ matrix_mautrix_facebook_homeserver_address }} |  | ||||||
|       # The domain of the homeserver (for MXIDs, etc). |  | ||||||
|       domain: {{ matrix_mautrix_facebook_homeserver_domain }} |  | ||||||
|       # Whether or not to verify the SSL certificate of the homeserver. |  | ||||||
|       # Only applies if address starts with https:// |  | ||||||
|       verify_ssl: true |  | ||||||
|  |  | ||||||
|   # Application service host/registration related details |  | ||||||
|   # Changing these values requires regeneration of the registration. |  | ||||||
|   appservice: |  | ||||||
|       # The address that the homeserver can use to connect to this appservice. |  | ||||||
|       address: {{ matrix_mautrix_facebook_appservice_address }} |  | ||||||
|  |  | ||||||
|       # The hostname and port where this appservice should listen. |  | ||||||
|       hostname: 0.0.0.0 |  | ||||||
|       port: 29319 |  | ||||||
|       # The maximum body size of appservice API requests (from the homeserver) in mebibytes |  | ||||||
|       # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s |  | ||||||
|       max_body_size: 1 |  | ||||||
|  |  | ||||||
|       # The full URI to the database. SQLite and Postgres are fully supported. |  | ||||||
|       # Other DBMSes supported by SQLAlchemy may or may not work. |  | ||||||
|       # Format examples: |  | ||||||
|       #   SQLite:   sqlite:///filename.db |  | ||||||
|       #   Postgres: postgres://username:password@hostname/dbname |  | ||||||
|       database: sqlite:////data/mautrix-facebook.db |  | ||||||
|  |  | ||||||
|       # Public part of web server for out-of-Matrix interaction with the bridge. |  | ||||||
|       public: |  | ||||||
|           # Whether or not the public-facing endpoints should be enabled. |  | ||||||
|           enabled: false |  | ||||||
|           # The prefix to use in the public-facing endpoints. |  | ||||||
|           prefix: /public |  | ||||||
|           # The base URL where the public-facing endpoints are available. The prefix is not added |  | ||||||
|           # implicitly. |  | ||||||
|           external: https://example.com/public |  | ||||||
|  |  | ||||||
|       # The unique ID of this appservice. |  | ||||||
|       id: facebook |  | ||||||
|       # Username of the appservice bot. |  | ||||||
|       bot_username: facebookbot |  | ||||||
|       # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty |  | ||||||
|       # to leave display name/avatar as-is. |  | ||||||
|       bot_displayname: Facebook bridge bot |  | ||||||
|       bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv |  | ||||||
|  |  | ||||||
|       # Authentication tokens for AS <-> HS communication. |  | ||||||
|       as_token: "{{ matrix_mautrix_facebook_appservice_token }}" |  | ||||||
|       hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}" |  | ||||||
|  |  | ||||||
|   # Bridge config |  | ||||||
|   bridge: |  | ||||||
|       # Localpart template of MXIDs for Facebook users. |  | ||||||
|       # {userid} is replaced with the user ID of the Facebook user. |  | ||||||
|       username_template: "facebook_{userid}" |  | ||||||
|       # Localpart template for per-user room grouping community IDs. |  | ||||||
|       # The bridge will create these communities and add all of the specific user's portals to the community. |  | ||||||
|       # {localpart} is the MXID localpart and {server} is the MXID server part of the user. |  | ||||||
|       # |  | ||||||
|       # `facebook_{localpart}={server}` is a good value. |  | ||||||
|       community_template: null |  | ||||||
|       # Displayname template for Facebook users. |  | ||||||
|       # {displayname} is replaced with the display name of the Facebook user |  | ||||||
|       #               as defined below in displayname_preference. |  | ||||||
|       # Keys available for displayname_preference are also available here. |  | ||||||
|       displayname_template: '{displayname} (FB)' |  | ||||||
|       # Available keys: |  | ||||||
|       # "name" (full name) |  | ||||||
|       # "first_name" |  | ||||||
|       # "last_name" |  | ||||||
|       # "nickname" |  | ||||||
|       # "own_nickname" (user-specific!) |  | ||||||
|       displayname_preference: |  | ||||||
|       - name |  | ||||||
|  |  | ||||||
|       # The prefix for commands. Only required in non-management rooms. |  | ||||||
|       command_prefix: "!fb" |  | ||||||
|  |  | ||||||
|       # Number of chats to sync (and create portals for) on startup/login. |  | ||||||
|       # Maximum 20, set 0 to disable automatic syncing. |  | ||||||
|       initial_chat_sync: 10 |  | ||||||
|       # Whether or not the Facebook users of logged in Matrix users should be |  | ||||||
|       # invited to private chats when the user sends a message from another client. |  | ||||||
|       invite_own_puppet_to_pm: false |  | ||||||
|       # Whether or not to use /sync to get presence, read receipts and typing notifications when using |  | ||||||
|       # your own Matrix account as the Matrix puppet for your Facebook account. |  | ||||||
|       sync_with_custom_puppets: true |  | ||||||
|       # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth |  | ||||||
|       # |  | ||||||
|       # If set, custom puppets will be enabled automatically for local users |  | ||||||
|       # instead of users having to find an access token and run `login-matrix` |  | ||||||
|       # manually. |  | ||||||
|       login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }} |  | ||||||
|       # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast |  | ||||||
|       # presence, but then it won't send other users' presence to the client. |  | ||||||
|       presence: true |  | ||||||
|       # Whether or not to update avatars when syncing all contacts at startup. |  | ||||||
|       update_avatar_initial_sync: true |  | ||||||
|       # End-to-bridge encryption support options. These require matrix-nio to be installed with pip |  | ||||||
|       # and login_shared_secret to be configured in order to get a device for the bridge bot. |  | ||||||
|       # |  | ||||||
|       # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal |  | ||||||
|       # application service. |  | ||||||
|       encryption: |  | ||||||
|           # Allow encryption, work in group chat rooms with e2ee enabled |  | ||||||
|           allow: false |  | ||||||
|           # Default to encryption, force-enable encryption in all portals the bridge creates |  | ||||||
|           # This will cause the bridge bot to be in private chats for the encryption to work properly. |  | ||||||
|           default: false |  | ||||||
|  |  | ||||||
|       # Permissions for using the bridge. |  | ||||||
|       # Permitted values: |  | ||||||
|       #       user - Use the bridge with puppeting. |  | ||||||
|       #      admin - Use and administrate the bridge. |  | ||||||
|       # Permitted keys: |  | ||||||
|       #        * - All Matrix users |  | ||||||
|       #   domain - All users on that homeserver |  | ||||||
|       #     mxid - Specific user |  | ||||||
|       permissions: |  | ||||||
|         '{{ matrix_mautrix_facebook_homeserver_domain }}': user |  | ||||||
|  |  | ||||||
|   # Python logging configuration. |  | ||||||
|   # |  | ||||||
|   # See section 16.7.2 of the Python documentation for more info: |  | ||||||
|   # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema |  | ||||||
|   logging: |  | ||||||
|       version: 1 |  | ||||||
|       formatters: |  | ||||||
|           colored: |  | ||||||
|               (): mautrix_facebook.util.ColorFormatter |  | ||||||
|               format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" |  | ||||||
|           normal: |  | ||||||
|               format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" |  | ||||||
|       handlers: |  | ||||||
|           console: |  | ||||||
|               class: logging.StreamHandler |  | ||||||
|               formatter: colored |  | ||||||
|       loggers: |  | ||||||
|           mau: |  | ||||||
|               level: DEBUG |  | ||||||
|           fbchat: |  | ||||||
|               level: DEBUG |  | ||||||
|           hbmqtt: |  | ||||||
|               level: INFO |  | ||||||
|           aiohttp: |  | ||||||
|               level: INFO |  | ||||||
|       root: |  | ||||||
|           level: DEBUG |  | ||||||
|           handlers: [console] |  | ||||||
|  |  | ||||||
| matrix_mautrix_facebook_configuration_extension_yaml: | | matrix_mautrix_facebook_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
							
								
								
									
										194
									
								
								roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										194
									
								
								roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,194 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | # Homeserver details | ||||||
|  | homeserver: | ||||||
|  |     # The address that this appservice can use to connect to the homeserver. | ||||||
|  |     address: {{ matrix_mautrix_facebook_homeserver_address }} | ||||||
|  |     # The domain of the homeserver (for MXIDs, etc). | ||||||
|  |     domain: {{ matrix_mautrix_facebook_homeserver_domain }} | ||||||
|  |     # Whether or not to verify the SSL certificate of the homeserver. | ||||||
|  |     # Only applies if address starts with https:// | ||||||
|  |     verify_ssl: true | ||||||
|  |  | ||||||
|  | # Application service host/registration related details | ||||||
|  | # Changing these values requires regeneration of the registration. | ||||||
|  | appservice: | ||||||
|  |     # The address that the homeserver can use to connect to this appservice. | ||||||
|  |     address: {{ matrix_mautrix_facebook_appservice_address }} | ||||||
|  |  | ||||||
|  |     # The hostname and port where this appservice should listen. | ||||||
|  |     hostname: 0.0.0.0 | ||||||
|  |     port: 29319 | ||||||
|  |     # The maximum body size of appservice API requests (from the homeserver) in mebibytes | ||||||
|  |     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s | ||||||
|  |     max_body_size: 1 | ||||||
|  |  | ||||||
|  |     # The full URI to the database. SQLite and Postgres are fully supported. | ||||||
|  |     # Other DBMSes supported by SQLAlchemy may or may not work. | ||||||
|  |     # Format examples: | ||||||
|  |     #   SQLite:   sqlite:///filename.db | ||||||
|  |     #   Postgres: postgres://username:password@hostname/dbname | ||||||
|  |     database: sqlite:////data/mautrix-facebook.db | ||||||
|  |  | ||||||
|  |     # Public part of web server for out-of-Matrix interaction with the bridge. | ||||||
|  |     public: | ||||||
|  |         # Whether or not the public-facing endpoints should be enabled. | ||||||
|  |         enabled: false | ||||||
|  |         # The prefix to use in the public-facing endpoints. | ||||||
|  |         prefix: /public | ||||||
|  |         # The base URL where the public-facing endpoints are available. The prefix is not added | ||||||
|  |         # implicitly. | ||||||
|  |         external: https://example.com/public | ||||||
|  |  | ||||||
|  |     # The unique ID of this appservice. | ||||||
|  |     id: facebook | ||||||
|  |     # Username of the appservice bot. | ||||||
|  |     bot_username: facebookbot | ||||||
|  |     # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||||||
|  |     # to leave display name/avatar as-is. | ||||||
|  |     bot_displayname: Facebook bridge bot | ||||||
|  |     bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv | ||||||
|  |  | ||||||
|  |     # Authentication tokens for AS <-> HS communication. | ||||||
|  |     as_token: "{{ matrix_mautrix_facebook_appservice_token }}" | ||||||
|  |     hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}" | ||||||
|  |  | ||||||
|  | # Bridge config | ||||||
|  | bridge: | ||||||
|  |     # Localpart template of MXIDs for Facebook users. | ||||||
|  |     # {userid} is replaced with the user ID of the Facebook user. | ||||||
|  |     username_template: "facebook_{userid}" | ||||||
|  |     # Localpart template for per-user room grouping community IDs. | ||||||
|  |     # The bridge will create these communities and add all of the specific user's portals to the community. | ||||||
|  |     # {localpart} is the MXID localpart and {server} is the MXID server part of the user. | ||||||
|  |     # | ||||||
|  |     # `facebook_{localpart}={server}` is a good value. | ||||||
|  |     community_template: null | ||||||
|  |     # Displayname template for Facebook users. | ||||||
|  |     # {displayname} is replaced with the display name of the Facebook user | ||||||
|  |     #               as defined below in displayname_preference. | ||||||
|  |     # Keys available for displayname_preference are also available here. | ||||||
|  |     displayname_template: '{displayname} (FB)' | ||||||
|  |     # Available keys: | ||||||
|  |     # "name" (full name) | ||||||
|  |     # "first_name" | ||||||
|  |     # "last_name" | ||||||
|  |     # "nickname" | ||||||
|  |     # "own_nickname" (user-specific!) | ||||||
|  |     displayname_preference: | ||||||
|  |     - name | ||||||
|  |  | ||||||
|  |     # The prefix for commands. Only required in non-management rooms. | ||||||
|  |     command_prefix: "!fb" | ||||||
|  |  | ||||||
|  |     # Number of chats to sync (and create portals for) on startup/login. | ||||||
|  |     # Maximum 20, set 0 to disable automatic syncing. | ||||||
|  |     initial_chat_sync: 10 | ||||||
|  |     # Whether or not the Facebook users of logged in Matrix users should be | ||||||
|  |     # invited to private chats when the user sends a message from another client. | ||||||
|  |     invite_own_puppet_to_pm: false | ||||||
|  |     # Whether or not to use /sync to get presence, read receipts and typing notifications when using | ||||||
|  |     # your own Matrix account as the Matrix puppet for your Facebook account. | ||||||
|  |     sync_with_custom_puppets: true | ||||||
|  |     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth | ||||||
|  |     # | ||||||
|  |     # If set, custom puppets will be enabled automatically for local users | ||||||
|  |     # instead of users having to find an access token and run `login-matrix` | ||||||
|  |     # manually. | ||||||
|  |     login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }} | ||||||
|  |     # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast | ||||||
|  |     # presence, but then it won't send other users' presence to the client. | ||||||
|  |     presence: true | ||||||
|  |     # Whether or not to update avatars when syncing all contacts at startup. | ||||||
|  |     update_avatar_initial_sync: true | ||||||
|  |     # End-to-bridge encryption support options. These require matrix-nio to be installed with pip | ||||||
|  |     # and login_shared_secret to be configured in order to get a device for the bridge bot. | ||||||
|  |     # | ||||||
|  |     # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal | ||||||
|  |     # application service. | ||||||
|  |     encryption: | ||||||
|  |         # Allow encryption, work in group chat rooms with e2ee enabled | ||||||
|  |         allow: false | ||||||
|  |         # Default to encryption, force-enable encryption in all portals the bridge creates | ||||||
|  |         # This will cause the bridge bot to be in private chats for the encryption to work properly. | ||||||
|  |         default: false | ||||||
|  |     # Whether or not the bridge should send a read receipt from the bridge bot when a message has | ||||||
|  |     # been sent to Facebook. | ||||||
|  |     delivery_receipts: false | ||||||
|  |     # Whether to allow inviting arbitrary mxids to portal rooms | ||||||
|  |     allow_invites: false | ||||||
|  |     # Settings for backfilling messages from Facebook. | ||||||
|  |     backfill: | ||||||
|  |         # Whether or not the Facebook users of logged in Matrix users should be | ||||||
|  |         # invited to private chats when backfilling history from Facebook. This is | ||||||
|  |         # usually needed to prevent rate limits and to allow timestamp massaging. | ||||||
|  |         invite_own_puppet: true | ||||||
|  |         # Maximum number of messages to backfill initially. | ||||||
|  |         # Set to 0 to disable backfilling when creating portal. | ||||||
|  |         initial_limit: 0 | ||||||
|  |         # Maximum number of messages to backfill if messages were missed while | ||||||
|  |         # the bridge was disconnected. | ||||||
|  |         # Set to 0 to disable backfilling missed messages. | ||||||
|  |         missed_limit: 1000 | ||||||
|  |         # If using double puppeting, should notifications be disabled | ||||||
|  |         # while the initial backfill is in progress? | ||||||
|  |         disable_notifications: false | ||||||
|  |     periodic_reconnect: | ||||||
|  |         # Interval in seconds in which to automatically reconnect all users. | ||||||
|  |         # This can be used to automatically mitigate the bug where Facebook stops sending messages. | ||||||
|  |         # Set to -1 to disable periodic reconnections entirely. | ||||||
|  |         interval: -1 | ||||||
|  |         # What to do in periodic reconnects. Either "refresh" or "reconnect" | ||||||
|  |         mode: refresh | ||||||
|  |         # Should even disconnected users be reconnected? | ||||||
|  |         always: false | ||||||
|  |     # The number of seconds that a disconnection can last without triggering an automatic re-sync | ||||||
|  |     # and missed message backfilling when reconnecting. | ||||||
|  |     # Set to 0 to always re-sync, or -1 to never re-sync automatically. | ||||||
|  |     resync_max_disconnected_time: 5 | ||||||
|  |     # Whether or not temporary disconnections should send notices to the notice room. | ||||||
|  |     # If this is false, disconnections will never send messages and connections will only send | ||||||
|  |     # messages if it was disconnected for more than resync_max_disconnected_time seconds. | ||||||
|  |     temporary_disconnect_notices: true | ||||||
|  |     # Whether or not the bridge should try to "refresh" the connection if a normal reconnection | ||||||
|  |     # attempt fails. | ||||||
|  |     refresh_on_reconnection_fail: false | ||||||
|  |  | ||||||
|  |     # Permissions for using the bridge. | ||||||
|  |     # Permitted values: | ||||||
|  |     #       user - Use the bridge with puppeting. | ||||||
|  |     #      admin - Use and administrate the bridge. | ||||||
|  |     # Permitted keys: | ||||||
|  |     #        * - All Matrix users | ||||||
|  |     #   domain - All users on that homeserver | ||||||
|  |     #     mxid - Specific user | ||||||
|  |     permissions: | ||||||
|  |       '{{ matrix_mautrix_facebook_homeserver_domain }}': user | ||||||
|  |  | ||||||
|  | # Python logging configuration. | ||||||
|  | # | ||||||
|  | # See section 16.7.2 of the Python documentation for more info: | ||||||
|  | # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema | ||||||
|  | logging: | ||||||
|  |     version: 1 | ||||||
|  |     formatters: | ||||||
|  |         colored: | ||||||
|  |             (): mautrix_facebook.util.ColorFormatter | ||||||
|  |             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||||
|  |         normal: | ||||||
|  |             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||||
|  |     handlers: | ||||||
|  |         console: | ||||||
|  |             class: logging.StreamHandler | ||||||
|  |             formatter: colored | ||||||
|  |     loggers: | ||||||
|  |         mau: | ||||||
|  |             level: DEBUG | ||||||
|  |         fbchat: | ||||||
|  |             level: DEBUG | ||||||
|  |         hbmqtt: | ||||||
|  |             level: INFO | ||||||
|  |         aiohttp: | ||||||
|  |             level: INFO | ||||||
|  |     root: | ||||||
|  |         level: DEBUG | ||||||
|  |         handlers: [console] | ||||||
| @@ -11,9 +11,9 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook | ||||||
| ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ | ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ | |||||||
| 			alembic -x config=/config/config.yaml upgrade head | 			alembic -x config=/config/config.yaml upgrade head | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ | |||||||
| 			{{ matrix_mautrix_facebook_docker_image }} \ | 			{{ matrix_mautrix_facebook_docker_image }} \ | ||||||
| 			python3 -m mautrix_facebook -c /config/config.yaml | 			python3 -m mautrix_facebook -c /config/config.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mautrix-facebook | SyslogIdentifier=matrix-mautrix-facebook | ||||||
|   | |||||||
| @@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: '' | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_mautrix_hangouts_configuration_yaml: | | matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: "True" |  | ||||||
|   # Homeserver details |  | ||||||
|   homeserver: |  | ||||||
|       # The address that this appservice can use to connect to the homeserver. |  | ||||||
|       address: {{ matrix_mautrix_hangouts_homeserver_address }} |  | ||||||
|       # The domain of the homeserver (for MXIDs, etc). |  | ||||||
|       domain: {{ matrix_mautrix_hangouts_homeserver_domain }} |  | ||||||
|       # Whether or not to verify the SSL certificate of the homeserver. |  | ||||||
|       # Only applies if address starts with https:// |  | ||||||
|       verify_ssl: true |  | ||||||
|  |  | ||||||
|   # Application service host/registration related details |  | ||||||
|   # Changing these values requires regeneration of the registration. |  | ||||||
|   appservice: |  | ||||||
|       # The address that the homeserver can use to connect to this appservice. |  | ||||||
|       address: {{ matrix_mautrix_hangouts_appservice_address }} |  | ||||||
|  |  | ||||||
|       # The hostname and port where this appservice should listen. |  | ||||||
|       hostname: 0.0.0.0 |  | ||||||
|       port: 8080 |  | ||||||
|       # The maximum body size of appservice API requests (from the homeserver) in mebibytes |  | ||||||
|       # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s |  | ||||||
|       max_body_size: 1 |  | ||||||
|  |  | ||||||
|       # The full URI to the database. SQLite and Postgres are fully supported. |  | ||||||
|       # Other DBMSes supported by SQLAlchemy may or may not work. |  | ||||||
|       # Format examples: |  | ||||||
|       #   SQLite:   sqlite:///filename.db |  | ||||||
|       #   Postgres: postgres://username:password@hostname/dbname |  | ||||||
|       database: sqlite:////data/mautrix-hangouts.db |  | ||||||
|  |  | ||||||
|       # The unique ID of this appservice. |  | ||||||
|       id: hangouts |  | ||||||
|       # Username of the appservice bot. |  | ||||||
|       bot_username: hangoutsbot |  | ||||||
|       # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty |  | ||||||
|       # to leave display name/avatar as-is. |  | ||||||
|       bot_displayname: Hangouts bridge bot |  | ||||||
|       bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy |  | ||||||
|  |  | ||||||
|       # Authentication tokens for AS <-> HS communication. |  | ||||||
|       as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" |  | ||||||
|       hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" |  | ||||||
|  |  | ||||||
|   # Bridge config |  | ||||||
|   bridge: |  | ||||||
|       # Localpart template of MXIDs for Hangouts users. |  | ||||||
|       # {userid} is replaced with the user ID of the Hangouts user. |  | ||||||
|       username_template: "hangouts_{userid}" |  | ||||||
|       # Displayname template for Hangouts users. |  | ||||||
|       # {displayname} is replaced with the display name of the Hangouts user |  | ||||||
|       #               as defined below in displayname_preference. |  | ||||||
|       # Keys available for displayname_preference are also available here. |  | ||||||
|       displayname_template: '{full_name} (Hangouts)' |  | ||||||
|       # Available keys: |  | ||||||
|       # "name" (full name) |  | ||||||
|       # "first_name" |  | ||||||
|       # "last_name" |  | ||||||
|       # "nickname" |  | ||||||
|       # "own_nickname" (user-specific!) |  | ||||||
|       displayname_preference: |  | ||||||
|       - name |  | ||||||
|  |  | ||||||
|       # The prefix for commands. Only required in non-management rooms. |  | ||||||
|       command_prefix: "!HO" |  | ||||||
|  |  | ||||||
|       # Number of chats to sync (and create portals for) on startup/login. |  | ||||||
|       # Maximum 20, set 0 to disable automatic syncing. |  | ||||||
|       initial_chat_sync: 20 |  | ||||||
|       # Whether or not the Hangouts users of logged in Matrix users should be |  | ||||||
|       # invited to private chats when the user sends a message from another client. |  | ||||||
|       invite_own_puppet_to_pm: false |  | ||||||
|       # Whether or not to use /sync to get presence, read receipts and typing notifications when using |  | ||||||
|       # your own Matrix account as the Matrix puppet for your Hangouts account. |  | ||||||
|       sync_with_custom_puppets: true |  | ||||||
|       # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth |  | ||||||
|       # |  | ||||||
|       # If set, custom puppets will be enabled automatically for local users |  | ||||||
|       # instead of users having to find an access token and run `login-matrix` |  | ||||||
|       # manually. |  | ||||||
|       login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} |  | ||||||
|       # Whether or not to update avatars when syncing all contacts at startup. |  | ||||||
|       update_avatar_initial_sync: true |  | ||||||
|       # End-to-bridge encryption support options. These require matrix-nio to be installed with pip |  | ||||||
|       # and login_shared_secret to be configured in order to get a device for the bridge bot. |  | ||||||
|       # |  | ||||||
|       # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal |  | ||||||
|       # application service. |  | ||||||
|       encryption: |  | ||||||
|           # Allow encryption, work in group chat rooms with e2ee enabled |  | ||||||
|           allow: false |  | ||||||
|           # Default to encryption, force-enable encryption in all portals the bridge creates |  | ||||||
|           # This will cause the bridge bot to be in private chats for the encryption to work properly. |  | ||||||
|           default: false |  | ||||||
|  |  | ||||||
|       # Public website and API configs |  | ||||||
|       web: |  | ||||||
|           # Auth server config |  | ||||||
|           auth: |  | ||||||
|               # Publicly accessible base URL for the login endpoints. |  | ||||||
|               # The prefix below is not implicitly added. This URL and all subpaths should be proxied |  | ||||||
|               # or otherwise pointed to the appservice's webserver to the path specified below (prefix). |  | ||||||
|               # This path should usually include a trailing slash. |  | ||||||
|               # Internal prefix in the appservice web server for the login endpoints. |  | ||||||
|               public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" |  | ||||||
|               prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" |  | ||||||
|  |  | ||||||
|  |  | ||||||
|       # Permissions for using the bridge. |  | ||||||
|       # Permitted values: |  | ||||||
|       #       user - Use the bridge with puppeting. |  | ||||||
|       #      admin - Use and administrate the bridge. |  | ||||||
|       # Permitted keys: |  | ||||||
|       #        * - All Matrix users |  | ||||||
|       #   domain - All users on that homeserver |  | ||||||
|       #     mxid - Specific user |  | ||||||
|       permissions: |  | ||||||
|         '{{ matrix_mautrix_hangouts_homeserver_domain }}': user |  | ||||||
|  |  | ||||||
|   # Python logging configuration. |  | ||||||
|   # |  | ||||||
|   # See section 16.7.2 of the Python documentation for more info: |  | ||||||
|   # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema |  | ||||||
|   logging: |  | ||||||
|       version: 1 |  | ||||||
|       formatters: |  | ||||||
|           colored: |  | ||||||
|               (): mautrix_hangouts.util.ColorFormatter |  | ||||||
|               format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" |  | ||||||
|           normal: |  | ||||||
|               format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" |  | ||||||
|       handlers: |  | ||||||
|           console: |  | ||||||
|               class: logging.StreamHandler |  | ||||||
|               formatter: colored |  | ||||||
|       loggers: |  | ||||||
|           mau: |  | ||||||
|               level: DEBUG |  | ||||||
|           hangups: |  | ||||||
|               level: DEBUG |  | ||||||
|           aiohttp: |  | ||||||
|               level: INFO |  | ||||||
|       root: |  | ||||||
|           level: DEBUG |  | ||||||
|           handlers: [console] |  | ||||||
|  |  | ||||||
| matrix_mautrix_hangouts_configuration_extension_yaml: | | matrix_mautrix_hangouts_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
							
