mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 09:33:25 +00:00 
			
		
		
		
	Merge remote-tracking branch 'upstream/master' into gomatrixhosting-testing
This commit is contained in:
		| @@ -1,3 +1,12 @@ | ||||
| # 2021-12-14 | ||||
|  | ||||
| ## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability | ||||
|  | ||||
| Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable. | ||||
|  | ||||
| One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md). | ||||
|  | ||||
|  | ||||
| # 2021-11-11 | ||||
|  | ||||
| ## Dropped support for Postgres v9.6 | ||||
|   | ||||
							
								
								
									
										4
									
								
								collections/requirements.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								collections/requirements.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| --- | ||||
| collections: | ||||
|   - name: community.general | ||||
|   - name: community.docker   | ||||
| @@ -41,13 +41,23 @@ If you're fine with such an open Jitsi instance, please skip to [Apply changes]( | ||||
|  | ||||
| If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms. | ||||
|  | ||||
| Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: | ||||
| Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: | ||||
|  | ||||
| ```yaml | ||||
| matrix_jitsi_enable_auth: true | ||||
| matrix_jitsi_enable_guests: true | ||||
| matrix_jitsi_prosody_auth_internal_accounts: | ||||
|   - username: "jitsi-moderator" | ||||
|     password: "secret-password" | ||||
|   - username: "another-user" | ||||
|     password: "another-password" | ||||
| ``` | ||||
|  | ||||
| **Caution:** Accounts added here and subsquently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook. | ||||
|  | ||||
| **If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation). | ||||
|  | ||||
|  | ||||
| ### (Optional) LDAP authentication | ||||
|  | ||||
| The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be: | ||||
| @@ -122,19 +132,6 @@ You may want to **limit the maximum video resolution**, to save up resources on | ||||
|  | ||||
| Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` | ||||
|  | ||||
| ## Required if configuring Jitsi with internal authentication: register new users | ||||
|  | ||||
| Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually. | ||||
| Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container: | ||||
|  | ||||
| ```bash | ||||
| docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD> | ||||
| ``` | ||||
|  | ||||
| Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host. | ||||
|  | ||||
| **If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation). | ||||
|  | ||||
|  | ||||
| ## Usage | ||||
|  | ||||
|   | ||||
| @@ -111,6 +111,9 @@ matrix_coturn_enabled: false | ||||
|  | ||||
| # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. | ||||
| matrix_nginx_proxy_trust_forwarded_proto: true | ||||
|  | ||||
| # Trust and use the other reverse proxy's `X-Forwarded-For` header. | ||||
| matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for' | ||||
| ``` | ||||
|  | ||||
| With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports. | ||||
| @@ -136,6 +139,12 @@ matrix_nginx_proxy_https_enabled: false | ||||
| matrix_nginx_proxy_container_http_host_bind_port: '' | ||||
| matrix_nginx_proxy_container_federation_host_bind_port: '' | ||||
|  | ||||
| # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. | ||||
| matrix_nginx_proxy_trust_forwarded_proto: true | ||||
|  | ||||
| # Trust and use the other reverse proxy's `X-Forwarded-For` header. | ||||
| matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for' | ||||
|  | ||||
| # Disable Coturn because it needs SSL certs | ||||
| # (Clients can, though exposing IP address, use Matrix.org TURN) | ||||
| matrix_coturn_enabled: false | ||||
|   | ||||
| @@ -13,6 +13,7 @@ If your database name differs, be sure to change `matrix_synapse_database_databa | ||||
| The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`). | ||||
|  | ||||
| Importing multiple databases (as dumped by `pg_dumpall`) is also supported.   | ||||
| But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...) | ||||
|  | ||||
| Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay). | ||||
|  | ||||
| @@ -32,6 +33,7 @@ ansible-playbook -i inventory/hosts setup.yml \ | ||||
|  | ||||
| ## Troubleshooting | ||||
|  | ||||
| ### Table Ownership | ||||
| A table ownership issue can occur if you are importing from a Synapse installation which was both: | ||||
|  | ||||
|  - migrated from SQLite to Postgres, and | ||||
| @@ -48,7 +50,7 @@ where `synapse_user` is the database username from the previous Synapse installa | ||||
| This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username: | ||||
|  | ||||
| ```Shell | ||||
| $ grep "ALTER TABLE" homeserver.sql" | ||||
| $ grep "ALTER TABLE" homeserver.sql | ||||
| ALTER TABLE public.access_tokens OWNER TO synapse_user; | ||||
| ALTER TABLE public.account_data OWNER TO synapse_user; | ||||
| ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user; | ||||
| @@ -60,10 +62,10 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user; | ||||
| It can be worked around by changing the username to `synapse`, for example by using `sed`: | ||||
|  | ||||
| ```Shell | ||||
| $ sed -i "s/synapse_user/synapse/g" homeserver.sql | ||||
| $ sed -i "s/OWNER TO synapse_user;/OWNER TO synapse;/g" homeserver.sql | ||||
| ``` | ||||
|  | ||||
| This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. | ||||
| This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse_user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. Expand search/replace statement as shown in example above, in case of old user name like `matrix` - replacing `matrix` only would... well - you can imagine. | ||||