								
								
									
										145
									
								
								roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										145
									
								
								roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,145 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | # Homeserver details | ||||||
|  | homeserver: | ||||||
|  |     # The address that this appservice can use to connect to the homeserver. | ||||||
|  |     address: {{ matrix_mautrix_hangouts_homeserver_address }} | ||||||
|  |     # The domain of the homeserver (for MXIDs, etc). | ||||||
|  |     domain: {{ matrix_mautrix_hangouts_homeserver_domain }} | ||||||
|  |     # Whether or not to verify the SSL certificate of the homeserver. | ||||||
|  |     # Only applies if address starts with https:// | ||||||
|  |     verify_ssl: true | ||||||
|  |  | ||||||
|  | # Application service host/registration related details | ||||||
|  | # Changing these values requires regeneration of the registration. | ||||||
|  | appservice: | ||||||
|  |     # The address that the homeserver can use to connect to this appservice. | ||||||
|  |     address: {{ matrix_mautrix_hangouts_appservice_address }} | ||||||
|  |  | ||||||
|  |     # The hostname and port where this appservice should listen. | ||||||
|  |     hostname: 0.0.0.0 | ||||||
|  |     port: 8080 | ||||||
|  |     # The maximum body size of appservice API requests (from the homeserver) in mebibytes | ||||||
|  |     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s | ||||||
|  |     max_body_size: 1 | ||||||
|  |  | ||||||
|  |     # The full URI to the database. SQLite and Postgres are fully supported. | ||||||
|  |     # Other DBMSes supported by SQLAlchemy may or may not work. | ||||||
|  |     # Format examples: | ||||||
|  |     #   SQLite:   sqlite:///filename.db | ||||||
|  |     #   Postgres: postgres://username:password@hostname/dbname | ||||||
|  |     database: sqlite:////data/mautrix-hangouts.db | ||||||
|  |  | ||||||
|  |     # The unique ID of this appservice. | ||||||
|  |     id: hangouts | ||||||
|  |     # Username of the appservice bot. | ||||||
|  |     bot_username: hangoutsbot | ||||||
|  |     # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||||||
|  |     # to leave display name/avatar as-is. | ||||||
|  |     bot_displayname: Hangouts bridge bot | ||||||
|  |     bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy | ||||||
|  |  | ||||||
|  |     # Authentication tokens for AS <-> HS communication. | ||||||
|  |     as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" | ||||||
|  |     hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" | ||||||
|  |  | ||||||
|  | # Bridge config | ||||||
|  | bridge: | ||||||
|  |     # Localpart template of MXIDs for Hangouts users. | ||||||
|  |     # {userid} is replaced with the user ID of the Hangouts user. | ||||||
|  |     username_template: "hangouts_{userid}" | ||||||
|  |     # Displayname template for Hangouts users. | ||||||
|  |     # {displayname} is replaced with the display name of the Hangouts user | ||||||
|  |     #               as defined below in displayname_preference. | ||||||
|  |     # Keys available for displayname_preference are also available here. | ||||||
|  |     displayname_template: '{full_name} (Hangouts)' | ||||||
|  |     # Available keys: | ||||||
|  |     # "name" (full name) | ||||||
|  |     # "first_name" | ||||||
|  |     # "last_name" | ||||||
|  |     # "nickname" | ||||||
|  |     # "own_nickname" (user-specific!) | ||||||
|  |     displayname_preference: | ||||||
|  |     - name | ||||||
|  |  | ||||||
|  |     # The prefix for commands. Only required in non-management rooms. | ||||||
|  |     command_prefix: "!HO" | ||||||
|  |  | ||||||
|  |     # Number of chats to sync (and create portals for) on startup/login. | ||||||
|  |     # Maximum 20, set 0 to disable automatic syncing. | ||||||
|  |     initial_chat_sync: 20 | ||||||
|  |     # Whether or not the Hangouts users of logged in Matrix users should be | ||||||
|  |     # invited to private chats when the user sends a message from another client. | ||||||
|  |     invite_own_puppet_to_pm: false | ||||||
|  |     # Whether or not to use /sync to get presence, read receipts and typing notifications when using | ||||||
|  |     # your own Matrix account as the Matrix puppet for your Hangouts account. | ||||||
|  |     sync_with_custom_puppets: true | ||||||
|  |     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth | ||||||
|  |     # | ||||||
|  |     # If set, custom puppets will be enabled automatically for local users | ||||||
|  |     # instead of users having to find an access token and run `login-matrix` | ||||||
|  |     # manually. | ||||||
|  |     login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} | ||||||
|  |     # Whether or not to update avatars when syncing all contacts at startup. | ||||||
|  |     update_avatar_initial_sync: true | ||||||
|  |     # End-to-bridge encryption support options. These require matrix-nio to be installed with pip | ||||||
|  |     # and login_shared_secret to be configured in order to get a device for the bridge bot. | ||||||
|  |     # | ||||||
|  |     # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal | ||||||
|  |     # application service. | ||||||
|  |     encryption: | ||||||
|  |         # Allow encryption, work in group chat rooms with e2ee enabled | ||||||
|  |         allow: false | ||||||
|  |         # Default to encryption, force-enable encryption in all portals the bridge creates | ||||||
|  |         # This will cause the bridge bot to be in private chats for the encryption to work properly. | ||||||
|  |         default: false | ||||||
|  |  | ||||||
|  |     # Public website and API configs | ||||||
|  |     web: | ||||||
|  |         # Auth server config | ||||||
|  |         auth: | ||||||
|  |             # Publicly accessible base URL for the login endpoints. | ||||||
|  |             # The prefix below is not implicitly added. This URL and all subpaths should be proxied | ||||||
|  |             # or otherwise pointed to the appservice's webserver to the path specified below (prefix). | ||||||
|  |             # This path should usually include a trailing slash. | ||||||
|  |             # Internal prefix in the appservice web server for the login endpoints. | ||||||
|  |             public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" | ||||||
|  |             prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" | ||||||
|  |  | ||||||
|  |  | ||||||
|  |     # Permissions for using the bridge. | ||||||
|  |     # Permitted values: | ||||||
|  |     #       user - Use the bridge with puppeting. | ||||||
|  |     #      admin - Use and administrate the bridge. | ||||||
|  |     # Permitted keys: | ||||||
|  |     #        * - All Matrix users | ||||||
|  |     #   domain - All users on that homeserver | ||||||
|  |     #     mxid - Specific user | ||||||
|  |     permissions: | ||||||
|  |       '{{ matrix_mautrix_hangouts_homeserver_domain }}': user | ||||||
|  |  | ||||||
|  | # Python logging configuration. | ||||||
|  | # | ||||||
|  | # See section 16.7.2 of the Python documentation for more info: | ||||||
|  | # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema | ||||||
|  | logging: | ||||||
|  |     version: 1 | ||||||
|  |     formatters: | ||||||
|  |         colored: | ||||||
|  |             (): mautrix_hangouts.util.ColorFormatter | ||||||
|  |             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||||
|  |         normal: | ||||||
|  |             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||||
|  |     handlers: | ||||||
|  |         console: | ||||||
|  |             class: logging.StreamHandler | ||||||
|  |             formatter: colored | ||||||
|  |     loggers: | ||||||
|  |         mau: | ||||||
|  |             level: DEBUG | ||||||
|  |         hangups: | ||||||
|  |             level: DEBUG | ||||||
|  |         aiohttp: | ||||||
|  |             level: INFO | ||||||
|  |     root: | ||||||
|  |         level: DEBUG | ||||||
|  |         handlers: [console] | ||||||
| @@ -11,9 +11,9 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db | ||||||
| ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ | ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ | |||||||
| 			alembic -x config=/config/config.yaml upgrade head | 			alembic -x config=/config/config.yaml upgrade head | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \ | |||||||
| 			{{ matrix_mautrix_hangouts_docker_image }} \ | 			{{ matrix_mautrix_hangouts_docker_image }} \ | ||||||
| 			python3 -m mautrix_hangouts -c /config/config.yaml | 			python3 -m mautrix_hangouts -c /config/config.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mautrix-hangouts | SyslogIdentifier=matrix-mautrix-hangouts | ||||||
|   | |||||||
| @@ -4,7 +4,7 @@ | |||||||
| matrix_mautrix_telegram_enabled: true | matrix_mautrix_telegram_enabled: true | ||||||
|  |  | ||||||
| # See: https://mau.dev/tulir/mautrix-telegram/container_registry | # See: https://mau.dev/tulir/mautrix-telegram/container_registry | ||||||
| matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0" | matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2" | ||||||
| matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" | matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" | matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" | ||||||
| @@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: '' | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_mautrix_telegram_configuration_yaml: | | matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: "True" |  | ||||||
|   # Homeserver details |  | ||||||
|   homeserver: |  | ||||||
|       # The address that this appservice can use to connect to the homeserver. |  | ||||||
|       address: {{ matrix_mautrix_telegram_homeserver_address }} |  | ||||||
|       # The domain of the homeserver (for MXIDs, etc). |  | ||||||
|       domain: {{ matrix_mautrix_telegram_homeserver_domain }} |  | ||||||
|       # Whether or not to verify the SSL certificate of the homeserver. |  | ||||||
|       # Only applies if address starts with https:// |  | ||||||
|       verify_ssl: true |  | ||||||
|  |  | ||||||
|   # Application service host/registration related details |  | ||||||
|   # Changing these values requires regeneration of the registration. |  | ||||||
|   appservice: |  | ||||||
|       # The address that the homeserver can use to connect to this appservice. |  | ||||||
|       address: {{ matrix_mautrix_telegram_appservice_address }} |  | ||||||
|  |  | ||||||
|       # The hostname and port where this appservice should listen. |  | ||||||
|       hostname: 0.0.0.0 |  | ||||||
|       port: 8080 |  | ||||||
|       # The maximum body size of appservice API requests (from the homeserver) in mebibytes |  | ||||||
|       # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s |  | ||||||
|       max_body_size: 1 |  | ||||||
|  |  | ||||||
|       # The full URI to the database. SQLite and Postgres are fully supported. |  | ||||||
|       # Other DBMSes supported by SQLAlchemy may or may not work. |  | ||||||
|       # Format examples: |  | ||||||
|       #   SQLite:   sqlite:///filename.db |  | ||||||
|       #   Postgres: postgres://username:password@hostname/dbname |  | ||||||
|       database: sqlite:////data/mautrix-telegram.db |  | ||||||
|  |  | ||||||
|       # Public part of web server for out-of-Matrix interaction with the bridge. |  | ||||||
|       # Used for things like login if the user wants to make sure the 2FA password isn't stored in |  | ||||||
|       # the HS database. |  | ||||||
|       public: |  | ||||||
|           # Whether or not the public-facing endpoints should be enabled. |  | ||||||
|           enabled: true |  | ||||||
|           # The prefix to use in the public-facing endpoints. |  | ||||||
|           prefix: {{ matrix_mautrix_telegram_public_endpoint }} |  | ||||||
|           # The base URL where the public-facing endpoints are available. The prefix is not added |  | ||||||
|           # implicitly. |  | ||||||
|           external: {{ matrix_mautrix_telegram_appservice_public_external }} |  | ||||||
|  |  | ||||||
|       # Provisioning API part of the web server for automated portal creation and fetching information. |  | ||||||
|       # Used by things like Dimension (https://dimension.t2bot.io/). |  | ||||||
|       provisioning: |  | ||||||
|           # Whether or not the provisioning API should be enabled. |  | ||||||
|           enabled: false |  | ||||||
|           # The prefix to use in the provisioning API endpoints. |  | ||||||
|           prefix: /_matrix/provision/v1 |  | ||||||
|           # The shared secret to authorize users of the API. |  | ||||||
|           # Set to "generate" to generate and save a new token. |  | ||||||
|           shared_secret: generate |  | ||||||
|  |  | ||||||
|       # The unique ID of this appservice. |  | ||||||
|       id: telegram |  | ||||||
|       # Username of the appservice bot. |  | ||||||
|       bot_username: telegrambot |  | ||||||
|       # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty |  | ||||||
|       # to leave display name/avatar as-is. |  | ||||||
|       bot_displayname: Telegram bridge bot |  | ||||||
|       bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX |  | ||||||
|  |  | ||||||
|       # Authentication tokens for AS <-> HS communication. |  | ||||||
|       as_token: "{{ matrix_mautrix_telegram_appservice_token }}" |  | ||||||
|       hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}" |  | ||||||
|  |  | ||||||
|   # Bridge config |  | ||||||
|   bridge: |  | ||||||
|       # Localpart template of MXIDs for Telegram users. |  | ||||||
|       # {userid} is replaced with the user ID of the Telegram user. |  | ||||||
|       username_template: "telegram_{userid}" |  | ||||||
|       # Localpart template of room aliases for Telegram portal rooms. |  | ||||||
|       # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) |  | ||||||
|       alias_template: "telegram_{groupname}" |  | ||||||
|       # Displayname template for Telegram users. |  | ||||||
|       # {displayname} is replaced with the display name of the Telegram user. |  | ||||||
|       displayname_template: "{displayname} (Telegram)" |  | ||||||
|  |  | ||||||
|       # Set the preferred order of user identifiers which to use in the Matrix puppet display name. |  | ||||||
|       # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user |  | ||||||
|       # ID is used. |  | ||||||
|       # |  | ||||||
|       # If the bridge is working properly, a phone number or an username should always be known, but |  | ||||||
|       # the other one can very well be empty. |  | ||||||
|       # |  | ||||||
|       # Valid keys: |  | ||||||
|       #   "full name"          (First and/or last name) |  | ||||||
|       #   "full name reversed" (Last and/or first name) |  | ||||||
|       #   "first name" |  | ||||||
|       #   "last name" |  | ||||||
|       #   "username" |  | ||||||
|       #   "phone number" |  | ||||||
|       displayname_preference: |  | ||||||
|       - full name |  | ||||||
|       - username |  | ||||||
|       - phone number |  | ||||||
|       # Maximum length of displayname |  | ||||||
|       displayname_max_length: 100 |  | ||||||
|  |  | ||||||
|       # Maximum number of members to sync per portal when starting up. Other members will be |  | ||||||
|       # synced when they send messages. The maximum is 10000, after which the Telegram server |  | ||||||
|       # will not send any more members. |  | ||||||
|       # Defaults to no local limit (-> limited to 10000 by server) |  | ||||||
|       max_initial_member_sync: -1 |  | ||||||
|       # Whether or not to sync the member list in channels. |  | ||||||
|       # If no channel admins have logged into the bridge, the bridge won't be able to sync the member |  | ||||||
|       # list regardless of this setting. |  | ||||||
|       sync_channel_members: true |  | ||||||
|       # Whether or not to skip deleted members when syncing members. |  | ||||||
|       skip_deleted_members: true |  | ||||||
|       # Whether or not to automatically synchronize contacts and chats of Matrix users logged into |  | ||||||
|       # their Telegram account at startup. |  | ||||||
|       startup_sync: true |  | ||||||
|       # Number of most recently active dialogs to check when syncing chats. |  | ||||||
|       # Dialogs include groups and private chats, but only groups are synced. |  | ||||||
|       # Set to 0 to remove limit. |  | ||||||
|       sync_dialog_limit: 30 |  | ||||||
|       # Whether or not to sync and create portals for direct chats at startup. |  | ||||||
|       sync_direct_chats: false |  | ||||||
|       # The maximum number of simultaneous Telegram deletions to handle. |  | ||||||
|       # A large number of simultaneous redactions could put strain on your homeserver. |  | ||||||
|       max_telegram_delete: 10 |  | ||||||
|       # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) |  | ||||||
|       # at startup and when creating a bridge. |  | ||||||
|       sync_matrix_state: true |  | ||||||
|       # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix |  | ||||||
|       # login website (see appservice.public config section) |  | ||||||
|       allow_matrix_login: true |  | ||||||
|       # Whether or not to bridge plaintext highlights. |  | ||||||
|       # Only enable this if your displayname_template has some static part that the bridge can use to |  | ||||||
|       # reliably identify what is a plaintext highlight. |  | ||||||
|       plaintext_highlights: false |  | ||||||
|       # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. |  | ||||||
|       public_portals: true |  | ||||||
|       # Whether or not to use /sync to get presence, read receipts and typing notifications when using |  | ||||||
|       # your own Matrix account as the Matrix puppet for your Telegram account. |  | ||||||
|       sync_with_custom_puppets: true |  | ||||||
|       # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth |  | ||||||
|       # |  | ||||||
|       # If set, custom puppets will be enabled automatically for local users |  | ||||||
|       # instead of users having to find an access token and run `login-matrix` |  | ||||||
|       # manually. |  | ||||||
|       login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }} |  | ||||||
|       # Set to false to disable link previews in messages sent to Telegram. |  | ||||||
|       telegram_link_preview: true |  | ||||||
|       # Use inline images instead of a separate message for the caption. |  | ||||||
|       # N.B. Inline images are not supported on all clients (e.g. Riot iOS). |  | ||||||
|       inline_images: false |  | ||||||
|       # Maximum size of image in megabytes before sending to Telegram as a document. |  | ||||||
|       image_as_file_size: 10 |  | ||||||
|       # Maximum size of Telegram documents in megabytes to bridge. |  | ||||||
|       max_document_size: 100 |  | ||||||
|       # Enable experimental parallel file transfer, which makes uploads/downloads much faster by |  | ||||||
|       # streaming from/to Matrix and using many connections for Telegram. |  | ||||||
|       # Note that generating HQ thumbnails for videos is not possible with streamed transfers. |  | ||||||
|       parallel_file_transfer: false |  | ||||||
|       # Whether or not created rooms should have federation enabled. |  | ||||||
|       # If false, created portal rooms will never be federated. |  | ||||||
|       federate_rooms: true |  | ||||||
|       # Settings for converting animated stickers. |  | ||||||
|       animated_sticker: |  | ||||||
|           # Format to which animated stickers should be converted. |  | ||||||
|           # disable - No conversion, send as-is (gzipped lottie) |  | ||||||
|           # png - converts to non-animated png (fastest), |  | ||||||
|           # gif - converts to animated gif, but loses transparency |  | ||||||
|           # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support |  | ||||||
|           target: gif |  | ||||||
|           # Arguments for converter. All converters take width and height. |  | ||||||
|           # GIF converter takes background as a hex color. |  | ||||||
|           args: |  | ||||||
|               width: 256 |  | ||||||
|               height: 256 |  | ||||||
|               background: "020202"  # only for gif |  | ||||||
|               fps: 30               # only for webm |  | ||||||
|       # End-to-bridge encryption support options. These require matrix-nio to be installed with pip |  | ||||||
|       # and login_shared_secret to be configured in order to get a device for the bridge bot. |  | ||||||
|       # |  | ||||||
|       # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal |  | ||||||
|       # application service. |  | ||||||
|       encryption: |  | ||||||
|           # Allow encryption, work in group chat rooms with e2ee enabled |  | ||||||
|           allow: false |  | ||||||
|           # Default to encryption, force-enable encryption in all portals the bridge creates |  | ||||||
|           # This will cause the bridge bot to be in private chats for the encryption to work properly. |  | ||||||
|           default: false |  | ||||||
|  |  | ||||||
|       # Overrides for base power levels. |  | ||||||
|       initial_power_level_overrides: |  | ||||||
|           user: {} |  | ||||||
|           group: {} |  | ||||||
|  |  | ||||||
|       # Whether to bridge Telegram bot messages as m.notices or m.texts. |  | ||||||
|       bot_messages_as_notices: true |  | ||||||
|       bridge_notices: |  | ||||||
|           # Whether or not Matrix bot messages (type m.notice) should be bridged. |  | ||||||
|           default: false |  | ||||||
|           # List of user IDs for whom the previous flag is flipped. |  | ||||||
|           # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but |  | ||||||
|           #      notices from users listed here will be bridged. |  | ||||||
|           exceptions: [] |  | ||||||
|  |  | ||||||
|       # Some config options related to Telegram message deduplication. |  | ||||||
|       # The default values are usually fine, but some debug messages/warnings might recommend you |  | ||||||
|       # change these. |  | ||||||
|       deduplication: |  | ||||||
|           # Whether or not to check the database if the message about to be sent is a duplicate. |  | ||||||
|           pre_db_check: false |  | ||||||
|           # The number of latest events to keep when checking for duplicates. |  | ||||||
|           # You might need to increase this on high-traffic bridge instances. |  | ||||||
|           cache_queue_length: 20 |  | ||||||
|  |  | ||||||
|  |  | ||||||
|       # The formats to use when sending messages to Telegram via the relay bot. |  | ||||||
|       # |  | ||||||
|       # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users. |  | ||||||
|       # |  | ||||||
|       # Available variables: |  | ||||||
|       #   $sender_displayname    - The display name of the sender (e.g. Example User) |  | ||||||
|       #   $sender_username       - The username (Matrix ID localpart) of the sender (e.g. exampleuser) |  | ||||||
|       #   $sender_mxid           - The Matrix ID of the sender (e.g. @exampleuser:example.com) |  | ||||||
|       #   $message               - The message content as HTML |  | ||||||
|       message_formats: |  | ||||||
|           m.text: "<b>$sender_displayname</b>: $message" |  | ||||||
|           m.notice: "<b>$sender_displayname</b>: $message" |  | ||||||
|           m.emote: "* <b>$sender_displayname</b> $message" |  | ||||||
|           m.file: "<b>$sender_displayname</b> sent a file: $message" |  | ||||||
|           m.image: "<b>$sender_displayname</b> sent an image: $message" |  | ||||||
|           m.audio: "<b>$sender_displayname</b> sent an audio file: $message" |  | ||||||
|           m.video: "<b>$sender_displayname</b> sent a video: $message" |  | ||||||
|           m.location: "<b>$sender_displayname</b> sent a location: $message" |  | ||||||
|       # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated |  | ||||||
|       # users are sent to telegram. All fields in message_formats are supported. Additionally, the |  | ||||||
|       # Telegram user info is available in the following variables: |  | ||||||
|       #    $displayname - Telegram displayname |  | ||||||
|       #    $username    - Telegram username (may not exist) |  | ||||||
|       #    $mention     - Telegram @username or displayname mention (depending on which exists) |  | ||||||
|       emote_format: "* $mention $formatted_body" |  | ||||||
|  |  | ||||||
|       # The formats to use when sending state events to Telegram via the relay bot. |  | ||||||
|       # |  | ||||||
|       # Variables from `message_formats` that have the `sender_` prefix are available without the prefix. |  | ||||||
|       # In name_change events, `$prev_displayname` is the previous displayname. |  | ||||||
|       # |  | ||||||
|       # Set format to an empty string to disable the messages for that event. |  | ||||||
|       state_event_formats: |  | ||||||
|           join: "<b>$displayname</b> joined the room." |  | ||||||
|           leave: "<b>$displayname</b> left the room." |  | ||||||
|           name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>" |  | ||||||
|  |  | ||||||
|       # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and |  | ||||||
|       # `filter-mode` management commands. |  | ||||||
|       # |  | ||||||
|       # Filters do not affect direct chats. |  | ||||||
|       # An empty blacklist will essentially disable the filter. |  | ||||||
|       filter: |  | ||||||
|           # Filter mode to use. Either "blacklist" or "whitelist". |  | ||||||
|           # If the mode is "blacklist", the listed chats will never be bridged. |  | ||||||
|           # If the mode is "whitelist", only the listed chats can be bridged. |  | ||||||
|           mode: blacklist |  | ||||||
|           # The list of group/channel IDs to filter. |  | ||||||
|           list: [] |  | ||||||
|  |  | ||||||
|       # The prefix for commands. Only required in non-management rooms. |  | ||||||
|       command_prefix: "!tg" |  | ||||||
|  |  | ||||||
|       # Permissions for using the bridge. |  | ||||||
|       # Permitted values: |  | ||||||
|       #   relaybot - Only use the bridge via the relaybot, no access to commands. |  | ||||||
|       #       user - Relaybot level + access to commands to create bridges. |  | ||||||
|       #  puppeting - User level + logging in with a Telegram account. |  | ||||||
|       #       full - Full access to use the bridge, i.e. previous levels + Matrix login. |  | ||||||
|       #      admin - Full access to use the bridge and some extra administration commands. |  | ||||||
|       # Permitted keys: |  | ||||||
|       #        * - All Matrix users |  | ||||||
|       #   domain - All users on that homeserver |  | ||||||
|       #     mxid - Specific user |  | ||||||
|       permissions: |  | ||||||
|         '{{ matrix_mautrix_telegram_homeserver_domain }}': full |  | ||||||
|  |  | ||||||
|       # Options related to the message relay Telegram bot. |  | ||||||
|       relaybot: |  | ||||||
|           private_chat: |  | ||||||
|               # List of users to invite to the portal when someone starts a private chat with the bot. |  | ||||||
|               # If empty, private chats with the bot won't create a portal. |  | ||||||
|               invite: [] |  | ||||||
|               # Whether or not to bridge state change messages in relaybot private chats. |  | ||||||
|               state_changes: true |  | ||||||
|               # When private_chat_invite is empty, this message is sent to users /starting the |  | ||||||
|               # relaybot. Telegram's "markdown" is supported. |  | ||||||
|               message: This is a Matrix bridge relaybot and does not support direct chats |  | ||||||
|           # List of users to invite to all group chat portals created by the bridge. |  | ||||||
|           group_chat_invite: [] |  | ||||||
|           # Whether or not the relaybot should not bridge events in unbridged group chats. |  | ||||||
|           # If false, portals will be created when the relaybot receives messages, just like normal |  | ||||||
|           # users. This behavior is usually not desirable, as it interferes with manually bridging |  | ||||||
|           # the chat to another room. |  | ||||||
|           ignore_unbridged_group_chat: true |  | ||||||
|           # Whether or not to allow creating portals from Telegram. |  | ||||||
|           authless_portals: true |  | ||||||
|           # Whether or not to allow Telegram group admins to use the bot commands. |  | ||||||
|           whitelist_group_admins: true |  | ||||||
|           # Whether or not to ignore incoming events sent by the relay bot. |  | ||||||
|           ignore_own_incoming_events: true |  | ||||||
|           # List of usernames/user IDs who are also allowed to use the bot commands. |  | ||||||
|           whitelist: [] |  | ||||||
|  |  | ||||||
|   # Telegram config |  | ||||||
|   telegram: |  | ||||||
|       # Get your own API keys at https://my.telegram.org/apps |  | ||||||
|       api_id: {{ matrix_mautrix_telegram_api_id }} |  | ||||||
|       api_hash: {{ matrix_mautrix_telegram_api_hash }} |  | ||||||
|       # (Optional) Create your own bot at https://t.me/BotFather |  | ||||||
|       bot_token: {{ matrix_mautrix_telegram_bot_token }} |  | ||||||
|  |  | ||||||
|       # Telethon connection options. |  | ||||||
|       connection: |  | ||||||
|           # The timeout in seconds to be used when connecting. |  | ||||||
|           timeout: 120 |  | ||||||
|           # How many times the reconnection should retry, either on the initial connection or when |  | ||||||
|           # Telegram disconnects us. May be set to a negative or null value for infinite retries, but |  | ||||||
|           # this is not recommended, since the program can get stuck in an infinite loop. |  | ||||||
|           retries: 5 |  | ||||||
|           # The delay in seconds to sleep between automatic reconnections. |  | ||||||
|           retry_delay: 1 |  | ||||||
|           # The threshold below which the library should automatically sleep on flood wait errors |  | ||||||
|           # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold |  | ||||||
|           # is 20s, the library will sleep automatically. If the error was for 21s, it would raise |  | ||||||
|           # the error instead. Values larger than a day (86400) will be changed to a day. |  | ||||||
|           flood_sleep_threshold: 60 |  | ||||||
|           # How many times a request should be retried. Request are retried when Telegram is having |  | ||||||
|           # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when |  | ||||||
|           # there's a migrate error. May take a negative or null value for infinite retries, but this |  | ||||||
|           # is not recommended, since some requests can always trigger a call fail (such as searching |  | ||||||
|           # for messages). |  | ||||||
|           request_retries: 5 |  | ||||||
|  |  | ||||||
|       # Device info sent to Telegram. |  | ||||||
|       device_info: |  | ||||||
|           # "auto" = OS name+version. |  | ||||||
|           device_model: auto |  | ||||||
|           # "auto" = Telethon version. |  | ||||||
|           system_version: auto |  | ||||||
|           # "auto" = mautrix-telegram version. |  | ||||||
|           app_version: auto |  | ||||||
|           lang_code: en |  | ||||||
|           system_lang_code: en |  | ||||||
|  |  | ||||||
|       # Custom server to connect to. |  | ||||||
|       server: |  | ||||||
|           # Set to true to use these server settings. If false, will automatically |  | ||||||
|           # use production server assigned by Telegram. Set to false in production. |  | ||||||
|           enabled: false |  | ||||||
|           # The DC ID to connect to. |  | ||||||
|           dc: 2 |  | ||||||
|           # The IP to connect to. |  | ||||||
|           ip: 149.154.167.40 |  | ||||||
|           # The port to connect to. 443 may not work, 80 is better and both are equally secure. |  | ||||||
|           port: 80 |  | ||||||
|  |  | ||||||
|       # Telethon proxy configuration. |  | ||||||
|       # You must install PySocks from pip for proxies to work. |  | ||||||
|       proxy: |  | ||||||
|           # Allowed types: disabled, socks4, socks5, http |  | ||||||
|           type: disabled |  | ||||||
|           # Proxy IP address and port. |  | ||||||
|           address: 127.0.0.1 |  | ||||||
|           port: 1080 |  | ||||||
|           # Whether or not to perform DNS resolving remotely. |  | ||||||
|           rdns: true |  | ||||||
|           # Proxy authentication (optional). |  | ||||||
|           username: "" |  | ||||||
|           password: "" |  | ||||||
|  |  | ||||||
|   # Python logging configuration. |  | ||||||
|   # |  | ||||||
|   # See section 16.7.2 of the Python documentation for more info: |  | ||||||
|   # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema |  | ||||||
|   logging: |  | ||||||
|       version: 1 |  | ||||||
|       formatters: |  | ||||||
|           precise: |  | ||||||
|               format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" |  | ||||||
|       handlers: |  | ||||||
|           console: |  | ||||||
|               class: logging.StreamHandler |  | ||||||
|               formatter: precise |  | ||||||
|       loggers: |  | ||||||
|           mau: |  | ||||||
|               level: DEBUG |  | ||||||
|           telethon: |  | ||||||
|               level: DEBUG |  | ||||||
|           aiohttp: |  | ||||||
|               level: INFO |  | ||||||
|       root: |  | ||||||
|           level: DEBUG |  | ||||||
|           handlers: [console] |  | ||||||
|  |  | ||||||
|  |  | ||||||
| matrix_mautrix_telegram_configuration_extension_yaml: | | matrix_mautrix_telegram_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
							
								
								
									
										397
									
								
								roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										397
									
								
								roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,397 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | # Homeserver details | ||||||
|  | homeserver: | ||||||
|  |     # The address that this appservice can use to connect to the homeserver. | ||||||
|  |     address: {{ matrix_mautrix_telegram_homeserver_address }} | ||||||
|  |     # The domain of the homeserver (for MXIDs, etc). | ||||||
|  |     domain: {{ matrix_mautrix_telegram_homeserver_domain }} | ||||||
|  |     # Whether or not to verify the SSL certificate of the homeserver. | ||||||
|  |     # Only applies if address starts with https:// | ||||||
|  |     verify_ssl: true | ||||||
|  |  | ||||||
|  | # Application service host/registration related details | ||||||
|  | # Changing these values requires regeneration of the registration. | ||||||
|  | appservice: | ||||||
|  |     # The address that the homeserver can use to connect to this appservice. | ||||||
|  |     address: {{ matrix_mautrix_telegram_appservice_address }} | ||||||
|  |  | ||||||
|  |     # The hostname and port where this appservice should listen. | ||||||
|  |     hostname: 0.0.0.0 | ||||||
|  |     port: 8080 | ||||||
|  |     # The maximum body size of appservice API requests (from the homeserver) in mebibytes | ||||||
|  |     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s | ||||||
|  |     max_body_size: 1 | ||||||
|  |  | ||||||
|  |     # The full URI to the database. SQLite and Postgres are fully supported. | ||||||
|  |     # Other DBMSes supported by SQLAlchemy may or may not work. | ||||||
|  |     # Format examples: | ||||||
|  |     #   SQLite:   sqlite:///filename.db | ||||||
|  |     #   Postgres: postgres://username:password@hostname/dbname | ||||||
|  |     database: sqlite:////data/mautrix-telegram.db | ||||||
|  |  | ||||||
|  |     # Public part of web server for out-of-Matrix interaction with the bridge. | ||||||
|  |     # Used for things like login if the user wants to make sure the 2FA password isn't stored in | ||||||
|  |     # the HS database. | ||||||
|  |     public: | ||||||
|  |         # Whether or not the public-facing endpoints should be enabled. | ||||||
|  |         enabled: true | ||||||
|  |         # The prefix to use in the public-facing endpoints. | ||||||
|  |         prefix: {{ matrix_mautrix_telegram_public_endpoint }} | ||||||
|  |         # The base URL where the public-facing endpoints are available. The prefix is not added | ||||||
|  |         # implicitly. | ||||||
|  |         external: {{ matrix_mautrix_telegram_appservice_public_external }} | ||||||
|  |  | ||||||
|  |     # Provisioning API part of the web server for automated portal creation and fetching information. | ||||||
|  |     # Used by things like Dimension (https://dimension.t2bot.io/). | ||||||
|  |     provisioning: | ||||||
|  |         # Whether or not the provisioning API should be enabled. | ||||||
|  |         enabled: false | ||||||
|  |         # The prefix to use in the provisioning API endpoints. | ||||||
|  |         prefix: /_matrix/provision/v1 | ||||||
|  |         # The shared secret to authorize users of the API. | ||||||
|  |         # Set to "generate" to generate and save a new token. | ||||||
|  |         shared_secret: generate | ||||||
|  |  | ||||||
|  |     # The unique ID of this appservice. | ||||||
|  |     id: telegram | ||||||
|  |     # Username of the appservice bot. | ||||||
|  |     bot_username: telegrambot | ||||||
|  |     # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||||||
|  |     # to leave display name/avatar as-is. | ||||||
|  |     bot_displayname: Telegram bridge bot | ||||||
|  |     bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX | ||||||
|  |  | ||||||
|  |     # Authentication tokens for AS <-> HS communication. | ||||||
|  |     as_token: "{{ matrix_mautrix_telegram_appservice_token }}" | ||||||
|  |     hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}" | ||||||
|  |  | ||||||
|  | # Bridge config | ||||||
|  | bridge: | ||||||
|  |     # Localpart template of MXIDs for Telegram users. | ||||||
|  |     # {userid} is replaced with the user ID of the Telegram user. | ||||||
|  |     username_template: "telegram_{userid}" | ||||||
|  |     # Localpart template of room aliases for Telegram portal rooms. | ||||||
|  |     # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) | ||||||
|  |     alias_template: "telegram_{groupname}" | ||||||
|  |     # Displayname template for Telegram users. | ||||||
|  |     # {displayname} is replaced with the display name of the Telegram user. | ||||||
|  |     displayname_template: "{displayname} (Telegram)" | ||||||
|  |  | ||||||
|  |     # Set the preferred order of user identifiers which to use in the Matrix puppet display name. | ||||||
|  |     # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user | ||||||
|  |     # ID is used. | ||||||
|  |     # | ||||||
|  |     # If the bridge is working properly, a phone number or an username should always be known, but | ||||||
|  |     # the other one can very well be empty. | ||||||
|  |     # | ||||||
|  |     # Valid keys: | ||||||
|  |     #   "full name"          (First and/or last name) | ||||||
|  |     #   "full name reversed" (Last and/or first name) | ||||||
|  |     #   "first name" | ||||||
|  |     #   "last name" | ||||||
|  |     #   "username" | ||||||
|  |     #   "phone number" | ||||||
|  |     displayname_preference: | ||||||
|  |     - full name | ||||||
|  |     - username | ||||||
|  |     - phone number | ||||||
|  |     # Maximum length of displayname | ||||||
|  |     displayname_max_length: 100 | ||||||
|  |  | ||||||
|  |     # Maximum number of members to sync per portal when starting up. Other members will be | ||||||
|  |     # synced when they send messages. The maximum is 10000, after which the Telegram server | ||||||
|  |     # will not send any more members. | ||||||
|  |     # Defaults to no local limit (-> limited to 10000 by server) | ||||||
|  |     max_initial_member_sync: -1 | ||||||
|  |     # Whether or not to sync the member list in channels. | ||||||
|  |     # If no channel admins have logged into the bridge, the bridge won't be able to sync the member | ||||||
|  |     # list regardless of this setting. | ||||||
|  |     sync_channel_members: true | ||||||
|  |     # Whether or not to skip deleted members when syncing members. | ||||||
|  |     skip_deleted_members: true | ||||||
|  |     # Whether or not to automatically synchronize contacts and chats of Matrix users logged into | ||||||
|  |     # their Telegram account at startup. | ||||||
|  |     startup_sync: true | ||||||
|  |     # Number of most recently active dialogs to check when syncing chats. | ||||||
|  |     # Dialogs include groups and private chats, but only groups are synced. | ||||||
|  |     # Set to 0 to remove limit. | ||||||
|  |     sync_dialog_limit: 30 | ||||||
|  |     # Whether or not to sync and create portals for direct chats at startup. | ||||||
|  |     sync_direct_chats: false | ||||||
|  |     # The maximum number of simultaneous Telegram deletions to handle. | ||||||
|  |     # A large number of simultaneous redactions could put strain on your homeserver. | ||||||
|  |     max_telegram_delete: 10 | ||||||
|  |     # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) | ||||||
|  |     # at startup and when creating a bridge. | ||||||
|  |     sync_matrix_state: true | ||||||
|  |     # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix | ||||||
|  |     # login website (see appservice.public config section) | ||||||
|  |     allow_matrix_login: true | ||||||
|  |     # Whether or not to bridge plaintext highlights. | ||||||
|  |     # Only enable this if your displayname_template has some static part that the bridge can use to | ||||||
|  |     # reliably identify what is a plaintext highlight. | ||||||
|  |     plaintext_highlights: false | ||||||
|  |     # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. | ||||||
|  |     public_portals: true | ||||||
|  |     # Whether or not to use /sync to get presence, read receipts and typing notifications when using | ||||||
|  |     # your own Matrix account as the Matrix puppet for your Telegram account. | ||||||
|  |     sync_with_custom_puppets: true | ||||||
|  |     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth | ||||||
|  |     # | ||||||
|  |     # If set, custom puppets will be enabled automatically for local users | ||||||
|  |     # instead of users having to find an access token and run `login-matrix` | ||||||
|  |     # manually. | ||||||
|  |     login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }} | ||||||
|  |     # Set to false to disable link previews in messages sent to Telegram. | ||||||
|  |     telegram_link_preview: true | ||||||
|  |     # Use inline images instead of a separate message for the caption. | ||||||
|  |     # N.B. Inline images are not supported on all clients (e.g. Riot iOS). | ||||||
|  |     inline_images: false | ||||||
|  |     # Maximum size of image in megabytes before sending to Telegram as a document. | ||||||
|  |     image_as_file_size: 10 | ||||||
|  |     # Maximum size of Telegram documents in megabytes to bridge. | ||||||
|  |     max_document_size: 100 | ||||||
|  |     # Enable experimental parallel file transfer, which makes uploads/downloads much faster by | ||||||
|  |     # streaming from/to Matrix and using many connections for Telegram. | ||||||
|  |     # Note that generating HQ thumbnails for videos is not possible with streamed transfers. | ||||||
|  |     parallel_file_transfer: false | ||||||
|  |     # Whether or not created rooms should have federation enabled. | ||||||
|  |     # If false, created portal rooms will never be federated. | ||||||
|  |     federate_rooms: true | ||||||
|  |     # Settings for converting animated stickers. | ||||||
|  |     animated_sticker: | ||||||
|  |         # Format to which animated stickers should be converted. | ||||||
|  |         # disable - No conversion, send as-is (gzipped lottie) | ||||||
|  |         # png - converts to non-animated png (fastest), | ||||||
|  |         # gif - converts to animated gif, but loses transparency | ||||||
|  |         # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support | ||||||
|  |         target: gif | ||||||
|  |         # Arguments for converter. All converters take width and height. | ||||||
|  |         # GIF converter takes background as a hex color. | ||||||
|  |         args: | ||||||
|  |             width: 256 | ||||||
|  |             height: 256 | ||||||
|  |             background: "020202"  # only for gif | ||||||
|  |             fps: 30               # only for webm | ||||||
|  |     # End-to-bridge encryption support options. These require matrix-nio to be installed with pip | ||||||
|  |     # and login_shared_secret to be configured in order to get a device for the bridge bot. | ||||||
|  |     # | ||||||
|  |     # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal | ||||||
|  |     # application service. | ||||||
|  |     encryption: | ||||||
|  |         # Allow encryption, work in group chat rooms with e2ee enabled | ||||||
|  |         allow: false | ||||||
|  |         # Default to encryption, force-enable encryption in all portals the bridge creates | ||||||
|  |         # This will cause the bridge bot to be in private chats for the encryption to work properly. | ||||||
|  |         default: false | ||||||
|  |  | ||||||
|  |     # Overrides for base power levels. | ||||||
|  |     initial_power_level_overrides: | ||||||
|  |         user: {} | ||||||
|  |         group: {} | ||||||
|  |  | ||||||
|  |     # Whether to bridge Telegram bot messages as m.notices or m.texts. | ||||||
|  |     bot_messages_as_notices: true | ||||||
|  |     bridge_notices: | ||||||
|  |         # Whether or not Matrix bot messages (type m.notice) should be bridged. | ||||||
|  |         default: false | ||||||
|  |         # List of user IDs for whom the previous flag is flipped. | ||||||
|  |         # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but | ||||||
|  |         #      notices from users listed here will be bridged. | ||||||
|  |         exceptions: [] | ||||||
|  |  | ||||||
|  |     # Some config options related to Telegram message deduplication. | ||||||
|  |     # The default values are usually fine, but some debug messages/warnings might recommend you | ||||||
|  |     # change these. | ||||||
|  |     deduplication: | ||||||
|  |         # Whether or not to check the database if the message about to be sent is a duplicate. | ||||||
|  |         pre_db_check: false | ||||||
|  |         # The number of latest events to keep when checking for duplicates. | ||||||
|  |         # You might need to increase this on high-traffic bridge instances. | ||||||
|  |         cache_queue_length: 20 | ||||||
|  |  | ||||||
|  |  | ||||||
|  |     # The formats to use when sending messages to Telegram via the relay bot. | ||||||
|  |     # | ||||||
|  |     # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users. | ||||||
|  |     # | ||||||
|  |     # Available variables: | ||||||
|  |     #   $sender_displayname    - The display name of the sender (e.g. Example User) | ||||||
|  |     #   $sender_username       - The username (Matrix ID localpart) of the sender (e.g. exampleuser) | ||||||
|  |     #   $sender_mxid           - The Matrix ID of the sender (e.g. @exampleuser:example.com) | ||||||
|  |     #   $message               - The message content as HTML | ||||||
|  |     message_formats: | ||||||
|  |         m.text: "<b>$sender_displayname</b>: $message" | ||||||
|  |         m.notice: "<b>$sender_displayname</b>: $message" | ||||||
|  |         m.emote: "* <b>$sender_displayname</b> $message" | ||||||
|  |         m.file: "<b>$sender_displayname</b> sent a file: $message" | ||||||
|  |         m.image: "<b>$sender_displayname</b> sent an image: $message" | ||||||
|  |         m.audio: "<b>$sender_displayname</b> sent an audio file: $message" | ||||||
|  |         m.video: "<b>$sender_displayname</b> sent a video: $message" | ||||||
|  |         m.location: "<b>$sender_displayname</b> sent a location: $message" | ||||||
|  |     # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated | ||||||
|  |     # users are sent to telegram. All fields in message_formats are supported. Additionally, the | ||||||
|  |     # Telegram user info is available in the following variables: | ||||||
|  |     #    $displayname - Telegram displayname | ||||||
|  |     #    $username    - Telegram username (may not exist) | ||||||
|  |     #    $mention     - Telegram @username or displayname mention (depending on which exists) | ||||||
|  |     emote_format: "* $mention $formatted_body" | ||||||
|  |  | ||||||
|  |     # The formats to use when sending state events to Telegram via the relay bot. | ||||||
|  |     # | ||||||
|  |     # Variables from `message_formats` that have the `sender_` prefix are available without the prefix. | ||||||
|  |     # In name_change events, `$prev_displayname` is the previous displayname. | ||||||
|  |     # | ||||||
|  |     # Set format to an empty string to disable the messages for that event. | ||||||
|  |     state_event_formats: | ||||||
|  |         join: "<b>$displayname</b> joined the room." | ||||||
|  |         leave: "<b>$displayname</b> left the room." | ||||||
|  |         name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>" | ||||||
|  |  | ||||||
|  |     # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and | ||||||
|  |     # `filter-mode` management commands. | ||||||
|  |     # | ||||||
|  |     # Filters do not affect direct chats. | ||||||
|  |     # An empty blacklist will essentially disable the filter. | ||||||
|  |     filter: | ||||||
|  |         # Filter mode to use. Either "blacklist" or "whitelist". | ||||||
|  |         # If the mode is "blacklist", the listed chats will never be bridged. | ||||||
|  |         # If the mode is "whitelist", only the listed chats can be bridged. | ||||||
|  |         mode: blacklist | ||||||
|  |         # The list of group/channel IDs to filter. | ||||||
|  |         list: [] | ||||||
|  |  | ||||||
|  |     # The prefix for commands. Only required in non-management rooms. | ||||||
|  |     command_prefix: "!tg" | ||||||
|  |  | ||||||
|  |     # Permissions for using the bridge. | ||||||
|  |     # Permitted values: | ||||||
|  |     #   relaybot - Only use the bridge via the relaybot, no access to commands. | ||||||
|  |     #       user - Relaybot level + access to commands to create bridges. | ||||||
|  |     #  puppeting - User level + logging in with a Telegram account. | ||||||
|  |     #       full - Full access to use the bridge, i.e. previous levels + Matrix login. | ||||||
|  |     #      admin - Full access to use the bridge and some extra administration commands. | ||||||
|  |     # Permitted keys: | ||||||
|  |     #        * - All Matrix users | ||||||
|  |     #   domain - All users on that homeserver | ||||||
|  |     #     mxid - Specific user | ||||||
|  |     permissions: | ||||||
|  |       '{{ matrix_mautrix_telegram_homeserver_domain }}': full | ||||||
|  |  | ||||||
|  |     # Options related to the message relay Telegram bot. | ||||||
|  |     relaybot: | ||||||
|  |         private_chat: | ||||||
|  |             # List of users to invite to the portal when someone starts a private chat with the bot. | ||||||
|  |             # If empty, private chats with the bot won't create a portal. | ||||||
|  |             invite: [] | ||||||
|  |             # Whether or not to bridge state change messages in relaybot private chats. | ||||||
|  |             state_changes: true | ||||||
|  |             # When private_chat_invite is empty, this message is sent to users /starting the | ||||||
|  |             # relaybot. Telegram's "markdown" is supported. | ||||||
|  |             message: This is a Matrix bridge relaybot and does not support direct chats | ||||||
|  |         # List of users to invite to all group chat portals created by the bridge. | ||||||
|  |         group_chat_invite: [] | ||||||
|  |         # Whether or not the relaybot should not bridge events in unbridged group chats. | ||||||
|  |         # If false, portals will be created when the relaybot receives messages, just like normal | ||||||
|  |         # users. This behavior is usually not desirable, as it interferes with manually bridging | ||||||
|  |         # the chat to another room. | ||||||
|  |         ignore_unbridged_group_chat: true | ||||||
|  |         # Whether or not to allow creating portals from Telegram. | ||||||
|  |         authless_portals: true | ||||||
|  |         # Whether or not to allow Telegram group admins to use the bot commands. | ||||||
|  |         whitelist_group_admins: true | ||||||
|  |         # Whether or not to ignore incoming events sent by the relay bot. | ||||||
|  |         ignore_own_incoming_events: true | ||||||
|  |         # List of usernames/user IDs who are also allowed to use the bot commands. | ||||||
|  |         whitelist: [] | ||||||
|  |  | ||||||
|  | # Telegram config | ||||||
|  | telegram: | ||||||
|  |     # Get your own API keys at https://my.telegram.org/apps | ||||||
|  |     api_id: {{ matrix_mautrix_telegram_api_id }} | ||||||
|  |     api_hash: {{ matrix_mautrix_telegram_api_hash }} | ||||||
|  |     # (Optional) Create your own bot at https://t.me/BotFather | ||||||
|  |     bot_token: {{ matrix_mautrix_telegram_bot_token }} | ||||||
|  |  | ||||||
|  |     # Telethon connection options. | ||||||
|  |     connection: | ||||||
|  |         # The timeout in seconds to be used when connecting. | ||||||
|  |         timeout: 120 | ||||||
|  |         # How many times the reconnection should retry, either on the initial connection or when | ||||||
|  |         # Telegram disconnects us. May be set to a negative or null value for infinite retries, but | ||||||
|  |         # this is not recommended, since the program can get stuck in an infinite loop. | ||||||
|  |         retries: 5 | ||||||
|  |         # The delay in seconds to sleep between automatic reconnections. | ||||||
|  |         retry_delay: 1 | ||||||
|  |         # The threshold below which the library should automatically sleep on flood wait errors | ||||||
|  |         # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold | ||||||
|  |         # is 20s, the library will sleep automatically. If the error was for 21s, it would raise | ||||||
|  |         # the error instead. Values larger than a day (86400) will be changed to a day. | ||||||
|  |         flood_sleep_threshold: 60 | ||||||
|  |         # How many times a request should be retried. Request are retried when Telegram is having | ||||||
|  |         # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when | ||||||
|  |         # there's a migrate error. May take a negative or null value for infinite retries, but this | ||||||
|  |         # is not recommended, since some requests can always trigger a call fail (such as searching | ||||||
|  |         # for messages). | ||||||
|  |         request_retries: 5 | ||||||
|  |  | ||||||
|  |     # Device info sent to Telegram. | ||||||
|  |     device_info: | ||||||
|  |         # "auto" = OS name+version. | ||||||
|  |         device_model: auto | ||||||
|  |         # "auto" = Telethon version. | ||||||
|  |         system_version: auto | ||||||
|  |         # "auto" = mautrix-telegram version. | ||||||
|  |         app_version: auto | ||||||
|  |         lang_code: en | ||||||
|  |         system_lang_code: en | ||||||
|  |  | ||||||
|  |     # Custom server to connect to. | ||||||
|  |     server: | ||||||
|  |         # Set to true to use these server settings. If false, will automatically | ||||||
|  |         # use production server assigned by Telegram. Set to false in production. | ||||||
|  |         enabled: false | ||||||
|  |         # The DC ID to connect to. | ||||||
|  |         dc: 2 | ||||||
|  |         # The IP to connect to. | ||||||
|  |         ip: 149.154.167.40 | ||||||
|  |         # The port to connect to. 443 may not work, 80 is better and both are equally secure. | ||||||
|  |         port: 80 | ||||||
|  |  | ||||||
|  |     # Telethon proxy configuration. | ||||||
|  |     # You must install PySocks from pip for proxies to work. | ||||||
|  |     proxy: | ||||||
|  |         # Allowed types: disabled, socks4, socks5, http | ||||||
|  |         type: disabled | ||||||
|  |         # Proxy IP address and port. | ||||||
|  |         address: 127.0.0.1 | ||||||
|  |         port: 1080 | ||||||
|  |         # Whether or not to perform DNS resolving remotely. | ||||||
|  |         rdns: true | ||||||
|  |         # Proxy authentication (optional). | ||||||
|  |         username: "" | ||||||
|  |         password: "" | ||||||
|  |  | ||||||
|  | # Python logging configuration. | ||||||
|  | # | ||||||
|  | # See section 16.7.2 of the Python documentation for more info: | ||||||
|  | # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema | ||||||
|  | logging: | ||||||
|  |     version: 1 | ||||||
|  |     formatters: | ||||||
|  |         precise: | ||||||
|  |             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||||
|  |     handlers: | ||||||
|  |         console: | ||||||
|  |             class: logging.StreamHandler | ||||||
|  |             formatter: precise | ||||||
|  |     loggers: | ||||||
|  |         mau: | ||||||
|  |             level: DEBUG | ||||||
|  |         telethon: | ||||||
|  |             level: DEBUG | ||||||
|  |         aiohttp: | ||||||
|  |             level: INFO | ||||||
|  |     root: | ||||||
|  |         level: DEBUG | ||||||
|  |         handlers: [console] | ||||||
| @@ -11,21 +11,22 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram | ||||||
| ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \ | ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
|  | 			--network={{ matrix_docker_network }} \ | ||||||
| 			-v {{ matrix_mautrix_telegram_config_path }}:/config:z \ | 			-v {{ matrix_mautrix_telegram_config_path }}:/config:z \ | ||||||
| 			-v {{ matrix_mautrix_telegram_data_path }}:/data:z \ | 			-v {{ matrix_mautrix_telegram_data_path }}:/data:z \ | ||||||
| 			{{ matrix_mautrix_telegram_docker_image }} \ | 			{{ matrix_mautrix_telegram_docker_image }} \ | ||||||
| 			alembic -x config=/config/config.yaml upgrade head | 			alembic -x config=/config/config.yaml upgrade head | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -41,8 +42,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ | |||||||
| 			{{ matrix_mautrix_telegram_docker_image }} \ | 			{{ matrix_mautrix_telegram_docker_image }} \ | ||||||
| 			python3 -m mautrix_telegram -c /config/config.yaml | 			python3 -m mautrix_telegram -c /config/config.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mautrix-telegram | SyslogIdentifier=matrix-mautrix-telegram | ||||||
|   | |||||||
| @@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: '' | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_mautrix_whatsapp_configuration_yaml: | | matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   # Homeserver details. |  | ||||||
|   homeserver: |  | ||||||
|       # The address that this appservice can use to connect to the homeserver. |  | ||||||
|       address: {{ matrix_mautrix_whatsapp_homeserver_address }} |  | ||||||
|       # The domain of the homeserver (for MXIDs, etc). |  | ||||||
|       domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} |  | ||||||
|   # Application service host/registration related details. |  | ||||||
|   # Changing these values requires regeneration of the registration. |  | ||||||
|  |  | ||||||
|   appservice: |  | ||||||
|       # The address that the homeserver can use to connect to this appservice. |  | ||||||
|       address: {{ matrix_mautrix_whatsapp_appservice_address }} |  | ||||||
|  |  | ||||||
|       # The hostname and port where this appservice should listen. |  | ||||||
|       hostname: 0.0.0.0 |  | ||||||
|       port: 8080 |  | ||||||
|  |  | ||||||
|       # Database config. |  | ||||||
|       database: |  | ||||||
|           # The database type. "sqlite3" and "postgres" are supported. |  | ||||||
|           type: sqlite3 |  | ||||||
|           # The database URI. |  | ||||||
|           #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string |  | ||||||
|           #   Postgres: Connection string. For example, postgres://user:password@host/database |  | ||||||
|           uri: mautrix-whatsapp.db |  | ||||||
|           # Maximum number of connections. Mostly relevant for Postgres. |  | ||||||
|           max_open_conns: 20 |  | ||||||
|           max_idle_conns: 2 |  | ||||||
|  |  | ||||||
|       # Path to the Matrix room state store. |  | ||||||
|       state_store_path: ./mx-state.json |  | ||||||
|  |  | ||||||
|       # The unique ID of this appservice. |  | ||||||
|       id: whatsapp |  | ||||||
|       # Appservice bot details. |  | ||||||
|       bot: |  | ||||||
|           # Username of the appservice bot. |  | ||||||
|           username: whatsappbot |  | ||||||
|           # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty |  | ||||||
|           # to leave display name/avatar as-is. |  | ||||||
|           displayname: WhatsApp bridge bot |  | ||||||
|           avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr |  | ||||||
|  |  | ||||||
|       # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. |  | ||||||
|       as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" |  | ||||||
|       hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" |  | ||||||
|  |  | ||||||
|   # Bridge config |  | ||||||
|   bridge: |  | ||||||
|       # Localpart template of MXIDs for WhatsApp users. |  | ||||||
|       # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. |  | ||||||
|       username_template: "{{ 'whatsapp_{{.}}' }}" |  | ||||||
|       # Displayname template for WhatsApp users. |  | ||||||
|       # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user |  | ||||||
|       # {{ '{{.Jid}}' }}    - phone number (international format) |  | ||||||
|       # The following variables are also available, but will cause problems on multi-user instances: |  | ||||||
|       # {{ '{{.Name}}' }}   - display name from contact list |  | ||||||
|       # {{ '{{.Short}}' }}  - short display name from contact list |  | ||||||
|       displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" |  | ||||||
|       # WhatsApp connection timeout in seconds. |  | ||||||
|       connection_timeout: 20 |  | ||||||
|       # Maximum number of times to retry connecting on connection error. |  | ||||||
|       max_connection_attempts: 3 |  | ||||||
|       # Number of seconds to wait between connection attempts. |  | ||||||
|       # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts |  | ||||||
|       connection_retry_delay: -1 |  | ||||||
|       # Whether or not the bridge should send a notice to the user's management room when it retries connecting. |  | ||||||
|       # If false, it will only report when it stops retrying. |  | ||||||
|       report_connection_retry: true |  | ||||||
|       # Maximum number of seconds to wait for chats to be sent at startup. |  | ||||||
|       # If this is too low and you have lots of chats, it could cause backfilling to fail. |  | ||||||
|       chat_list_wait: 30 |  | ||||||
|       # Maximum number of seconds to wait to sync portals before force unlocking message processing. |  | ||||||
|       # If this is too low and you have lots of chats, it could cause backfilling to fail. |  | ||||||
|       portal_sync_wait: 600 |  | ||||||
|  |  | ||||||
|       # Whether or not to send call start/end notices to Matrix. |  | ||||||
|       call_notices: |  | ||||||
|           start: true |  | ||||||
|           end: true |  | ||||||
|  |  | ||||||
|       # Number of chats to sync for new users. |  | ||||||
|       initial_chat_sync_count: 10 |  | ||||||
|       # Number of old messages to fill when creating new portal rooms. |  | ||||||
|       initial_history_fill_count: 20 |  | ||||||
|       # Maximum number of chats to sync when recovering from downtime. |  | ||||||
|       # Set to -1 to sync all new chats during downtime. |  | ||||||
|       recovery_chat_sync_limit: -1 |  | ||||||
|       # Whether or not to sync history when recovering from downtime. |  | ||||||
|       recovery_history_backfill: true |  | ||||||
|       # Maximum number of seconds since last message in chat to skip |  | ||||||
|       # syncing the chat in any case. This setting will take priority |  | ||||||
|       # over both recovery_chat_sync_limit and initial_chat_sync_count. |  | ||||||
|       # Default is 3 days = 259200 seconds |  | ||||||
|       sync_max_chat_age: 259200 |  | ||||||
|  |  | ||||||
|       # Whether or not to sync with custom puppets to receive EDUs that |  | ||||||
|       # are not normally sent to appservices. |  | ||||||
|       sync_with_custom_puppets: true |  | ||||||
|       # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth |  | ||||||
|       # |  | ||||||
|       # If set, custom puppets will be enabled automatically for local users |  | ||||||
|       # instead of users having to find an access token and run `login-matrix` |  | ||||||
|       # manually. |  | ||||||
|       login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} |  | ||||||
|  |  | ||||||
|       # Whether or not to invite own WhatsApp user's Matrix puppet into private |  | ||||||
|       # chat portals when backfilling if needed. |  | ||||||
|       # This always uses the default puppet instead of custom puppets due to |  | ||||||
|       # rate limits and timestamp massaging. |  | ||||||
|       invite_own_puppet_for_backfilling: true |  | ||||||
|       # Whether or not to explicitly set the avatar and room name for private |  | ||||||
|       # chat portal rooms. This can be useful if the previous field works fine, |  | ||||||
|       # but causes room avatar/name bugs. |  | ||||||
|       private_chat_portal_meta: false |  | ||||||
|  |  | ||||||
|       # Allow invite permission for user. User can invite any bots to room with whatsapp |  | ||||||
|       # users (private chat and groups) |  | ||||||
|       allow_user_invite: false |  | ||||||
|  |  | ||||||
|       # The prefix for commands. Only required in non-management rooms. |  | ||||||
|       command_prefix: "!wa" |  | ||||||
|  |  | ||||||
|       # Permissions for using the bridge. |  | ||||||
|       # Permitted values: |  | ||||||
|       #     user - Access to use the bridge to chat with a WhatsApp account. |  | ||||||
|       #    admin - User level and some additional administration tools |  | ||||||
|       # Permitted keys: |  | ||||||
|       #        * - All Matrix users |  | ||||||
|       #   domain - All users on that homeserver |  | ||||||
|       #     mxid - Specific user |  | ||||||
|       permissions: |  | ||||||
|           "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user |  | ||||||
|  |  | ||||||
|       relaybot: |  | ||||||
|           # Whether or not relaybot support is enabled. |  | ||||||
|           enabled: false |  | ||||||
|           # The management room for the bot. This is where all status notifications are posted and |  | ||||||
|           # in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting |  | ||||||
|           # the command prefix completely like in user management rooms is not possible. |  | ||||||
|           management: '!foo:example.com' |  | ||||||
|           # List of users to invite to all created rooms that include the relaybot. |  | ||||||
|           invites: [] |  | ||||||
|           # The formats to use when sending messages to WhatsApp via the relaybot. |  | ||||||
|           message_formats: |  | ||||||
|               m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}" |  | ||||||
|               m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}" |  | ||||||
|               m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}" |  | ||||||
|               m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file" |  | ||||||
|               m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image" |  | ||||||
|               m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file" |  | ||||||
|               m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video" |  | ||||||
|               m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location" |  | ||||||
|   # Logging config. |  | ||||||
|   logging: |  | ||||||
|       # The directory for log files. Will be created if not found. |  | ||||||
|       directory: ./logs |  | ||||||
|       # Available variables: .Date for the file date and .Index for different log files on the same day. |  | ||||||
|       file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" |  | ||||||
|       # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants |  | ||||||
|       file_date_format: "2006-01-02" |  | ||||||
|       # Log file permissions. |  | ||||||
|       file_mode: 0600 |  | ||||||
|       # Timestamp format for log entries in the Go time format. |  | ||||||
|       timestamp_format: "Jan _2, 2006 15:04:05" |  | ||||||
|       # Minimum severity for log messages. |  | ||||||
|       # Options: debug, info, warn, error, fatal |  | ||||||
|       print_level: debug |  | ||||||
|  |  | ||||||
| matrix_mautrix_whatsapp_configuration_extension_yaml: | | matrix_mautrix_whatsapp_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
							
								
								
									
										169
									
								
								roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										169
									
								
								roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,169 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | # Homeserver details. | ||||||
|  | homeserver: | ||||||
|  |     # The address that this appservice can use to connect to the homeserver. | ||||||
|  |     address: {{ matrix_mautrix_whatsapp_homeserver_address }} | ||||||
|  |     # The domain of the homeserver (for MXIDs, etc). | ||||||
|  |     domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} | ||||||
|  | # Application service host/registration related details. | ||||||
|  | # Changing these values requires regeneration of the registration. | ||||||
|  |  | ||||||
|  | appservice: | ||||||
|  |     # The address that the homeserver can use to connect to this appservice. | ||||||
|  |     address: {{ matrix_mautrix_whatsapp_appservice_address }} | ||||||
|  |  | ||||||
|  |     # The hostname and port where this appservice should listen. | ||||||
|  |     hostname: 0.0.0.0 | ||||||
|  |     port: 8080 | ||||||
|  |  | ||||||
|  |     # Database config. | ||||||
|  |     database: | ||||||
|  |         # The database type. "sqlite3" and "postgres" are supported. | ||||||
|  |         type: sqlite3 | ||||||
|  |         # The database URI. | ||||||
|  |         #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string | ||||||
|  |         #   Postgres: Connection string. For example, postgres://user:password@host/database | ||||||
|  |         uri: mautrix-whatsapp.db | ||||||
|  |         # Maximum number of connections. Mostly relevant for Postgres. | ||||||
|  |         max_open_conns: 20 | ||||||
|  |         max_idle_conns: 2 | ||||||
|  |  | ||||||
|  |     # Path to the Matrix room state store. | ||||||
|  |     state_store_path: ./mx-state.json | ||||||
|  |  | ||||||
|  |     # The unique ID of this appservice. | ||||||
|  |     id: whatsapp | ||||||
|  |     # Appservice bot details. | ||||||
|  |     bot: | ||||||
|  |         # Username of the appservice bot. | ||||||
|  |         username: whatsappbot | ||||||
|  |         # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||||||
|  |         # to leave display name/avatar as-is. | ||||||
|  |         displayname: WhatsApp bridge bot | ||||||
|  |         avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr | ||||||
|  |  | ||||||
|  |     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. | ||||||
|  |     as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" | ||||||
|  |     hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" | ||||||
|  |  | ||||||
|  | # Bridge config | ||||||
|  | bridge: | ||||||
|  |     # Localpart template of MXIDs for WhatsApp users. | ||||||
|  |     # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. | ||||||
|  |     username_template: "{{ 'whatsapp_{{.}}' }}" | ||||||
|  |     # Displayname template for WhatsApp users. | ||||||
|  |     # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user | ||||||
|  |     # {{ '{{.Jid}}' }}    - phone number (international format) | ||||||
|  |     # The following variables are also available, but will cause problems on multi-user instances: | ||||||
|  |     # {{ '{{.Name}}' }}   - display name from contact list | ||||||
|  |     # {{ '{{.Short}}' }}  - short display name from contact list | ||||||
|  |     displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" | ||||||
|  |     # WhatsApp connection timeout in seconds. | ||||||
|  |     connection_timeout: 20 | ||||||
|  |     # Maximum number of times to retry connecting on connection error. | ||||||
|  |     max_connection_attempts: 3 | ||||||
|  |     # Number of seconds to wait between connection attempts. | ||||||
|  |     # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts | ||||||
|  |     connection_retry_delay: -1 | ||||||
|  |     # Whether or not the bridge should send a notice to the user's management room when it retries connecting. | ||||||
|  |     # If false, it will only report when it stops retrying. | ||||||
|  |     report_connection_retry: true | ||||||
|  |     # Maximum number of seconds to wait for chats to be sent at startup. | ||||||
|  |     # If this is too low and you have lots of chats, it could cause backfilling to fail. | ||||||
|  |     chat_list_wait: 30 | ||||||
|  |     # Maximum number of seconds to wait to sync portals before force unlocking message processing. | ||||||
|  |     # If this is too low and you have lots of chats, it could cause backfilling to fail. | ||||||
|  |     portal_sync_wait: 600 | ||||||
|  |  | ||||||
|  |     # Whether or not to send call start/end notices to Matrix. | ||||||
|  |     call_notices: | ||||||
|  |         start: true | ||||||
|  |         end: true | ||||||
|  |  | ||||||
|  |     # Number of chats to sync for new users. | ||||||
|  |     initial_chat_sync_count: 10 | ||||||
|  |     # Number of old messages to fill when creating new portal rooms. | ||||||
|  |     initial_history_fill_count: 20 | ||||||
|  |     # Maximum number of chats to sync when recovering from downtime. | ||||||
|  |     # Set to -1 to sync all new chats during downtime. | ||||||
|  |     recovery_chat_sync_limit: -1 | ||||||
|  |     # Whether or not to sync history when recovering from downtime. | ||||||
|  |     recovery_history_backfill: true | ||||||
|  |     # Maximum number of seconds since last message in chat to skip | ||||||
|  |     # syncing the chat in any case. This setting will take priority | ||||||
|  |     # over both recovery_chat_sync_limit and initial_chat_sync_count. | ||||||
|  |     # Default is 3 days = 259200 seconds | ||||||
|  |     sync_max_chat_age: 259200 | ||||||
|  |  | ||||||
|  |     # Whether or not to sync with custom puppets to receive EDUs that | ||||||
|  |     # are not normally sent to appservices. | ||||||
|  |     sync_with_custom_puppets: true | ||||||
|  |     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth | ||||||
|  |     # | ||||||
|  |     # If set, custom puppets will be enabled automatically for local users | ||||||
|  |     # instead of users having to find an access token and run `login-matrix` | ||||||
|  |     # manually. | ||||||
|  |     login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} | ||||||
|  |  | ||||||
|  |     # Whether or not to invite own WhatsApp user's Matrix puppet into private | ||||||
|  |     # chat portals when backfilling if needed. | ||||||
|  |     # This always uses the default puppet instead of custom puppets due to | ||||||
|  |     # rate limits and timestamp massaging. | ||||||
|  |     invite_own_puppet_for_backfilling: true | ||||||
|  |     # Whether or not to explicitly set the avatar and room name for private | ||||||
|  |     # chat portal rooms. This can be useful if the previous field works fine, | ||||||
|  |     # but causes room avatar/name bugs. | ||||||
|  |     private_chat_portal_meta: false | ||||||
|  |  | ||||||
|  |     # Allow invite permission for user. User can invite any bots to room with whatsapp | ||||||
|  |     # users (private chat and groups) | ||||||
|  |     allow_user_invite: false | ||||||
|  |  | ||||||
|  |     # The prefix for commands. Only required in non-management rooms. | ||||||
|  |     command_prefix: "!wa" | ||||||
|  |  | ||||||
|  |     # Permissions for using the bridge. | ||||||
|  |     # Permitted values: | ||||||
|  |     #     user - Access to use the bridge to chat with a WhatsApp account. | ||||||
|  |     #    admin - User level and some additional administration tools | ||||||
|  |     # Permitted keys: | ||||||
|  |     #        * - All Matrix users | ||||||
|  |     #   domain - All users on that homeserver | ||||||
|  |     #     mxid - Specific user | ||||||
|  |     permissions: | ||||||
|  |         "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user | ||||||
|  |  | ||||||
|  |     relaybot: | ||||||
|  |         # Whether or not relaybot support is enabled. | ||||||
|  |         enabled: false | ||||||
|  |         # The management room for the bot. This is where all status notifications are posted and | ||||||
|  |         # in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting | ||||||
|  |         # the command prefix completely like in user management rooms is not possible. | ||||||
|  |         management: '!foo:example.com' | ||||||
|  |         # List of users to invite to all created rooms that include the relaybot. | ||||||
|  |         invites: [] | ||||||
|  |         # The formats to use when sending messages to WhatsApp via the relaybot. | ||||||
|  |         message_formats: | ||||||
|  |             m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}" | ||||||
|  |             m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}" | ||||||
|  |             m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}" | ||||||
|  |             m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file" | ||||||
|  |             m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image" | ||||||
|  |             m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file" | ||||||
|  |             m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video" | ||||||
|  |             m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location" | ||||||
|  | # Logging config. | ||||||
|  | logging: | ||||||
|  |     # The directory for log files. Will be created if not found. | ||||||
|  |     directory: ./logs | ||||||
|  |     # Available variables: .Date for the file date and .Index for different log files on the same day. | ||||||
|  |     file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" | ||||||
|  |     # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants | ||||||
|  |     file_date_format: "2006-01-02" | ||||||
|  |     # Log file permissions. | ||||||
|  |     file_mode: 0600 | ||||||
|  |     # Timestamp format for log entries in the Go time format. | ||||||
|  |     timestamp_format: "Jan _2, 2006 15:04:05" | ||||||
|  |     # Minimum severity for log messages. | ||||||
|  |     # Options: debug, info, warn, error, fatal | ||||||
|  |     print_level: debug | ||||||
| @@ -11,13 +11,13 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ | |||||||
| 			{{ matrix_mautrix_whatsapp_docker_image }} \ | 			{{ matrix_mautrix_whatsapp_docker_image }} \ | ||||||
| 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml | 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mautrix-whatsapp | SyslogIdentifier=matrix-mautrix-whatsapp | ||||||
|   | |||||||
| @@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: '' | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_mx_puppet_skype_configuration_yaml: | | matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: "True" |  | ||||||
|   bridge: |  | ||||||
|     # Address for the bridge to bind to; if running as a Docker container, you |  | ||||||
|     # probably want 0.0.0.0 here |  | ||||||
|     bindAddress: 0.0.0.0 |  | ||||||
|     # Port to host the bridge on which your homeserver will connect to |  | ||||||
|     port: {{ matrix_mx_puppet_skype_appservice_port }} |  | ||||||
|     # Name of your homeserver |  | ||||||
|     domain: {{ matrix_domain }} |  | ||||||
|     # URL where the bridge can connect to your homeserver |  | ||||||
|     homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} |  | ||||||
|     # Optionally specify a different media URL used for the media store |  | ||||||
|     mediaURL: https://{{ matrix_server_fqn_matrix }} |  | ||||||
|     # This enabled automatic double-puppeting: |  | ||||||
|     # A map for shared secrets of the homeserver URL to the shared secret |  | ||||||
|     # See https://github.com/devture/matrix-synapse-shared-secret-auth |  | ||||||
|     #loginSharedSecretMap: |  | ||||||
|     #  yourserver.com: supersecretsharedsecret |  | ||||||
|     {% if matrix_mx_puppet_skype_login_shared_secret != '' %} |  | ||||||
|     loginSharedSecretMap: |  | ||||||
|       {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} |  | ||||||
|     {% endif %} |  | ||||||
|     # optionally override the display name of the bridge bot |  | ||||||
|     #displayname: Protocol Bot |  | ||||||
|     # optionally set the avatar of the bridge bot |  | ||||||
|     #avatarUrl: mxc://yourserver.com/somefile |  | ||||||
|  |  | ||||||
|   logging: |  | ||||||
|     # Log level of console output |  | ||||||
|     # Allowed values starting with most verbose: |  | ||||||
|     # silly, debug, verbose, info, warn, error |  | ||||||
|     console: info |  | ||||||
|     # Optionally, you can apply filters to the console logging |  | ||||||
|     #console: |  | ||||||
|     #  level: info |  | ||||||
|     #  enabled: |  | ||||||
|     #    - Store |  | ||||||
|     #  disabled: |  | ||||||
|     #    - PresenceHandler |  | ||||||
|  |  | ||||||
|     # Date and time formatting |  | ||||||
|     lineDateFormat: MMM-D HH:mm:ss.SSS |  | ||||||
|     # Logging files |  | ||||||
|     # Log files are rotated daily by default |  | ||||||
|     files: |  | ||||||
|       # Log file path |  | ||||||
|       - file: "/data/bridge.log" |  | ||||||
|         # Log level for this file |  | ||||||
|         # Allowed values starting with most verbose: |  | ||||||
|         # silly, debug, verbose, info, warn, error |  | ||||||
|         level: info |  | ||||||
|         # Date and time formatting |  | ||||||
|         datePattern: YYYY-MM-DD |  | ||||||
|         # Maximum number of logs to keep. |  | ||||||
|         # This can be a number of files or number of days. |  | ||||||
|         # If using days, add 'd' as a suffix |  | ||||||
|         maxFiles: 14d |  | ||||||
|         # Maximum size of the file after which it will rotate. This can be a |  | ||||||
|         # number of bytes, or units of kb, mb, and gb. If using the units, add |  | ||||||
|         # 'k', 'm', or 'g' as the suffix |  | ||||||
|         maxSize: 50m |  | ||||||
|         # Optionally enable/disable logging for certain modules |  | ||||||
|         #disabled: |  | ||||||
|         #  - PresenceHandler |  | ||||||
|         #  - module: bot-sdk-MatrixLiteClient |  | ||||||
|         #    regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log |  | ||||||
|         #enabled: |  | ||||||
|         #  - Store |  | ||||||
|  |  | ||||||
|   database: |  | ||||||
|     # Use Postgres as a database backend |  | ||||||
|     # If set, will be used instead of SQLite3 |  | ||||||
|     # Connection string to connect to the Postgres instance |  | ||||||
|     # with username "user", password "pass", host "localhost" and database name "dbname". |  | ||||||
|     # Modify each value as necessary |  | ||||||
|     #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" |  | ||||||
|     # Use SQLite3 as a database backend |  | ||||||
|     # The name of the database file |  | ||||||
|     filename: /data/database.db |  | ||||||
|  |  | ||||||
|   provisioning: |  | ||||||
|     # Regex of Matrix IDs allowed to use the puppet bridge |  | ||||||
|     whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} |  | ||||||
|       # Allow a specific user |  | ||||||
|       #- "@user:server\\.com" |  | ||||||
|       # Allow users on a specific homeserver |  | ||||||
|       #- "@.*:yourserver\\.com" |  | ||||||
|       # Allow anyone |  | ||||||
|       #- ".*" |  | ||||||
|  |  | ||||||
|     # Regex of Matrix IDs forbidden from using the puppet bridge |  | ||||||
|     #blacklist: |  | ||||||
|       # Disallow a specific user |  | ||||||
|       #- "@user:server\\.com" |  | ||||||
|       # Disallow users on a specific homeserver |  | ||||||
|       #- "@.*:yourserver\\.com" |  | ||||||
|     blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} |  | ||||||
|  |  | ||||||
|   presence: |  | ||||||
|     # Bridge online/offline status |  | ||||||
|     enabled: true |  | ||||||
|     # How often to send status to the homeserver in milliseconds |  | ||||||
|     interval: 500 |  | ||||||
|     # if the im.vector.user_status state setting should be diabled |  | ||||||
|     #disableStatusState: false |  | ||||||
|     # A blacklist of remote user IDs for the im.vector.user_status state setting |  | ||||||
|     #statusStateBlacklist: |  | ||||||
|     # - baduser |  | ||||||
|  |  | ||||||
|   relay: |  | ||||||
|     # Regex of Matrix IDs to allow to use the relay mode |  | ||||||
|     # Same format as in provisioning |  | ||||||
|     #whitelist: |  | ||||||
|       #- "@.*:yourserver\\.com" |  | ||||||
|     whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} |  | ||||||
|  |  | ||||||
|     #blacklist: |  | ||||||
|       #- "@user:yourserver\\.com" |  | ||||||
|     blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} |  | ||||||
|  |  | ||||||
|   # Map certain homeserver URLs to the C-S API endpoint |  | ||||||
|   # Useful for double-puppeting if .well-known is unavailable for some reason |  | ||||||
|   #homeserverUrlMap: |  | ||||||
|   #  yourserver.com: http://localhost:1234 |  | ||||||
|  |  | ||||||
|   namePatterns: |  | ||||||
|     # Override the protocols set default name patterns |  | ||||||
|     # Which variables are available depends on protocol implementation |  | ||||||
|     user: :name |  | ||||||
|     room: :name |  | ||||||
|  |  | ||||||
|   limits: |  | ||||||
|     # Up to how many users should be auto-joined on room creation? -1 to disable |  | ||||||
|     # Defaults to 200 |  | ||||||
|     maxAutojoinUsers: 200 |  | ||||||
|     # How long the delay between two autojoin users should be, in millisectonds. |  | ||||||
|     # Defaults to 5000 |  | ||||||
|     roomUserAutojoinDelay: 5000 |  | ||||||
|  |  | ||||||
| matrix_mx_puppet_skype_configuration_extension_yaml: | | matrix_mx_puppet_skype_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
							
								
								
									
										138
									
								
								roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										138
									
								
								roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,138 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | bridge: | ||||||
|  |   # Address for the bridge to bind to; if running as a Docker container, you | ||||||
|  |   # probably want 0.0.0.0 here | ||||||
|  |   bindAddress: 0.0.0.0 | ||||||
|  |   # Port to host the bridge on which your homeserver will connect to | ||||||
|  |   port: {{ matrix_mx_puppet_skype_appservice_port }} | ||||||
|  |   # Name of your homeserver | ||||||
|  |   domain: {{ matrix_domain }} | ||||||
|  |   # URL where the bridge can connect to your homeserver | ||||||
|  |   homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} | ||||||
|  |   # Optionally specify a different media URL used for the media store | ||||||
|  |   mediaURL: https://{{ matrix_server_fqn_matrix }} | ||||||
|  |   # This enabled automatic double-puppeting: | ||||||
|  |   # A map for shared secrets of the homeserver URL to the shared secret | ||||||
|  |   # See https://github.com/devture/matrix-synapse-shared-secret-auth | ||||||
|  |   #loginSharedSecretMap: | ||||||
|  |   #  yourserver.com: supersecretsharedsecret | ||||||
|  |   {% if matrix_mx_puppet_skype_login_shared_secret != '' %} | ||||||
|  |   loginSharedSecretMap: | ||||||
|  |     {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} | ||||||
|  |   {% endif %} | ||||||
|  |   # optionally override the display name of the bridge bot | ||||||
|  |   #displayname: Protocol Bot | ||||||
|  |   # optionally set the avatar of the bridge bot | ||||||
|  |   #avatarUrl: mxc://yourserver.com/somefile | ||||||
|  |  | ||||||
|  | logging: | ||||||
|  |   # Log level of console output | ||||||
|  |   # Allowed values starting with most verbose: | ||||||
|  |   # silly, debug, verbose, info, warn, error | ||||||
|  |   console: info | ||||||
|  |   # Optionally, you can apply filters to the console logging | ||||||
|  |   #console: | ||||||
|  |   #  level: info | ||||||
|  |   #  enabled: | ||||||
|  |   #    - Store | ||||||
|  |   #  disabled: | ||||||
|  |   #    - PresenceHandler | ||||||
|  |  | ||||||
|  |   # Date and time formatting | ||||||
|  |   lineDateFormat: MMM-D HH:mm:ss.SSS | ||||||
|  |   # Logging files | ||||||
|  |   # Log files are rotated daily by default | ||||||
|  |   files: | ||||||
|  |     # Log file path | ||||||
|  |     - file: "/data/bridge.log" | ||||||
|  |       # Log level for this file | ||||||
|  |       # Allowed values starting with most verbose: | ||||||
|  |       # silly, debug, verbose, info, warn, error | ||||||
|  |       level: info | ||||||
|  |       # Date and time formatting | ||||||
|  |       datePattern: YYYY-MM-DD | ||||||
|  |       # Maximum number of logs to keep. | ||||||
|  |       # This can be a number of files or number of days. | ||||||
|  |       # If using days, add 'd' as a suffix | ||||||
|  |       maxFiles: 14d | ||||||
|  |       # Maximum size of the file after which it will rotate. This can be a | ||||||
|  |       # number of bytes, or units of kb, mb, and gb. If using the units, add | ||||||
|  |       # 'k', 'm', or 'g' as the suffix | ||||||
|  |       maxSize: 50m | ||||||
|  |       # Optionally enable/disable logging for certain modules | ||||||
|  |       #disabled: | ||||||
|  |       #  - PresenceHandler | ||||||
|  |       #  - module: bot-sdk-MatrixLiteClient | ||||||
|  |       #    regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log | ||||||
|  |       #enabled: | ||||||
|  |       #  - Store | ||||||
|  |  | ||||||
|  | database: | ||||||
|  |   # Use Postgres as a database backend | ||||||
|  |   # If set, will be used instead of SQLite3 | ||||||
|  |   # Connection string to connect to the Postgres instance | ||||||
|  |   # with username "user", password "pass", host "localhost" and database name "dbname". | ||||||
|  |   # Modify each value as necessary | ||||||
|  |   #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" | ||||||
|  |   # Use SQLite3 as a database backend | ||||||
|  |   # The name of the database file | ||||||
|  |   filename: /data/database.db | ||||||
|  |  | ||||||
|  | provisioning: | ||||||
|  |   # Regex of Matrix IDs allowed to use the puppet bridge | ||||||
|  |   whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} | ||||||
|  |     # Allow a specific user | ||||||
|  |     #- "@user:server\\.com" | ||||||
|  |     # Allow users on a specific homeserver | ||||||
|  |     #- "@.*:yourserver\\.com" | ||||||
|  |     # Allow anyone | ||||||
|  |     #- ".*" | ||||||
|  |  | ||||||
|  |   # Regex of Matrix IDs forbidden from using the puppet bridge | ||||||
|  |   #blacklist: | ||||||
|  |     # Disallow a specific user | ||||||
|  |     #- "@user:server\\.com" | ||||||
|  |     # Disallow users on a specific homeserver | ||||||
|  |     #- "@.*:yourserver\\.com" | ||||||
|  |   blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} | ||||||
|  |  | ||||||
|  | presence: | ||||||
|  |   # Bridge online/offline status | ||||||
|  |   enabled: true | ||||||
|  |   # How often to send status to the homeserver in milliseconds | ||||||
|  |   interval: 500 | ||||||
|  |   # if the im.vector.user_status state setting should be diabled | ||||||
|  |   #disableStatusState: false | ||||||
|  |   # A blacklist of remote user IDs for the im.vector.user_status state setting | ||||||
|  |   #statusStateBlacklist: | ||||||
|  |   # - baduser | ||||||
|  |  | ||||||
|  | relay: | ||||||
|  |   # Regex of Matrix IDs to allow to use the relay mode | ||||||
|  |   # Same format as in provisioning | ||||||
|  |   #whitelist: | ||||||
|  |     #- "@.*:yourserver\\.com" | ||||||
|  |   whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} | ||||||
|  |  | ||||||
|  |   #blacklist: | ||||||
|  |     #- "@user:yourserver\\.com" | ||||||
|  |   blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} | ||||||
|  |  | ||||||
|  | # Map certain homeserver URLs to the C-S API endpoint | ||||||
|  | # Useful for double-puppeting if .well-known is unavailable for some reason | ||||||
|  | #homeserverUrlMap: | ||||||
|  | #  yourserver.com: http://localhost:1234 | ||||||
|  |  | ||||||
|  | namePatterns: | ||||||
|  |   # Override the protocols set default name patterns | ||||||
|  |   # Which variables are available depends on protocol implementation | ||||||
|  |   user: :name | ||||||
|  |   room: :name | ||||||
|  |  | ||||||
|  | limits: | ||||||
|  |   # Up to how many users should be auto-joined on room creation? -1 to disable | ||||||
|  |   # Defaults to 200 | ||||||
|  |   maxAutojoinUsers: 200 | ||||||
|  |   # How long the delay between two autojoin users should be, in millisectonds. | ||||||
|  |   # Defaults to 5000 | ||||||
|  |   roomUserAutojoinDelay: 5000 | ||||||
| @@ -11,13 +11,13 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_mx_puppet_skype_docker_image }} | 			{{ matrix_mx_puppet_skype_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mx-puppet-skype | SyslogIdentifier=matrix-mx-puppet-skype | ||||||
|   | |||||||
| @@ -5,6 +5,11 @@ matrix_mx_puppet_slack_enabled: true | |||||||
|  |  | ||||||
| matrix_mx_puppet_slack_container_image_self_build: false | matrix_mx_puppet_slack_container_image_self_build: false | ||||||
|  |  | ||||||
|  | # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). | ||||||
|  | # | ||||||
|  | # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose. | ||||||
|  | matrix_mx_puppet_slack_container_http_host_bind_port: '' | ||||||
|  |  | ||||||
| matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest" | matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest" | ||||||
| matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" | matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| @@ -47,104 +52,15 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: [] | |||||||
| matrix_mx_puppet_slack_appservice_token: '' | matrix_mx_puppet_slack_appservice_token: '' | ||||||
| matrix_mx_puppet_slack_homeserver_token: '' | matrix_mx_puppet_slack_homeserver_token: '' | ||||||
|  |  | ||||||
|  | # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). | ||||||
|  | matrix_mx_puppet_slack_login_shared_secret: '' | ||||||
|  |  | ||||||
| # Default configuration template which covers the generic use case. | # Default configuration template which covers the generic use case. | ||||||
| # You can customize it by controlling the various variables inside it. | # You can customize it by controlling the various variables inside it. | ||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_mx_puppet_slack_configuration_yaml: | | matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: "True" |  | ||||||
|   bridge: |  | ||||||
|     # Port to host the bridge on |  | ||||||
|     # Used for communication between the homeserver and the bridge |  | ||||||
|     port: {{ matrix_mx_puppet_slack_appservice_port }} |  | ||||||
|     # The host connections to the bridge's webserver are allowed from |  | ||||||
|     bindAddress: 0.0.0.0 |  | ||||||
|     # Public domain of the homeserver |  | ||||||
|     domain: {{ matrix_mx_puppet_slack_homeserver_domain }} |  | ||||||
|     # Reachable URL of the Matrix homeserver |  | ||||||
|     homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }} |  | ||||||
|  |  | ||||||
|  |  | ||||||
|   # Slack OAuth settings. Create a slack app at https://api.slack.com/apps |  | ||||||
|   oauth: |  | ||||||
|     enabled: false |  | ||||||
|     # Slack app credentials. |  | ||||||
|     # N.B. This must be quoted so YAML wouldn't parse it as a float. |  | ||||||
|     clientId: "{{ matrix_mx_puppet_slack_client_id }}" |  | ||||||
|     clientSecret: {{ matrix_mx_puppet_slack_client_secret }} |  | ||||||
|     # Path where to listen for OAuth redirect callbacks. |  | ||||||
|     redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} |  | ||||||
|     # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, |  | ||||||
|     # then set this field and the Slack app redirect URI field to the former. |  | ||||||
|     redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }} |  | ||||||
|  |  | ||||||
|   presence: |  | ||||||
|     # Bridge Discord online/offline status |  | ||||||
|     enabled: true |  | ||||||
|     # How often to send status to the homeserver in milliseconds |  | ||||||
|     interval: 500 |  | ||||||
|  |  | ||||||
|   provisioning: |  | ||||||
|     # Regex of Matrix IDs allowed to use the puppet bridge |  | ||||||
|     whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }} |  | ||||||
|       # Allow a specific user |  | ||||||
|       #- "@user:server\\.com" |  | ||||||
|       # Allow users on a specific homeserver |  | ||||||
|       #- "@.*:yourserver\\.com" |  | ||||||
|       # Allow anyone |  | ||||||
|       #- ".*" |  | ||||||
|     # Regex of Matrix IDs forbidden from using the puppet bridge |  | ||||||
|     #blacklist: |  | ||||||
|       # Disallow a specific user |  | ||||||
|       #- "@user:server\\.com" |  | ||||||
|       # Disallow users on a specific homeserver |  | ||||||
|       #- "@.*:yourserver\\.com" |  | ||||||
|     blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }} |  | ||||||
|  |  | ||||||
|     # Shared secret for the provisioning API for use by integration managers. |  | ||||||
|     # If this is not set, the provisioning API will not be enabled. |  | ||||||
|     #sharedSecret: random string |  | ||||||
|     # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. |  | ||||||
|     apiPrefix: /_matrix/provision |  | ||||||
|  |  | ||||||
|   database: |  | ||||||
|     # Use Postgres as a database backend |  | ||||||
|     # If set, will be used instead of SQLite3 |  | ||||||
|     # Connection string to connect to the Postgres instance |  | ||||||
|     # with username "user", password "pass", host "localhost" and database name "dbname". |  | ||||||
|     # Modify each value as necessary |  | ||||||
|     #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" |  | ||||||
|     # Use SQLite3 as a database backend |  | ||||||
|     # The name of the database file |  | ||||||
|     filename: /data/database.db |  | ||||||
|  |  | ||||||
|   logging: |  | ||||||
|     # Log level of console output |  | ||||||
|     # Allowed values starting with most verbose: |  | ||||||
|     # silly, debug, verbose, info, warn, error |  | ||||||
|     console: info |  | ||||||
|     # Date and time formatting |  | ||||||
|     lineDateFormat: MMM-D HH:mm:ss.SSS |  | ||||||
|     # Logging files |  | ||||||
|     # Log files are rotated daily by default |  | ||||||
|     files: |  | ||||||
|       # Log file path |  | ||||||
|       - file: "/data/bridge.log" |  | ||||||
|         # Log level for this file |  | ||||||
|         # Allowed values starting with most verbose: |  | ||||||
|         # silly, debug, verbose, info, warn, error |  | ||||||
|         level: info |  | ||||||
|         # Date and time formatting |  | ||||||
|         datePattern: YYYY-MM-DD |  | ||||||
|         # Maximum number of logs to keep. |  | ||||||
|         # This can be a number of files or number of days. |  | ||||||
|         # If using days, add 'd' as a suffix |  | ||||||
|         maxFiles: 14d |  | ||||||
|         # Maximum size of the file after which it will rotate. This can be a |  | ||||||
|         # number of bytes, or units of kb, mb, and gb. If using the units, add |  | ||||||
|         # 'k', 'm', or 'g' as the suffix |  | ||||||
|         maxSize: 50m |  | ||||||
|  |  | ||||||
| matrix_mx_puppet_slack_configuration_extension_yaml: | | matrix_mx_puppet_slack_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration goes here. |   # Your custom YAML configuration goes here. | ||||||
|   | |||||||
| @@ -50,17 +50,17 @@ | |||||||
|         }} |         }} | ||||||
|   tags: |   tags: | ||||||
|    - always |    - always | ||||||
|   when: matrix_appservice_slack_enabled|bool |   when: matrix_mx_puppet_slack_enabled|bool | ||||||
|  |  | ||||||
| - name: Warn about reverse-proxying if matrix-nginx-proxy not used | - name: Warn about reverse-proxying if matrix-nginx-proxy not used | ||||||
|   debug: |   debug: | ||||||
|     msg: >- |     msg: >- | ||||||
|       NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy |       NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy | ||||||
|       reverse proxy. |       reverse proxy. | ||||||
|       Please make sure that you're proxying the `{{ something }}` |       Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` | ||||||
|       URL endpoint to the matrix-appservice-slack container. |       URL endpoint to the matrix-mx-puppet-slack container. | ||||||
|       You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. |       You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. | ||||||
|   when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" |   when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" | ||||||
|  |  | ||||||
| # ansible lower than 2.8, does not support docker_image build parameters | # ansible lower than 2.8, does not support docker_image build parameters | ||||||
| # for self buildig it is explicitly needed, so we rather fail here | # for self buildig it is explicitly needed, so we rather fail here | ||||||
|   | |||||||
							
								
								
									
										96
									
								
								roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										96
									
								
								roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,96 @@ | |||||||
|  | #jinja2: lstrip_blocks: "True" | ||||||
|  | bridge: | ||||||
|  |   # Port to host the bridge on | ||||||
|  |   # Used for communication between the homeserver and the bridge | ||||||
|  |   port: {{ matrix_mx_puppet_slack_appservice_port }} | ||||||
|  |   # The host connections to the bridge's webserver are allowed from | ||||||
|  |   bindAddress: 0.0.0.0 | ||||||
|  |   # Public domain of the homeserver | ||||||
|  |   domain: {{ matrix_mx_puppet_slack_homeserver_domain }} | ||||||
|  |   # Reachable URL of the Matrix homeserver | ||||||
|  |   homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }} | ||||||
|  |   {% if matrix_mx_puppet_slack_login_shared_secret != '' %} | ||||||
|  |   loginSharedSecretMap: | ||||||
|  |     {{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }} | ||||||
|  |   {% endif %} | ||||||
|  |  | ||||||
|  |  | ||||||
|  | # Slack OAuth settings. Create a slack app at https://api.slack.com/apps | ||||||
|  | oauth: | ||||||
|  |   enabled: true | ||||||
|  |   # Slack app credentials. | ||||||
|  |   # N.B. This must be quoted so YAML wouldn't parse it as a float. | ||||||
|  |   clientId: "{{ matrix_mx_puppet_slack_client_id }}" | ||||||
|  |   clientSecret: {{ matrix_mx_puppet_slack_client_secret }} | ||||||
|  |   # Path where to listen for OAuth redirect callbacks. | ||||||
|  |   redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} | ||||||
|  |   # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, | ||||||
|  |   # then set this field and the Slack app redirect URI field to the former. | ||||||
|  |   redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }} | ||||||
|  |  | ||||||
|  | presence: | ||||||
|  |   # Bridge Discord online/offline status | ||||||
|  |   enabled: true | ||||||
|  |   # How often to send status to the homeserver in milliseconds | ||||||
|  |   interval: 500 | ||||||
|  |  | ||||||
|  | provisioning: | ||||||
|  |   # Regex of Matrix IDs allowed to use the puppet bridge | ||||||
|  |   whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }} | ||||||
|  |     # Allow a specific user | ||||||
|  |     #- "@user:server\\.com" | ||||||
|  |     # Allow users on a specific homeserver | ||||||
|  |     #- "@.*:yourserver\\.com" | ||||||
|  |     # Allow anyone | ||||||
|  |     #- ".*" | ||||||
|  |   # Regex of Matrix IDs forbidden from using the puppet bridge | ||||||
|  |   #blacklist: | ||||||
|  |     # Disallow a specific user | ||||||
|  |     #- "@user:server\\.com" | ||||||
|  |     # Disallow users on a specific homeserver | ||||||
|  |     #- "@.*:yourserver\\.com" | ||||||
|  |   blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }} | ||||||
|  |  | ||||||
|  |   # Shared secret for the provisioning API for use by integration managers. | ||||||
|  |   # If this is not set, the provisioning API will not be enabled. | ||||||
|  |   #sharedSecret: random string | ||||||
|  |   # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. | ||||||
|  |   apiPrefix: /_matrix/provision | ||||||
|  |  | ||||||
|  | database: | ||||||
|  |   # Use Postgres as a database backend | ||||||
|  |   # If set, will be used instead of SQLite3 | ||||||
|  |   # Connection string to connect to the Postgres instance | ||||||
|  |   # with username "user", password "pass", host "localhost" and database name "dbname". | ||||||
|  |   # Modify each value as necessary | ||||||
|  |   #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" | ||||||
|  |   # Use SQLite3 as a database backend | ||||||
|  |   # The name of the database file | ||||||
|  |   filename: /data/database.db | ||||||
|  |  | ||||||
|  | logging: | ||||||
|  |   # Log level of console output | ||||||
|  |   # Allowed values starting with most verbose: | ||||||
|  |   # silly, debug, verbose, info, warn, error | ||||||
|  |   console: info | ||||||
|  |   # Date and time formatting | ||||||
|  |   lineDateFormat: MMM-D HH:mm:ss.SSS | ||||||
|  |   # Logging files | ||||||
|  |   # Log files are rotated daily by default | ||||||
|  |   files: | ||||||
|  |     # Log file path | ||||||
|  |     - file: "/data/bridge.log" | ||||||
|  |       # Log level for this file | ||||||
|  |       # Allowed values starting with most verbose: | ||||||
|  |       # silly, debug, verbose, info, warn, error | ||||||
|  |       level: info | ||||||
|  |       # Date and time formatting | ||||||
|  |       datePattern: YYYY-MM-DD | ||||||
|  |       # Maximum number of logs to keep. | ||||||
|  |       # This can be a number of files or number of days. | ||||||
|  |       # If using days, add 'd' as a suffix | ||||||
|  |       maxFiles: 14d | ||||||
|  |       # Maximum size of the file after which it will rotate. This can be a | ||||||
|  |       # number of bytes, or units of kb, mb, and gb. If using the units, add | ||||||
|  |       # 'k', 'm', or 'g' as the suffix | ||||||
|  |       maxSize: 50m | ||||||
| @@ -11,17 +11,20 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack | ||||||
|  |  | ||||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||||
| ExecStartPre=/bin/sleep 5 | ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| 			--network={{ matrix_docker_network }} \ | 			--network={{ matrix_docker_network }} \ | ||||||
|  | 			{% if matrix_mx_puppet_slack_container_http_host_bind_port %} | ||||||
|  | 			-p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \ | ||||||
|  | 			{% endif %} | ||||||
| 			-e CONFIG_PATH=/config/config.yaml \ | 			-e CONFIG_PATH=/config/config.yaml \ | ||||||
| 			-e REGISTRATION_PATH=/config/registration.yaml \ | 			-e REGISTRATION_PATH=/config/registration.yaml \ | ||||||
| 			-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \ | 			-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \ | ||||||
| @@ -31,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_mx_puppet_slack_docker_image }} | 			{{ matrix_mx_puppet_slack_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mx-puppet-slack | SyslogIdentifier=matrix-mx-puppet-slack | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-corporal | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-corporal | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ | |||||||
| 			{{ matrix_corporal_docker_image }} \ | 			{{ matrix_corporal_docker_image }} \ | ||||||
| 			/matrix-corporal -config=/etc/matrix-corporal/config.json | 			/matrix-corporal -config=/etc/matrix-corporal/config.json | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-corporal | ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal | ||||||
| ExecStop=-/usr/bin/docker rm matrix-corporal | ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-corporal | SyslogIdentifier=matrix-corporal | ||||||
|   | |||||||
| @@ -99,7 +99,7 @@ | |||||||
|     hour: "4" |     hour: "4" | ||||||
|     minute: "20" |     minute: "20" | ||||||
|     day: "*/5" |     day: "*/5" | ||||||
|     job: /bin/systemctl reload matrix-coturn.service |     job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service" | ||||||
|   when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" |   when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-coturn | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-coturn | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-coturn \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \ | |||||||
| 			{{ matrix_coturn_docker_image }} \ | 			{{ matrix_coturn_docker_image }} \ | ||||||
| 			-c /turnserver.conf | 			-c /turnserver.conf | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-coturn | ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn | ||||||
| ExecStop=-/usr/bin/docker rm matrix-coturn | ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn | ||||||
|  |  | ||||||
| # This only reloads certificates (not other configuration). | # This only reloads certificates (not other configuration). | ||||||
| # See: https://github.com/coturn/coturn/pull/236 | # See: https://github.com/coturn/coturn/pull/236 | ||||||
| ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1 | ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1 | ||||||
|  |  | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
|   | |||||||
| @@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048" | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_dimension_configuration_yaml: | | matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: True |  | ||||||
|   # The web settings for the service (API and UI). |  | ||||||
|   # It is best to have this run on localhost and use a reverse proxy to access Dimension. |  | ||||||
|   web: |  | ||||||
|     port: 8184 |  | ||||||
|     address: '0.0.0.0' |  | ||||||
|  |  | ||||||
|   # Homeserver configuration |  | ||||||
|   homeserver: |  | ||||||
|     # The domain name of the homeserver. This is used in many places, such as with go-neb |  | ||||||
|     # setups, to identify the homeserver. |  | ||||||
|     name: "{{ matrix_domain }}" |  | ||||||
|  |  | ||||||
|     # The URL that Dimension, go-neb, and other services provisioned by Dimension should |  | ||||||
|     # use to access the homeserver with. |  | ||||||
|     clientServerUrl: "http://matrix-synapse:8008" |  | ||||||
|  |  | ||||||
|     # The URL that Dimension should use when trying to communicate with federated APIs on |  | ||||||
|     # the homeserver. If not supplied or left empty Dimension will try to resolve the address |  | ||||||
|     # through the normal federation process. |  | ||||||
|     federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}" |  | ||||||
|  |  | ||||||
|     # The URL that Dimension will redirect media requests to for downloading media such as |  | ||||||
|     # stickers. If not supplied or left empty Dimension will use the clientServerUrl. |  | ||||||
|     mediaUrl: "https://{{ matrix_server_fqn_matrix }}" |  | ||||||
|  |  | ||||||
|     # The access token Dimension should use for miscellaneous access to the homeserver. This |  | ||||||
|     # should be for a user on the configured homeserver: any user will do, however it is |  | ||||||
|     # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on |  | ||||||
|     # how to acquire an access token, visit https://t2bot.io/docs/access_tokens |  | ||||||
|     accessToken: "{{ matrix_dimension_access_token }}" |  | ||||||
|  |  | ||||||
|   # These users can modify the integrations this Dimension supports. |  | ||||||
|   # To access the admin interface, open Dimension in Riot and click the settings icon. |  | ||||||
|   admins: {{ matrix_dimension_admins|to_json }} |  | ||||||
|  |  | ||||||
|   # IPs and CIDR ranges listed here will be blocked from being widgets. |  | ||||||
|   # Note: Widgets may still be embedded with restricted content, although not through Dimension directly. |  | ||||||
|   widgetBlacklist: |  | ||||||
|     - 10.0.0.0/8 |  | ||||||
|     - 172.16.0.0/12 |  | ||||||
|     - 192.168.0.0/16 |  | ||||||
|     - 127.0.0.0/8 |  | ||||||
|  |  | ||||||
|   # Where the database for Dimension is |  | ||||||
|   database: |  | ||||||
|     file: "dimension.db" |  | ||||||
|  |  | ||||||
|   # Display settings that apply to self-hosted go-neb instances |  | ||||||
|   goneb: |  | ||||||
|     # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver |  | ||||||
|     # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, |  | ||||||
|     # make the bot's avatar an empty string. |  | ||||||
|     avatars: |  | ||||||
|       giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" |  | ||||||
|       imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" |  | ||||||
|       github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" |  | ||||||
|       wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" |  | ||||||
|       travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" |  | ||||||
|       rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" |  | ||||||
|       google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" |  | ||||||
|       guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" |  | ||||||
|       echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" |  | ||||||
|       circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" |  | ||||||
|       jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" |  | ||||||
|  |  | ||||||
|   # Settings for how Dimension is represented to the public |  | ||||||
|   dimension: |  | ||||||
|     # This is where Dimension is accessible from clients. Be sure to set this |  | ||||||
|     # to your own Dimension instance. |  | ||||||
|     publicUrl: "https://{{ matrix_server_fqn_dimension }}" |  | ||||||
|  |  | ||||||
|   # Settings for controlling how logging works |  | ||||||
|   logging: |  | ||||||
|     file: /dev/null |  | ||||||
|     console: true |  | ||||||
|     consoleLevel: verbose |  | ||||||
|     fileLevel: info |  | ||||||
|     rotate: |  | ||||||
|       size: 52428800 # bytes, default is 50mb |  | ||||||
|       count: 5 |  | ||||||
|  |  | ||||||
|  |  | ||||||
| matrix_dimension_configuration_extension_yaml: | | matrix_dimension_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration for Dimension goes here. |   # Your custom YAML configuration for Dimension goes here. | ||||||
|   | |||||||
							
								
								
									
										81
									
								
								roles/matrix-dimension/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										81
									
								
								roles/matrix-dimension/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,81 @@ | |||||||
|  | #jinja2: lstrip_blocks: True | ||||||
|  | # The web settings for the service (API and UI). | ||||||
|  | # It is best to have this run on localhost and use a reverse proxy to access Dimension. | ||||||
|  | web: | ||||||
|  |   port: 8184 | ||||||
|  |   address: '0.0.0.0' | ||||||
|  |  | ||||||
|  | # Homeserver configuration | ||||||
|  | homeserver: | ||||||
|  |   # The domain name of the homeserver. This is used in many places, such as with go-neb | ||||||
|  |   # setups, to identify the homeserver. | ||||||
|  |   name: "{{ matrix_domain }}" | ||||||
|  |  | ||||||
|  |   # The URL that Dimension, go-neb, and other services provisioned by Dimension should | ||||||
|  |   # use to access the homeserver with. | ||||||
|  |   clientServerUrl: "http://matrix-synapse:8008" | ||||||
|  |  | ||||||
|  |   # The URL that Dimension should use when trying to communicate with federated APIs on | ||||||
|  |   # the homeserver. If not supplied or left empty Dimension will try to resolve the address | ||||||
|  |   # through the normal federation process. | ||||||
|  |   federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}" | ||||||
|  |  | ||||||
|  |   # The URL that Dimension will redirect media requests to for downloading media such as | ||||||
|  |   # stickers. If not supplied or left empty Dimension will use the clientServerUrl. | ||||||
|  |   mediaUrl: "https://{{ matrix_server_fqn_matrix }}" | ||||||
|  |  | ||||||
|  |   # The access token Dimension should use for miscellaneous access to the homeserver. This | ||||||
|  |   # should be for a user on the configured homeserver: any user will do, however it is | ||||||
|  |   # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on | ||||||
|  |   # how to acquire an access token, visit https://t2bot.io/docs/access_tokens | ||||||
|  |   accessToken: "{{ matrix_dimension_access_token }}" | ||||||
|  |  | ||||||
|  | # These users can modify the integrations this Dimension supports. | ||||||
|  | # To access the admin interface, open Dimension in Riot and click the settings icon. | ||||||
|  | admins: {{ matrix_dimension_admins|to_json }} | ||||||
|  |  | ||||||
|  | # IPs and CIDR ranges listed here will be blocked from being widgets. | ||||||
|  | # Note: Widgets may still be embedded with restricted content, although not through Dimension directly. | ||||||
|  | widgetBlacklist: | ||||||
|  |   - 10.0.0.0/8 | ||||||
|  |   - 172.16.0.0/12 | ||||||
|  |   - 192.168.0.0/16 | ||||||
|  |   - 127.0.0.0/8 | ||||||
|  |  | ||||||
|  | # Where the database for Dimension is | ||||||
|  | database: | ||||||
|  |   file: "dimension.db" | ||||||
|  |  | ||||||
|  | # Display settings that apply to self-hosted go-neb instances | ||||||
|  | goneb: | ||||||
|  |   # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver | ||||||
|  |   # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, | ||||||
|  |   # make the bot's avatar an empty string. | ||||||
|  |   avatars: | ||||||
|  |     giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" | ||||||
|  |     imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" | ||||||
|  |     github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" | ||||||
|  |     wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" | ||||||
|  |     travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" | ||||||
|  |     rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" | ||||||
|  |     google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" | ||||||
|  |     guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" | ||||||
|  |     echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" | ||||||
|  |     circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" | ||||||
|  |     jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" | ||||||
|  |  | ||||||
|  | # Settings for how Dimension is represented to the public | ||||||
|  | dimension: | ||||||
|  |   # This is where Dimension is accessible from clients. Be sure to set this | ||||||
|  |   # to your own Dimension instance. | ||||||
|  |   publicUrl: "https://{{ matrix_server_fqn_dimension }}" | ||||||
|  |  | ||||||
|  | # Settings for controlling how logging works | ||||||
|  | logging: | ||||||
|  |   file: /dev/null | ||||||
|  |   console: true | ||||||
|  |   consoleLevel: verbose | ||||||
|  |   fileLevel: info | ||||||
|  |   rotate: | ||||||
|  |     size: 52428800 # bytes, default is 50mb | ||||||
|  |     count: 5 | ||||||
| @@ -6,13 +6,13 @@ Requires=docker.service | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-dimension | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-dimension | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension | ||||||
|  |  | ||||||
| # Fixup database ownership if it got changed somehow (during a server migration, etc.) | # Fixup database ownership if it got changed somehow (during a server migration, etc.) | ||||||
| ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db | ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ | 			--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_dimension_docker_image }} | 			{{ matrix_dimension_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-dimension | ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension | ||||||
| ExecStop=-/usr/bin/docker rm matrix-dimension | ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-dimension | SyslogIdentifier=matrix-dimension | ||||||
|   | |||||||
| @@ -6,10 +6,10 @@ Requires=docker.service | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-email2matrix | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-email2matrix | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_email2matrix_docker_image }} | 			{{ matrix_email2matrix_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-email2matrix | ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix | ||||||
| ExecStop=-/usr/bin/docker rm matrix-email2matrix | ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-email2matrix | SyslogIdentifier=matrix-email2matrix | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--network={{ matrix_docker_network }} \ | 			--network={{ matrix_docker_network }} \ | ||||||
| 			--env-file={{ matrix_jitsi_jicofo_base_path }}/env \ | 			--env-file={{ matrix_jitsi_jicofo_base_path }}/env \ | ||||||
| @@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_jitsi_jicofo_docker_image }} | 			{{ matrix_jitsi_jicofo_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo | ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo | ||||||
| ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo | ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-jitsi-jicofo | SyslogIdentifier=matrix-jitsi-jicofo | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--network={{ matrix_docker_network }} \ | 			--network={{ matrix_docker_network }} \ | ||||||
| 			--env-file={{ matrix_jitsi_jvb_base_path }}/env \ | 			--env-file={{ matrix_jitsi_jvb_base_path }}/env \ | ||||||
| @@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_jitsi_jvb_docker_image }} | 			{{ matrix_jitsi_jvb_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb | ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb | ||||||
| ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb | ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-jitsi-jvb | SyslogIdentifier=matrix-jitsi-jvb | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--network={{ matrix_docker_network }} \ | 			--network={{ matrix_docker_network }} \ | ||||||
| 			--env-file={{ matrix_jitsi_prosody_base_path }}/env \ | 			--env-file={{ matrix_jitsi_prosody_base_path }}/env \ | ||||||
| @@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_jitsi_prosody_docker_image }} | 			{{ matrix_jitsi_prosody_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody | ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody | ||||||
| ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody | ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-jitsi-prosody | SyslogIdentifier=matrix-jitsi-prosody | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--network={{ matrix_docker_network }} \ | 			--network={{ matrix_docker_network }} \ | ||||||
| 			--env-file={{ matrix_jitsi_web_base_path }}/env \ | 			--env-file={{ matrix_jitsi_web_base_path }}/env \ | ||||||
| @@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_jitsi_web_docker_image }} | 			{{ matrix_jitsi_web_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-jitsi-web | ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web | ||||||
| ExecStop=-/usr/bin/docker rm matrix-jitsi-web | ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-jitsi-web | SyslogIdentifier=matrix-jitsi-web | ||||||
|   | |||||||
| @@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true | |||||||
| # | # | ||||||
| # For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`) | # For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`) | ||||||
| # or completely replace this variable with your own template. | # or completely replace this variable with your own template. | ||||||
| matrix_ma1sd_configuration_yaml: | | matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}" | ||||||
|   #jinja2: lstrip_blocks: True |  | ||||||
|   matrix: |  | ||||||
|     domain: {{ matrix_domain }} |  | ||||||
|     v1: {{ matrix_ma1sd_v1_enabled|to_json }} |  | ||||||
|     v2: {{ matrix_ma1sd_v2_enabled|to_json }} |  | ||||||
|  |  | ||||||
|   server: |  | ||||||
|     name: {{ matrix_server_fqn_matrix }} |  | ||||||
|  |  | ||||||
|   key: |  | ||||||
|     path: /var/ma1sd/sign.key |  | ||||||
|  |  | ||||||
|   storage: |  | ||||||
|     provider: |  | ||||||
|       sqlite: |  | ||||||
|         database: /var/ma1sd/ma1sd.db |  | ||||||
|  |  | ||||||
|   {% if matrix_ma1sd_dns_overwrite_enabled %} |  | ||||||
|   dns: |  | ||||||
|     overwrite: |  | ||||||
|       homeserver: |  | ||||||
|         client: |  | ||||||
|           - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }} |  | ||||||
|             value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }} |  | ||||||
|   {% endif %} |  | ||||||
|  |  | ||||||
|   {% if matrix_ma1sd_matrixorg_forwarding_enabled %} |  | ||||||
|   forward: |  | ||||||
|     servers: ['matrix-org'] |  | ||||||
|   {% endif %} |  | ||||||
|  |  | ||||||
|   threepid: |  | ||||||
|     medium: |  | ||||||
|       email: |  | ||||||
|         identity: |  | ||||||
|           from: {{ matrix_ma1sd_threepid_medium_email_identity_from }} |  | ||||||
|         connectors: |  | ||||||
|           smtp: |  | ||||||
|             host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }} |  | ||||||
|             port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }} |  | ||||||
|             tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }} |  | ||||||
|             login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }} |  | ||||||
|             password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }} |  | ||||||
|   {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %} |  | ||||||
|         generators: |  | ||||||
|           template: |  | ||||||
|             {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %} |  | ||||||
|             invite: '/var/ma1sd/invite-template.eml' |  | ||||||
|             {% endif %} |  | ||||||
|             {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} |  | ||||||
|             session: |  | ||||||
|               {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %} |  | ||||||
|               validation: '/var/ma1sd/validate-template.eml' |  | ||||||
|               {% endif %} |  | ||||||
|               {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} |  | ||||||
|               unbind: |  | ||||||
|                 frandulent: '/var/ma1sd/unbind-fraudulent.eml' |  | ||||||
|               {% endif %} |  | ||||||
|             {% endif %} |  | ||||||
|             {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %} |  | ||||||
|             generic: |  | ||||||
|               matrixId: '/var/ma1sd/mxid-template.eml' |  | ||||||
|             {% endif %} |  | ||||||
|   {% endif %} |  | ||||||
|  |  | ||||||
|   synapseSql: |  | ||||||
|     enabled: {{ matrix_ma1sd_synapsesql_enabled }} |  | ||||||
|     type: {{ matrix_ma1sd_synapsesql_type }} |  | ||||||
|     connection: {{ matrix_ma1sd_synapsesql_connection }} |  | ||||||
|  |  | ||||||
| matrix_ma1sd_configuration_extension_yaml: | | matrix_ma1sd_configuration_extension_yaml: | | ||||||
|   # Your custom YAML configuration for ma1sd goes here. |   # Your custom YAML configuration for ma1sd goes here. | ||||||
|   | |||||||
							
								
								
									
										69
									
								
								roles/matrix-ma1sd/templates/ma1sd.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								roles/matrix-ma1sd/templates/ma1sd.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | |||||||
|  | #jinja2: lstrip_blocks: True | ||||||
|  | matrix: | ||||||
|  |   domain: {{ matrix_domain }} | ||||||
|  |   v1: {{ matrix_ma1sd_v1_enabled|to_json }} | ||||||
|  |   v2: {{ matrix_ma1sd_v2_enabled|to_json }} | ||||||
|  |  | ||||||
|  | server: | ||||||
|  |   name: {{ matrix_server_fqn_matrix }} | ||||||
|  |  | ||||||
|  | key: | ||||||
|  |   path: /var/ma1sd/sign.key | ||||||
|  |  | ||||||
|  | storage: | ||||||
|  |   provider: | ||||||
|  |     sqlite: | ||||||
|  |       database: /var/ma1sd/ma1sd.db | ||||||
|  |  | ||||||
|  | {% if matrix_ma1sd_dns_overwrite_enabled %} | ||||||
|  | dns: | ||||||
|  |   overwrite: | ||||||
|  |     homeserver: | ||||||
|  |       client: | ||||||
|  |         - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }} | ||||||
|  |           value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | {% if matrix_ma1sd_matrixorg_forwarding_enabled %} | ||||||
|  | forward: | ||||||
|  |   servers: ['matrix-org'] | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | threepid: | ||||||
|  |   medium: | ||||||
|  |     email: | ||||||
|  |       identity: | ||||||
|  |         from: {{ matrix_ma1sd_threepid_medium_email_identity_from }} | ||||||
|  |       connectors: | ||||||
|  |         smtp: | ||||||
|  |           host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }} | ||||||
|  |           port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }} | ||||||
|  |           tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }} | ||||||
|  |           login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }} | ||||||
|  |           password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }} | ||||||
|  | {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %} | ||||||
|  |       generators: | ||||||
|  |         template: | ||||||
|  |           {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %} | ||||||
|  |           invite: '/var/ma1sd/invite-template.eml' | ||||||
|  |           {% endif %} | ||||||
|  |           {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} | ||||||
|  |           session: | ||||||
|  |             {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %} | ||||||
|  |             validation: '/var/ma1sd/validate-template.eml' | ||||||
|  |             {% endif %} | ||||||
|  |             {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} | ||||||
|  |             unbind: | ||||||
|  |               frandulent: '/var/ma1sd/unbind-fraudulent.eml' | ||||||
|  |             {% endif %} | ||||||
|  |           {% endif %} | ||||||
|  |           {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %} | ||||||
|  |           generic: | ||||||
|  |             matrixId: '/var/ma1sd/mxid-template.eml' | ||||||
|  |           {% endif %} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  | synapseSql: | ||||||
|  |   enabled: {{ matrix_ma1sd_synapsesql_enabled }} | ||||||
|  |   type: {{ matrix_ma1sd_synapsesql_type }} | ||||||
|  |   connection: {{ matrix_ma1sd_synapsesql_connection }} | ||||||
| @@ -11,12 +11,12 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-ma1sd | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-ma1sd | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd | ||||||
|  |  | ||||||
| # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, | # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, | ||||||
| # so /tmp needs to be mounted with an exec option. | # so /tmp needs to be mounted with an exec option. | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_ma1sd_docker_image }} | 			{{ matrix_ma1sd_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-ma1sd | ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd | ||||||
| ExecStop=-/usr/bin/docker rm matrix-ma1sd | ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-ma1sd | SyslogIdentifier=matrix-ma1sd | ||||||
|   | |||||||
| @@ -2,7 +2,12 @@ matrix_mailer_enabled: true | |||||||
|  |  | ||||||
| matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" | matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" | ||||||
|  |  | ||||||
| matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0" | matrix_mailer_container_image_self_build: false | ||||||
|  | matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay" | ||||||
|  | matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" | ||||||
|  | matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" | ||||||
|  |  | ||||||
|  | matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0" | ||||||
| matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" | matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| # The user/group that the container runs with. | # The user/group that the container runs with. | ||||||
|   | |||||||
| @@ -6,12 +6,15 @@ | |||||||
|  |  | ||||||
| - name: Ensure mailer base path exists | - name: Ensure mailer base path exists | ||||||
|   file: |   file: | ||||||
|     path: "{{ matrix_mailer_base_path }}" |     path: "{{ item.path }}" | ||||||
|     state: directory |     state: directory | ||||||
|     mode: 0750 |     mode: 0750 | ||||||
|     owner: "{{ matrix_user_username }}" |     owner: "{{ matrix_user_username }}" | ||||||
|     group: "{{ matrix_user_groupname }}" |     group: "{{ matrix_user_groupname }}" | ||||||
|   when: matrix_mailer_enabled|bool |   with_items: | ||||||
|  |     - { path: "{{ matrix_mailer_base_path }}", when: true } | ||||||
|  |     - { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" } | ||||||
|  |   when: "matrix_mailer_enabled|bool and item.when" | ||||||
|  |  | ||||||
| - name: Ensure mailer environment variables file created | - name: Ensure mailer environment variables file created | ||||||
|   template: |   template: | ||||||
| @@ -20,13 +23,31 @@ | |||||||
|     mode: 0640 |     mode: 0640 | ||||||
|   when: matrix_mailer_enabled|bool |   when: matrix_mailer_enabled|bool | ||||||
|  |  | ||||||
| - name: Ensure mailer image is pulled | - name: Ensure exim-relay repository is present on self-build | ||||||
|  |   git: | ||||||
|  |     repo: "{{ matrix_mailer_container_image_self_build_repository_url }}" | ||||||
|  |     dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}" | ||||||
|  |     version: "{{ matrix_mailer_container_image_self_build_version }}" | ||||||
|  |     force: "yes" | ||||||
|  |   when: "matrix_mailer_container_image_self_build|bool" | ||||||
|  |  | ||||||
|  | - name: Ensure exim-relay Docker image is built | ||||||
|  |   docker_image: | ||||||
|  |     name: "{{ matrix_mailer_docker_image }}" | ||||||
|  |     source: build | ||||||
|  |     build: | ||||||
|  |       dockerfile: Dockerfile | ||||||
|  |       path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" | ||||||
|  |       pull: yes | ||||||
|  |   when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" | ||||||
|  |  | ||||||
|  | - name: Ensure exim-relay image is pulled | ||||||
|   docker_image: |   docker_image: | ||||||
|     name: "{{ matrix_mailer_docker_image }}" |     name: "{{ matrix_mailer_docker_image }}" | ||||||
|     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" |     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||||||
|     force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" |     force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" |     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" | ||||||
|   when: matrix_mailer_enabled|bool |   when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" | ||||||
|  |  | ||||||
| - name: Ensure matrix-mailer.service installed | - name: Ensure matrix-mailer.service installed | ||||||
|   template: |   template: | ||||||
|   | |||||||
| @@ -6,10 +6,10 @@ Requires=docker.service | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-mailer | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-mailer | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ | 			--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_mailer_docker_image }} | 			{{ matrix_mailer_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-mailer | ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer | ||||||
| ExecStop=-/usr/bin/docker rm matrix-mailer | ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-mailer | SyslogIdentifier=matrix-mailer | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true | |||||||
| # We use an official nginx image, which we fix-up to run unprivileged. | # We use an official nginx image, which we fix-up to run unprivileged. | ||||||
| # An alternative would be an `nginxinc/nginx-unprivileged` image, but | # An alternative would be an `nginxinc/nginx-unprivileged` image, but | ||||||
| # that is frequently out of date. | # that is frequently out of date. | ||||||
| matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine" | matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine" | ||||||
| matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" | matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" | matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" | ||||||
| @@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] | |||||||
|  |  | ||||||
| # Controls whether to obtain production or staging certificates from Let's Encrypt. | # Controls whether to obtain production or staging certificates from Let's Encrypt. | ||||||
| matrix_ssl_lets_encrypt_staging: false | matrix_ssl_lets_encrypt_staging: false | ||||||
| matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0" | matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0" | ||||||
| matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" | matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" | ||||||
| matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 | matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 | ||||||
| matrix_ssl_lets_encrypt_support_email: ~ | matrix_ssl_lets_encrypt_support_email: ~ | ||||||
|   | |||||||
| @@ -84,7 +84,7 @@ | |||||||
|       hour: "5" |       hour: "5" | ||||||
|       minute: "20" |       minute: "20" | ||||||
|       day: "*" |       day: "*" | ||||||
|       job: /bin/systemctl reload matrix-nginx-proxy.service |       job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service" | ||||||
|     when: matrix_nginx_proxy_enabled|bool |     when: matrix_nginx_proxy_enabled|bool | ||||||
|   when: "matrix_ssl_retrieval_method == 'lets-encrypt'" |   when: "matrix_ssl_retrieval_method == 'lets-encrypt'" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -16,7 +16,7 @@ | |||||||
| # We suppress the error, as we'll try another method below. | # We suppress the error, as we'll try another method below. | ||||||
| - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly) | - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly) | ||||||
|   shell: >- |   shell: >- | ||||||
|     /usr/bin/docker run |     {{ matrix_host_command_docker }} run | ||||||
|     --rm |     --rm | ||||||
|     --name=matrix-certbot |     --name=matrix-certbot | ||||||
|     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
| @@ -43,7 +43,7 @@ | |||||||
| # and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`. | # and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`. | ||||||
| - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy) | - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy) | ||||||
|   shell: >- |   shell: >- | ||||||
|     /usr/bin/docker run |     {{ matrix_host_command_docker }} run | ||||||
|     --rm |     --rm | ||||||
|     --name=matrix-certbot |     --name=matrix-certbot | ||||||
|     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|   | |||||||
| @@ -150,7 +150,7 @@ | |||||||
| 	} | 	} | ||||||
| 	{% endif %} | 	{% endif %} | ||||||
|  |  | ||||||
| 	location /_synapse/admin { | 	location /_synapse { | ||||||
| 		{% if matrix_nginx_proxy_enabled %} | 		{% if matrix_nginx_proxy_enabled %} | ||||||
| 			{# Use the embedded DNS resolver in Docker containers to discover the service #} | 			{# Use the embedded DNS resolver in Docker containers to discover the service #} | ||||||
| 			resolver 127.0.0.11 valid=5s; | 			resolver 127.0.0.11 valid=5s; | ||||||
|   | |||||||
| @@ -11,10 +11,10 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_nginx_proxy_docker_image }} | 			{{ matrix_nginx_proxy_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-nginx-proxy | ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy | ||||||
| ExecStop=-/usr/bin/docker rm matrix-nginx-proxy | ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy | ||||||
| ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload | ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-nginx-proxy | SyslogIdentifier=matrix-nginx-proxy | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ matrix_postgres_db_name: "" | |||||||
| matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" | matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" | ||||||
| matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" | matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" | ||||||
|  |  | ||||||
| matrix_postgres_docker_image_v9: "postgres:9.6.17-alpine" | matrix_postgres_docker_image_v9: "postgres:9.6.18-alpine" | ||||||
| matrix_postgres_docker_image_v10: "postgres:10.12-alpine" | matrix_postgres_docker_image_v10: "postgres:10.13-alpine" | ||||||
| matrix_postgres_docker_image_v11: "postgres:11.7-alpine" | matrix_postgres_docker_image_v11: "postgres:11.8-alpine" | ||||||
| matrix_postgres_docker_image_v12: "postgres:12.2-alpine" | matrix_postgres_docker_image_v12: "postgres:12.3-alpine" | ||||||
| matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}" | matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}" | ||||||
|  |  | ||||||
| # This variable is assigned at runtime. Overriding its value has no effect. | # This variable is assigned at runtime. Overriding its value has no effect. | ||||||
|   | |||||||
| @@ -63,7 +63,7 @@ | |||||||
| - name: Generate Postgres database import command | - name: Generate Postgres database import command | ||||||
|   set_fact: |   set_fact: | ||||||
|     matrix_postgres_import_command: >- |     matrix_postgres_import_command: >- | ||||||
|       /usr/bin/docker run --rm --name matrix-postgres-import |       {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import | ||||||
|       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|       --cap-drop=ALL |       --cap-drop=ALL | ||||||
|       --network={{ matrix_docker_network }} |       --network={{ matrix_docker_network }} | ||||||
|   | |||||||
| @@ -79,6 +79,7 @@ | |||||||
|     --network={{ matrix_docker_network }} |     --network={{ matrix_docker_network }} | ||||||
|     --entrypoint=python |     --entrypoint=python | ||||||
|     -v {{ matrix_synapse_config_dir_path }}:/data |     -v {{ matrix_synapse_config_dir_path }}:/data | ||||||
|  |     -v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store | ||||||
|     -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro |     -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro | ||||||
|     {{ matrix_synapse_docker_image }} |     {{ matrix_synapse_docker_image }} | ||||||
|     /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml |     /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml | ||||||
|   | |||||||
| @@ -66,7 +66,7 @@ | |||||||
| - name: Generate Postgres database synapse-janitor command | - name: Generate Postgres database synapse-janitor command | ||||||
|   set_fact: |   set_fact: | ||||||
|     matrix_postgres_synapse_janitor_command: >- |     matrix_postgres_synapse_janitor_command: >- | ||||||
|       /usr/bin/docker run --rm --name matrix-postgres-synapse-janitor |       {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor | ||||||
|       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|       --cap-drop=ALL |       --cap-drop=ALL | ||||||
|       --network={{ matrix_docker_network }} |       --network={{ matrix_docker_network }} | ||||||
|   | |||||||
| @@ -45,7 +45,7 @@ | |||||||
| - name: Generate Postgres database vacuum command | - name: Generate Postgres database vacuum command | ||||||
|   set_fact: |   set_fact: | ||||||
|     matrix_postgres_vacuum_command: >- |     matrix_postgres_vacuum_command: >- | ||||||
|       /usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum |       {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum | ||||||
|       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|       --cap-drop=ALL |       --cap-drop=ALL | ||||||
|       --network={{ matrix_docker_network }} |       --network={{ matrix_docker_network }} | ||||||
|   | |||||||
| @@ -79,7 +79,7 @@ | |||||||
| # we need to remove these from the dump, or we'll get errors saying these already exist. | # we need to remove these from the dump, or we'll get errors saying these already exist. | ||||||
| - name: Perform Postgres database dump | - name: Perform Postgres database dump | ||||||
|   command: >- |   command: >- | ||||||
|     /usr/bin/docker run --rm --name matrix-postgres-dump |     {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump | ||||||
|     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |     --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|     --network={{ matrix_docker_network }} |     --network={{ matrix_docker_network }} | ||||||
|     --env-file={{ matrix_postgres_base_path }}/env-postgres-psql |     --env-file={{ matrix_postgres_base_path }}/env-postgres-psql | ||||||
| @@ -123,7 +123,7 @@ | |||||||
| - name: Generate Postgres database import command | - name: Generate Postgres database import command | ||||||
|   set_fact: |   set_fact: | ||||||
|     matrix_postgres_import_command: >- |     matrix_postgres_import_command: >- | ||||||
|       /usr/bin/docker run --rm --name matrix-postgres-import |       {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import | ||||||
|       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} |       --user={{ matrix_user_uid }}:{{ matrix_user_gid }} | ||||||
|       --cap-drop=ALL |       --cap-drop=ALL | ||||||
|       --network={{ matrix_docker_network }} |       --network={{ matrix_docker_network }} | ||||||
|   | |||||||
| @@ -6,10 +6,10 @@ Requires=docker.service | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker stop matrix-postgres | ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-postgres | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_postgres_docker_image_to_use }} | 			{{ matrix_postgres_docker_image_to_use }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker stop matrix-postgres | ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres | ||||||
| ExecStop=-/usr/bin/docker rm matrix-postgres | ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-postgres | SyslogIdentifier=matrix-postgres | ||||||
|   | |||||||
| @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true | |||||||
|  |  | ||||||
| matrix_riot_web_container_image_self_build: false | matrix_riot_web_container_image_self_build: false | ||||||
|  |  | ||||||
| matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1" | matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4" | ||||||
| matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" | matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" | matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" | ||||||
|   | |||||||
| @@ -8,10 +8,10 @@ After={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-riot-web | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-riot-web | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -22,7 +22,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ | |||||||
| 			{% endif %} | 			{% endif %} | ||||||
| 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \ | 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \ | ||||||
| 			-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \ | 			-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \ | ||||||
| 			-v /dev/null:/etc/nginx/conf.d/default.conf:ro \ |  | ||||||
| 			-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \ | 			-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \ | ||||||
| 			-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \ | 			-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \ | ||||||
| 			{% if matrix_riot_web_embedded_pages_home_path is not none %} | 			{% if matrix_riot_web_embedded_pages_home_path is not none %} | ||||||
| @@ -34,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ | |||||||
| 			{% endfor %} | 			{% endfor %} | ||||||
| 			{{ matrix_riot_web_docker_image }} | 			{{ matrix_riot_web_docker_image }} | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-riot-web | ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web | ||||||
| ExecStop=-/usr/bin/docker rm matrix-riot-web | ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-riot-web | SyslogIdentifier=matrix-riot-web | ||||||
|   | |||||||
| @@ -5,7 +5,7 @@ matrix_synapse_enabled: true | |||||||
|  |  | ||||||
| matrix_synapse_container_image_self_build: false | matrix_synapse_container_image_self_build: false | ||||||
|  |  | ||||||
| matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0" | matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0" | ||||||
| matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" | matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" | matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" | ||||||
| @@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true | |||||||
| # Controls the number of events that Synapse caches in memory. | # Controls the number of events that Synapse caches in memory. | ||||||
| matrix_synapse_event_cache_size: "100K" | matrix_synapse_event_cache_size: "100K" | ||||||
|  |  | ||||||
| # Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable. | # Controls cache sizes for Synapse. | ||||||
| # Raise this to increase cache sizes or lower it to potentially lower memory use. | # Raise this to increase cache sizes or lower it to potentially lower memory use. | ||||||
| # To learn more, see: | # To learn more, see: | ||||||
| # - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram | # - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram | ||||||
| # - https://github.com/matrix-org/synapse/issues/3939 | # - https://github.com/matrix-org/synapse/issues/3939 | ||||||
| matrix_synapse_cache_factor: 0.5 | matrix_synapse_caches_global_factor: 0.5 | ||||||
|  |  | ||||||
| # Controls whether Synapse will federate at all. | # Controls whether Synapse will federate at all. | ||||||
| # Disable this to completely isolate your server from the rest of the Matrix network. | # Disable this to completely isolate your server from the rest of the Matrix network. | ||||||
| @@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals | |||||||
| # Enable this to activate the Shared Secret Auth password provider module. | # Enable this to activate the Shared Secret Auth password provider module. | ||||||
| # See: https://github.com/devture/matrix-synapse-shared-secret-auth | # See: https://github.com/devture/matrix-synapse-shared-secret-auth | ||||||
| matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false | matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false | ||||||
| matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py" | matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" | ||||||
| matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" | matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" | ||||||
|  |  | ||||||
| # Enable this to activate LDAP password provider | # Enable this to activate LDAP password provider | ||||||
| @@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5" | |||||||
| # | # | ||||||
| # If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime. | # If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime. | ||||||
| # If not, you can also control its value manually. | # If not, you can also control its value manually. | ||||||
| matrix_synapse_spam_checker: ~ | matrix_synapse_spam_checker: [] | ||||||
|  |  | ||||||
| matrix_synapse_trusted_key_servers: | matrix_synapse_trusted_key_servers: | ||||||
|   - server_name: "matrix.org" |   - server_name: "matrix.org" | ||||||
|   | |||||||
| @@ -38,10 +38,15 @@ | |||||||
|   become_user: "{{ matrix_user_username }}" |   become_user: "{{ matrix_user_username }}" | ||||||
|  |  | ||||||
| - set_fact: | - set_fact: | ||||||
|     matrix_synapse_spam_checker: |     matrix_synapse_spam_checker: > | ||||||
|       module: "synapse_simple_antispam.AntiSpamInvites" |       {{ matrix_synapse_spam_checker }} | ||||||
|       config: |       + | ||||||
|         blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}" |       [{ | ||||||
|  |         "module": "synapse_simple_antispam.AntiSpamInvites", | ||||||
|  |         "config": { | ||||||
|  |           "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }} | ||||||
|  |         } | ||||||
|  |       }] | ||||||
|  |  | ||||||
|     matrix_synapse_container_extra_arguments: > |     matrix_synapse_container_extra_arguments: > | ||||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} |       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||||
|   | |||||||
| @@ -11,7 +11,7 @@ | |||||||
|  |  | ||||||
| - name: Fail if Matrix Federation API not working | - name: Fail if Matrix Federation API not working | ||||||
|   fail: |   fail: | ||||||
|     msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" |     msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" | ||||||
|   when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" |   when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" | ||||||
|  |  | ||||||
| - name: Fail if Matrix Federation API unexpectedly enabled | - name: Fail if Matrix Federation API unexpectedly enabled | ||||||
|   | |||||||
| @@ -36,7 +36,7 @@ | |||||||
|   when: "start_result.changed or postgres_start_result.changed" |   when: "start_result.changed or postgres_start_result.changed" | ||||||
|  |  | ||||||
| - name: Generate password hash | - name: Generate password hash | ||||||
|   shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" |   shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" | ||||||
|   register: password_hash |   register: password_hash | ||||||
|  |  | ||||||
| - name: Update user password hash | - name: Update user password hash | ||||||
|   | |||||||
| @@ -31,3 +31,4 @@ | |||||||
|     - {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'} |     - {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'} | ||||||
|     - {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'} |     - {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'} | ||||||
|     - {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'} |     - {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'} | ||||||
|  |     - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} | ||||||
|   | |||||||
| @@ -6,10 +6,10 @@ Requires=docker.service | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill %n | ExecStartPre=-{{ matrix_host_command_docker }} kill %n | ||||||
| ExecStartPre=-/usr/bin/docker rm %n | ExecStartPre=-{{ matrix_host_command_docker }} rm %n | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name %n \ | ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			-v /etc/passwd:/etc/passwd:ro \ | 			-v /etc/passwd:/etc/passwd:ro \ | ||||||
| @@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \ | |||||||
| 			-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' | 			-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' | ||||||
|  |  | ||||||
| TimeoutStartSec=5min | TimeoutStartSec=5min | ||||||
| ExecStop=-/usr/bin/docker stop %n | ExecStop=-{{ matrix_host_command_docker }} stop %n | ||||||
| ExecStop=-/usr/bin/docker kill %n | ExecStop=-{{ matrix_host_command_docker }} kill %n | ||||||
| ExecStop=-/usr/bin/docker rm %n | ExecStop=-{{ matrix_host_command_docker }} rm %n | ||||||
| ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }} | ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }} | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=5 | RestartSec=5 | ||||||
| SyslogIdentifier=matrix-goofys | SyslogIdentifier=matrix-goofys | ||||||
|   | |||||||
| @@ -320,22 +320,27 @@ listeners: | |||||||
| # Used by phonehome stats to group together related servers. | # Used by phonehome stats to group together related servers. | ||||||
| #server_context: context | #server_context: context | ||||||
|  |  | ||||||
| # Resource-constrained homeserver Settings | # Resource-constrained homeserver settings | ||||||
| # | # | ||||||
| # If limit_remote_rooms.enabled is True, the room complexity will be | # When this is enabled, the room "complexity" will be checked before a user | ||||||
| # checked before a user joins a new remote room. If it is above | # joins a new remote room. If it is above the complexity limit, the server will | ||||||
| # limit_remote_rooms.complexity, it will disallow joining or | # disallow joining, or will instantly leave. | ||||||
| # instantly leave. |  | ||||||
| # | # | ||||||
| # limit_remote_rooms.complexity_error can be set to customise the text | # Room complexity is an arbitrary measure based on factors such as the number of | ||||||
| # displayed to the user when a room above the complexity threshold has | # users in the room. | ||||||
| # its join cancelled. |  | ||||||
| # | # | ||||||
| # Uncomment the below lines to enable: | limit_remote_rooms: | ||||||
| #limit_remote_rooms: |   # Uncomment to enable room complexity checking. | ||||||
| #  enabled: True |   # | ||||||
| #  complexity: 1.0 |   #enabled: true | ||||||
| #  complexity_error: "This room is too complex." |  | ||||||
|  |   # the limit above which rooms cannot be joined. The default is 1.0. | ||||||
|  |   # | ||||||
|  |   #complexity: 0.5 | ||||||
|  |  | ||||||
|  |   # override the error which is returned when the room is too complex. | ||||||
|  |   # | ||||||
|  |   #complexity_error: "This room is too complex." | ||||||
|  |  | ||||||
| # Whether to require a user to be in the room to add an alias to it. | # Whether to require a user to be in the room to add an alias to it. | ||||||
| # Defaults to 'true'. | # Defaults to 'true'. | ||||||
| @@ -605,6 +610,50 @@ acme: | |||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ## Caching ## | ||||||
|  |  | ||||||
|  | # Caching can be configured through the following options. | ||||||
|  | # | ||||||
|  | # A cache 'factor' is a multiplier that can be applied to each of | ||||||
|  | # Synapse's caches in order to increase or decrease the maximum | ||||||
|  | # number of entries that can be stored. | ||||||
|  |  | ||||||
|  | # The number of events to cache in memory. Not affected by | ||||||
|  | # caches.global_factor. | ||||||
|  | # | ||||||
|  | event_cache_size: "{{ matrix_synapse_event_cache_size }}" | ||||||
|  |  | ||||||
|  | caches: | ||||||
|  |    # Controls the global cache factor, which is the default cache factor | ||||||
|  |    # for all caches if a specific factor for that cache is not otherwise | ||||||
|  |    # set. | ||||||
|  |    # | ||||||
|  |    # This can also be set by the "SYNAPSE_CACHE_FACTOR" environment | ||||||
|  |    # variable. Setting by environment variable takes priority over | ||||||
|  |    # setting through the config file. | ||||||
|  |    # | ||||||
|  |    # Defaults to 0.5, which will half the size of all caches. | ||||||
|  |    # | ||||||
|  |    global_factor: {{ matrix_synapse_caches_global_factor }} | ||||||
|  |  | ||||||
|  |    # A dictionary of cache name to cache factor for that individual | ||||||
|  |    # cache. Overrides the global cache factor for a given cache. | ||||||
|  |    # | ||||||
|  |    # These can also be set through environment variables comprised | ||||||
|  |    # of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital | ||||||
|  |    # letters and underscores. Setting by environment variable | ||||||
|  |    # takes priority over setting through the config file. | ||||||
|  |    # Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0 | ||||||
|  |    # | ||||||
|  |    # Some caches have '*' and other characters that are not | ||||||
|  |    # alphanumeric or underscores. These caches can be named with or | ||||||
|  |    # without the special characters stripped. For example, to specify | ||||||
|  |    # the cache factor for `*stateGroupCache*` via an environment | ||||||
|  |    # variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`. | ||||||
|  |    # | ||||||
|  |    per_cache_factors: | ||||||
|  |      #get_users_who_share_room_with_user: 2.0 | ||||||
|  |  | ||||||
| ## Database ## | ## Database ## | ||||||
|  |  | ||||||
| database: | database: | ||||||
| @@ -618,10 +667,6 @@ database: | |||||||
|     cp_min: 5 |     cp_min: 5 | ||||||
|     cp_max: 10 |     cp_max: 10 | ||||||
|  |  | ||||||
| # Number of events to cache in memory. |  | ||||||
| # |  | ||||||
| event_cache_size: "{{ matrix_synapse_event_cache_size }}" |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Logging ## | ## Logging ## | ||||||
|  |  | ||||||
| @@ -884,25 +929,28 @@ url_preview_accept_language: | |||||||
|  |  | ||||||
|  |  | ||||||
| ## Captcha ## | ## Captcha ## | ||||||
| # See docs/CAPTCHA_SETUP for full details of configuring this. | # See docs/CAPTCHA_SETUP.md for full details of configuring this. | ||||||
|  |  | ||||||
| # This homeserver's ReCAPTCHA public key. | # This homeserver's ReCAPTCHA public key. Must be specified if | ||||||
|  | # enable_registration_captcha is enabled. | ||||||
| # | # | ||||||
| #recaptcha_public_key: "YOUR_PUBLIC_KEY" | #recaptcha_public_key: "YOUR_PUBLIC_KEY" | ||||||
|  |  | ||||||
| # This homeserver's ReCAPTCHA private key. | # This homeserver's ReCAPTCHA private key. Must be specified if | ||||||
|  | # enable_registration_captcha is enabled. | ||||||
| # | # | ||||||
| #recaptcha_private_key: "YOUR_PRIVATE_KEY" | #recaptcha_private_key: "YOUR_PRIVATE_KEY" | ||||||
|  |  | ||||||
| # Enables ReCaptcha checks when registering, preventing signup | # Uncomment to enable ReCaptcha checks when registering, preventing signup | ||||||
| # unless a captcha is answered. Requires a valid ReCaptcha | # unless a captcha is answered. Requires a valid ReCaptcha | ||||||
| # public/private key. | # public/private key. Defaults to 'false'. | ||||||
| # | # | ||||||
| #enable_registration_captcha: false | #enable_registration_captcha: true | ||||||
|  |  | ||||||
| # The API endpoint to use for verifying m.login.recaptcha responses. | # The API endpoint to use for verifying m.login.recaptcha responses. | ||||||
|  | # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify". | ||||||
| # | # | ||||||
| #recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify" | #recaptcha_siteverify_api: "https://my.recaptcha.site" | ||||||
|  |  | ||||||
|  |  | ||||||
| ## TURN ## | ## TURN ## | ||||||
| @@ -1151,6 +1199,13 @@ auto_join_rooms: | |||||||
| # | # | ||||||
| autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }} | autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }} | ||||||
|  |  | ||||||
|  | # When auto_join_rooms is specified, setting this flag to false prevents | ||||||
|  | # guest accounts from being automatically joined to the rooms. | ||||||
|  | # | ||||||
|  | # Defaults to true. | ||||||
|  | # | ||||||
|  | #auto_join_rooms_for_guests: false | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Metrics ### | ## Metrics ### | ||||||
|  |  | ||||||
| @@ -1182,6 +1237,7 @@ metrics_flags: | |||||||
|     #known_servers: true |     #known_servers: true | ||||||
|  |  | ||||||
| # Whether or not to report anonymized homeserver usage statistics. | # Whether or not to report anonymized homeserver usage statistics. | ||||||
|  | # | ||||||
| report_stats: {{ matrix_synapse_report_stats|to_json }} | report_stats: {{ matrix_synapse_report_stats|to_json }} | ||||||
|  |  | ||||||
| # The endpoint to report the anonymized homeserver usage statistics to. | # The endpoint to report the anonymized homeserver usage statistics to. | ||||||
| @@ -1307,6 +1363,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }} | |||||||
| #key_server_signing_keys_path: "key_server_signing_keys.key" | #key_server_signing_keys_path: "key_server_signing_keys.key" | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ## Single sign-on integration ## | ||||||
|  |  | ||||||
| # Enable SAML2 for registration and login. Uses pysaml2. | # Enable SAML2 for registration and login. Uses pysaml2. | ||||||
| # | # | ||||||
| # At least one of `sp_config` or `config_path` must be set in this section to | # At least one of `sp_config` or `config_path` must be set in this section to | ||||||
| @@ -1440,7 +1498,13 @@ saml2_config: | |||||||
|   # * HTML page to display to users if something goes wrong during the |   # * HTML page to display to users if something goes wrong during the | ||||||
|   #   authentication process: 'saml_error.html'. |   #   authentication process: 'saml_error.html'. | ||||||
|   # |   # | ||||||
|   #   This template doesn't currently need any variable to render. |   #   When rendering, this template is given the following variables: | ||||||
|  |   #     * code: an HTML error code corresponding to the error that is being | ||||||
|  |   #       returned (typically 400 or 500) | ||||||
|  |   # | ||||||
|  |   #     * msg: a textual message describing the error. | ||||||
|  |   # | ||||||
|  |   #   The variables will automatically be HTML-escaped. | ||||||
|   # |   # | ||||||
|   # You can see the default templates at: |   # You can see the default templates at: | ||||||
|   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates |   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates | ||||||
| @@ -1448,6 +1512,121 @@ saml2_config: | |||||||
|   #template_dir: "res/templates" |   #template_dir: "res/templates" | ||||||
|  |  | ||||||
|  |  | ||||||
|  | # OpenID Connect integration. The following settings can be used to make Synapse | ||||||
|  | # use an OpenID Connect Provider for authentication, instead of its internal | ||||||
|  | # password database. | ||||||
|  | # | ||||||
|  | # See https://github.com/matrix-org/synapse/blob/master/openid.md. | ||||||
|  | # | ||||||
|  | oidc_config: | ||||||
|  |   # Uncomment the following to enable authorization against an OpenID Connect | ||||||
|  |   # server. Defaults to false. | ||||||
|  |   # | ||||||
|  |   #enabled: true | ||||||
|  |  | ||||||
|  |   # Uncomment the following to disable use of the OIDC discovery mechanism to | ||||||
|  |   # discover endpoints. Defaults to true. | ||||||
|  |   # | ||||||
|  |   #discover: false | ||||||
|  |  | ||||||
|  |   # the OIDC issuer. Used to validate tokens and (if discovery is enabled) to | ||||||
|  |   # discover the provider's endpoints. | ||||||
|  |   # | ||||||
|  |   # Required if 'enabled' is true. | ||||||
|  |   # | ||||||
|  |   #issuer: "https://accounts.example.com/" | ||||||
|  |  | ||||||
|  |   # oauth2 client id to use. | ||||||
|  |   # | ||||||
|  |   # Required if 'enabled' is true. | ||||||
|  |   # | ||||||
|  |   #client_id: "provided-by-your-issuer" | ||||||
|  |  | ||||||
|  |   # oauth2 client secret to use. | ||||||
|  |   # | ||||||
|  |   # Required if 'enabled' is true. | ||||||
|  |   # | ||||||
|  |   #client_secret: "provided-by-your-issuer" | ||||||
|  |  | ||||||
|  |   # auth method to use when exchanging the token. | ||||||
|  |   # Valid values are 'client_secret_basic' (default), 'client_secret_post' and | ||||||
|  |   # 'none'. | ||||||
|  |   # | ||||||
|  |   #client_auth_method: client_secret_post | ||||||
|  |  | ||||||
|  |   # list of scopes to request. This should normally include the "openid" scope. | ||||||
|  |   # Defaults to ["openid"]. | ||||||
|  |   # | ||||||
|  |   #scopes: ["openid", "profile"] | ||||||
|  |  | ||||||
|  |   # the oauth2 authorization endpoint. Required if provider discovery is disabled. | ||||||
|  |   # | ||||||
|  |   #authorization_endpoint: "https://accounts.example.com/oauth2/auth" | ||||||
|  |  | ||||||
|  |   # the oauth2 token endpoint. Required if provider discovery is disabled. | ||||||
|  |   # | ||||||
|  |   #token_endpoint: "https://accounts.example.com/oauth2/token" | ||||||
|  |  | ||||||
|  |   # the OIDC userinfo endpoint. Required if discovery is disabled and the | ||||||
|  |   # "openid" scope is not requested. | ||||||
|  |   # | ||||||
|  |   #userinfo_endpoint: "https://accounts.example.com/userinfo" | ||||||
|  |  | ||||||
|  |   # URI where to fetch the JWKS. Required if discovery is disabled and the | ||||||
|  |   # "openid" scope is used. | ||||||
|  |   # | ||||||
|  |   #jwks_uri: "https://accounts.example.com/.well-known/jwks.json" | ||||||
|  |  | ||||||
|  |   # Uncomment to skip metadata verification. Defaults to false. | ||||||
|  |   # | ||||||
|  |   # Use this if you are connecting to a provider that is not OpenID Connect | ||||||
|  |   # compliant. | ||||||
|  |   # Avoid this in production. | ||||||
|  |   # | ||||||
|  |   #skip_verification: true | ||||||
|  |  | ||||||
|  |   # An external module can be provided here as a custom solution to mapping | ||||||
|  |   # attributes returned from a OIDC provider onto a matrix user. | ||||||
|  |   # | ||||||
|  |   user_mapping_provider: | ||||||
|  |     # The custom module's class. Uncomment to use a custom module. | ||||||
|  |     # Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. | ||||||
|  |     # | ||||||
|  |     # See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers | ||||||
|  |     # for information on implementing a custom mapping provider. | ||||||
|  |     # | ||||||
|  |     #module: mapping_provider.OidcMappingProvider | ||||||
|  |  | ||||||
|  |     # Custom configuration values for the module. This section will be passed as | ||||||
|  |     # a Python dictionary to the user mapping provider module's `parse_config` | ||||||
|  |     # method. | ||||||
|  |     # | ||||||
|  |     # The examples below are intended for the default provider: they should be | ||||||
|  |     # changed if using a custom provider. | ||||||
|  |     # | ||||||
|  |     config: | ||||||
|  |       # name of the claim containing a unique identifier for the user. | ||||||
|  |       # Defaults to `sub`, which OpenID Connect compliant providers should provide. | ||||||
|  |       # | ||||||
|  |       #subject_claim: "sub" | ||||||
|  |  | ||||||
|  |       # Jinja2 template for the localpart of the MXID. | ||||||
|  |       # | ||||||
|  |       # When rendering, this template is given the following variables: | ||||||
|  |       #   * user: The claims returned by the UserInfo Endpoint and/or in the ID | ||||||
|  |       #     Token | ||||||
|  |       # | ||||||
|  |       # This must be configured if using the default mapping provider. | ||||||
|  |       # | ||||||
|  |       localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}" | ||||||
|  |  | ||||||
|  |       # Jinja2 template for the display name to set on first login. | ||||||
|  |       # | ||||||
|  |       # If unset, no displayname will be set. | ||||||
|  |       # | ||||||
|  |       #display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}" | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| # Enable CAS for registration and login. | # Enable CAS for registration and login. | ||||||
| # | # | ||||||
| @@ -1455,10 +1634,97 @@ saml2_config: | |||||||
| #   enabled: true | #   enabled: true | ||||||
| #   server_url: "https://cas-server.com" | #   server_url: "https://cas-server.com" | ||||||
| #   service_url: "https://homeserver.domain.com:8448" | #   service_url: "https://homeserver.domain.com:8448" | ||||||
|  | #   #displayname_attribute: name | ||||||
| #   #required_attributes: | #   #required_attributes: | ||||||
| #   #    name: value | #   #    name: value | ||||||
|  |  | ||||||
|  |  | ||||||
|  | # Additional settings to use with single-sign on systems such as OpenID Connect, | ||||||
|  | # SAML2 and CAS. | ||||||
|  | # | ||||||
|  | sso: | ||||||
|  |     # A list of client URLs which are whitelisted so that the user does not | ||||||
|  |     # have to confirm giving access to their account to the URL. Any client | ||||||
|  |     # whose URL starts with an entry in the following list will not be subject | ||||||
|  |     # to an additional confirmation step after the SSO login is completed. | ||||||
|  |     # | ||||||
|  |     # WARNING: An entry such as "https://my.client" is insecure, because it | ||||||
|  |     # will also match "https://my.client.evil.site", exposing your users to | ||||||
|  |     # phishing attacks from evil.site. To avoid this, include a slash after the | ||||||
|  |     # hostname: "https://my.client/". | ||||||
|  |     # | ||||||
|  |     # If public_baseurl is set, then the login fallback page (used by clients | ||||||
|  |     # that don't natively support the required login flows) is whitelisted in | ||||||
|  |     # addition to any URLs in this list. | ||||||
|  |     # | ||||||
|  |     # By default, this list is empty. | ||||||
|  |     # | ||||||
|  |     #client_whitelist: | ||||||
|  |     #  - https://riot.im/develop | ||||||
|  |     #  - https://my.custom.client/ | ||||||
|  |  | ||||||
|  |     # Directory in which Synapse will try to find the template files below. | ||||||
|  |     # If not set, default templates from within the Synapse package will be used. | ||||||
|  |     # | ||||||
|  |     # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. | ||||||
|  |     # If you *do* uncomment it, you will need to make sure that all the templates | ||||||
|  |     # below are in the directory. | ||||||
|  |     # | ||||||
|  |     # Synapse will look for the following templates in this directory: | ||||||
|  |     # | ||||||
|  |     # * HTML page for a confirmation step before redirecting back to the client | ||||||
|  |     #   with the login token: 'sso_redirect_confirm.html'. | ||||||
|  |     # | ||||||
|  |     #   When rendering, this template is given three variables: | ||||||
|  |     #     * redirect_url: the URL the user is about to be redirected to. Needs | ||||||
|  |     #                     manual escaping (see | ||||||
|  |     #                     https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping). | ||||||
|  |     # | ||||||
|  |     #     * display_url: the same as `redirect_url`, but with the query | ||||||
|  |     #                    parameters stripped. The intention is to have a | ||||||
|  |     #                    human-readable URL to show to users, not to use it as | ||||||
|  |     #                    the final address to redirect to. Needs manual escaping | ||||||
|  |     #                    (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping). | ||||||
|  |     # | ||||||
|  |     #     * server_name: the homeserver's name. | ||||||
|  |     # | ||||||
|  |     # * HTML page which notifies the user that they are authenticating to confirm | ||||||
|  |     #   an operation on their account during the user interactive authentication | ||||||
|  |     #   process: 'sso_auth_confirm.html'. | ||||||
|  |     # | ||||||
|  |     #   When rendering, this template is given the following variables: | ||||||
|  |     #     * redirect_url: the URL the user is about to be redirected to. Needs | ||||||
|  |     #                     manual escaping (see | ||||||
|  |     #                     https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping). | ||||||
|  |     # | ||||||
|  |     #     * description: the operation which the user is being asked to confirm | ||||||
|  |     # | ||||||
|  |     # * HTML page shown after a successful user interactive authentication session: | ||||||
|  |     #   'sso_auth_success.html'. | ||||||
|  |     # | ||||||
|  |     #   Note that this page must include the JavaScript which notifies of a successful authentication | ||||||
|  |     #   (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback). | ||||||
|  |     # | ||||||
|  |     #   This template has no additional variables. | ||||||
|  |     # | ||||||
|  |     # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database) | ||||||
|  |     #   attempts to login: 'sso_account_deactivated.html'. | ||||||
|  |     # | ||||||
|  |     #   This template has no additional variables. | ||||||
|  |     # | ||||||
|  |     # * HTML page to display to users if something goes wrong during the | ||||||
|  |     #   OpenID Connect authentication process: 'sso_error.html'. | ||||||
|  |     # | ||||||
|  |     #   When rendering, this template is given two variables: | ||||||
|  |     #     * error: the technical name of the error | ||||||
|  |     #     * error_description: a human-readable message for the error | ||||||
|  |     # | ||||||
|  |     # You can see the default templates at: | ||||||
|  |     # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates | ||||||
|  |     # | ||||||
|  |     #template_dir: "res/templates" | ||||||
|  |  | ||||||
|  |  | ||||||
| # The JWT needs to contain a globally unique "sub" (subject) claim. | # The JWT needs to contain a globally unique "sub" (subject) claim. | ||||||
| # | # | ||||||
| #jwt_config: | #jwt_config: | ||||||
| @@ -1501,8 +1767,8 @@ email: | |||||||
|   # Username/password for authentication to the SMTP server. By default, no |   # Username/password for authentication to the SMTP server. By default, no | ||||||
|   # authentication is attempted. |   # authentication is attempted. | ||||||
|   # |   # | ||||||
|   # smtp_user: "exampleusername" |   #smtp_user: "exampleusername" | ||||||
|   # smtp_pass: "examplepassword" |   #smtp_pass: "examplepassword" | ||||||
|  |  | ||||||
|   # Uncomment the following to require TLS transport security for SMTP. |   # Uncomment the following to require TLS transport security for SMTP. | ||||||
|   # By default, Synapse will connect over plain text, and will then switch to |   # By default, Synapse will connect over plain text, and will then switch to | ||||||
| @@ -1681,10 +1947,17 @@ push: | |||||||
|    include_content: {{ matrix_synapse_push_include_content|to_json }} |    include_content: {{ matrix_synapse_push_include_content|to_json }} | ||||||
|  |  | ||||||
|  |  | ||||||
| #spam_checker: | # Spam checkers are third-party modules that can block specific actions | ||||||
| #  module: "my_custom_project.SuperSpamChecker" | # of local users, such as creating rooms and registering undesirable | ||||||
| #  config: | # usernames, as well as remote users by redacting incoming events. | ||||||
| #    example_option: 'things' | # | ||||||
|  | # spam_checker: | ||||||
|  |    #- module: "my_custom_project.SuperSpamChecker" | ||||||
|  |    #  config: | ||||||
|  |    #    example_option: 'things' | ||||||
|  |    #- module: "some_other_project.BadEventStopper" | ||||||
|  |    #  config: | ||||||
|  |    #    example_stop_events_from: ['@bad:example.com'] | ||||||
| spam_checker: {{ matrix_synapse_spam_checker|to_json }} | spam_checker: {{ matrix_synapse_spam_checker|to_json }} | ||||||
|  |  | ||||||
| # Uncomment to allow non-server-admin users to create groups on this server | # Uncomment to allow non-server-admin users to create groups on this server | ||||||
|   | |||||||
| @@ -11,16 +11,16 @@ Wants={{ service }} | |||||||
|  |  | ||||||
| [Service] | [Service] | ||||||
| Type=simple | Type=simple | ||||||
| ExecStartPre=-/usr/bin/docker kill matrix-synapse | ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse | ||||||
| ExecStartPre=-/usr/bin/docker rm matrix-synapse | ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse | ||||||
| {% if matrix_s3_media_store_enabled %} | {% if matrix_s3_media_store_enabled %} | ||||||
| # Allow for some time before starting, so that media store can mount. | # Allow for some time before starting, so that media store can mount. | ||||||
| # Mounting can happen later too, but if we start writing, | # Mounting can happen later too, but if we start writing, | ||||||
| # we'd write files to the local filesystem and fusermount will complain. | # we'd write files to the local filesystem and fusermount will complain. | ||||||
| ExecStartPre=/bin/sleep 3 | ExecStartPre={{ matrix_host_command_sleep }} 3 | ||||||
| {% endif %} | {% endif %} | ||||||
|  |  | ||||||
| ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ | ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ | ||||||
| 			--log-driver=none \ | 			--log-driver=none \ | ||||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||||
| 			--cap-drop=ALL \ | 			--cap-drop=ALL \ | ||||||
| @@ -28,7 +28,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ | |||||||
| 			--read-only \ | 			--read-only \ | ||||||
| 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ | 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ | ||||||
| 			--network={{ matrix_docker_network }} \ | 			--network={{ matrix_docker_network }} \ | ||||||
| 			-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \ |  | ||||||
| 			{% if matrix_synapse_container_client_api_host_bind_port %} | 			{% if matrix_synapse_container_client_api_host_bind_port %} | ||||||
| 			-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ | 			-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ | ||||||
| 			{% endif %} | 			{% endif %} | ||||||
| @@ -55,9 +54,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ | |||||||
| 			{{ matrix_synapse_docker_image }} \ | 			{{ matrix_synapse_docker_image }} \ | ||||||
| 			-m synapse.app.homeserver -c /data/homeserver.yaml | 			-m synapse.app.homeserver -c /data/homeserver.yaml | ||||||
|  |  | ||||||
| ExecStop=-/usr/bin/docker kill matrix-synapse | ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse | ||||||
| ExecStop=-/usr/bin/docker rm matrix-synapse | ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse | ||||||
| ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1 | ExecReload={{ matrix_host_command_docker }} exec matrix-synapse kill -HUP 1 | ||||||
| Restart=always | Restart=always | ||||||
| RestartSec=30 | RestartSec=30 | ||||||
| SyslogIdentifier=matrix-synapse | SyslogIdentifier=matrix-synapse | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ | |||||||
| matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] | matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] | ||||||
|  |  | ||||||
| matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" | matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" | ||||||
| matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version" | matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" | ||||||
|  |  | ||||||
| # Tells whether this role had executed or not. Toggled to `true` during runtime. | # Tells whether this role had executed or not. Toggled to `true` during runtime. | ||||||
| matrix_synapse_role_executed: false | matrix_synapse_role_executed: false | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user