|  | ||||
| Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as: | ||||
|  | ||||
| @@ -71,6 +73,8 @@ Note that if the previous import failed with an error it may have made changes w | ||||
| ERROR:  relation \"access_tokens\" already exists | ||||
| ``` | ||||
|  | ||||
| ### Repeat import | ||||
|  | ||||
| In this case you can use the command suggested in the import task to clear the database before retrying the import: | ||||
|  | ||||
| ```Shell | ||||
| @@ -79,4 +83,20 @@ In this case you can use the command suggested in the import task to clear the d | ||||
| # systemctl start matrix-postgres | ||||
| ``` | ||||
|  | ||||
| Now on your local machine run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-postgres` to prepare the database roles etc. | ||||
|  | ||||
| If not, you probably get this error. `synapse` is the correct table owner, but the role is missing in database. | ||||
| ``` | ||||
| "ERROR:  role synapse does not exist" | ||||
| ``` | ||||
|  | ||||
| Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.   | ||||
| Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal) | ||||
|  | ||||
| ``` | ||||
| /usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse" | ||||
| ``` | ||||
|  | ||||
| ### Hints | ||||
|  | ||||
| To open psql terminal run `/usr/local/bin/matrix-postgres-cli` | ||||
|   | ||||
| @@ -18,6 +18,7 @@ List of roles where self-building the Docker image is currently possible: | ||||
| - `matrix-registration` | ||||
| - `matrix-coturn` | ||||
| - `matrix-corporal` | ||||
| - `matrix-dimension` | ||||
| - `matrix-ma1sd` | ||||
| - `matrix-mailer` | ||||
| - `matrix-bridge-appservice-irc` | ||||
|   | ||||
| @@ -79,14 +79,14 @@ matrix_appservice_discord_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_appservice_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.as.token') | to_uuid }}" | ||||
| matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'discord.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.hs.token') | to_uuid }}" | ||||
| matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'discord.hs.token') | to_uuid }}" | ||||
|  | ||||
| # We only make this use Postgres if our own Postgres server is enabled. | ||||
| # It's only then (for now) that we can automatically create the necessary database and user for this service. | ||||
| matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_appservice_discord_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'as.discord.db') | to_uuid }}" | ||||
| matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'as.discord.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -111,12 +111,12 @@ matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture ! | ||||
| # matrix-appservice-webhooks' client-server port to the local host. | ||||
| matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}" | ||||
|  | ||||
| matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}" | ||||
| matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" | ||||
| matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}" | ||||
| matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}" | ||||
| matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}" | ||||
| matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_webhooks_systemd_required_services_list: | | ||||
|   {{ | ||||
| @@ -150,12 +150,12 @@ matrix_appservice_slack_container_self_build: "{{ matrix_architecture != 'amd64' | ||||
| # matrix-appservice-slack's client-server port to the local host. | ||||
| matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}" | ||||
|  | ||||
| matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}" | ||||
| matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" | ||||
| matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}" | ||||
| matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}" | ||||
| matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}" | ||||
| matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_slack_systemd_required_services_list: | | ||||
|   {{ | ||||
| @@ -168,7 +168,7 @@ matrix_appservice_slack_systemd_required_services_list: | | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}" | ||||
| matrix_appservice_slack_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'as.slack.db') | to_uuid }}" | ||||
| matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'as.slack.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -205,12 +205,12 @@ matrix_appservice_irc_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.as.token') | to_uuid }}" | ||||
| matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'irc.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.hs.token') | to_uuid }}" | ||||
| matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'irc.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}" | ||||
| matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'as.irc.db') | to_uuid }}" | ||||
| matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'as.irc.db') | to_uuid }}" | ||||
|  | ||||
|  | ||||
| ###################################################################### | ||||
| @@ -240,15 +240,15 @@ matrix_beeper_linkedin_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" | ||||
| matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'linked.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" | ||||
| matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'linked.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" | ||||
|  | ||||
| matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" | ||||
| matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -278,9 +278,9 @@ matrix_mautrix_facebook_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.as.token') | to_uuid }}" | ||||
| matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'fb.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| @@ -289,7 +289,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if | ||||
| # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain | ||||
| # and point them to a migration path. | ||||
| matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mautrix_facebook_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.fb.db') | to_uuid }}" | ||||
| matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.fb.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -320,9 +320,9 @@ matrix_mautrix_hangouts_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.as.token') | to_uuid }}" | ||||
| matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ho.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ho.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" | ||||
|  | ||||
| @@ -330,7 +330,7 @@ matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_pro | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mautrix_hangouts_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}" | ||||
| matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -361,9 +361,9 @@ matrix_mautrix_googlechat_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mautrix_googlechat_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'gc.as.token') | to_uuid }}" | ||||
| matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'gc.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_googlechat_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'gc.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'gc.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" | ||||
|  | ||||
| @@ -371,7 +371,7 @@ matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_p | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mautrix_googlechat_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.gc.db') | to_uuid }}" | ||||
| matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.gc.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -402,9 +402,9 @@ matrix_mautrix_instagram_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mautrix_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.as.token') | to_uuid }}" | ||||
| matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ig.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ig.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| @@ -413,7 +413,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if | ||||
| # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain | ||||
| # and point them to a migration path. | ||||
| matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mautrix_instagram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.ig.db') | to_uuid }}" | ||||
| matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.ig.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -448,14 +448,14 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}' | ||||
|  | ||||
| matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}" | ||||
|  | ||||
| matrix_mautrix_signal_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'si.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'si.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_signal_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'si.as.token') | to_uuid }}" | ||||
| matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'si.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| matrix_mautrix_signal_database_engine: 'postgres' | ||||
| matrix_mautrix_signal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.signal.db') | to_uuid }}" | ||||
| matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" | ||||
| matrix_mautrix_signal_daemon_container_self_build: "{{ matrix_architecture != 'amd64' }}" | ||||
| @@ -491,11 +491,11 @@ matrix_mautrix_telegram_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.as.token') | to_uuid }}" | ||||
| matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'telegr.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'telegr.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" | ||||
| matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'telegram') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}" | ||||
|  | ||||
| @@ -503,7 +503,7 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mautrix_telegram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.telegram.db') | to_uuid }}" | ||||
| matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mau.telegram.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -533,15 +533,15 @@ matrix_mautrix_whatsapp_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.as.token') | to_uuid }}" | ||||
| matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'whats.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.hs.token') | to_uuid }}" | ||||
| matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'whats.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mautrix_whatsapp_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}" | ||||
| matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -567,10 +567,10 @@ matrix_sms_bridge_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}" | ||||
| matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'sms.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}" | ||||
| matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}" | ||||
| matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'sms.hs.token') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -587,9 +587,9 @@ matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | pas | ||||
| # We don't enable bridges by default. | ||||
| matrix_heisenbridge_enabled: false | ||||
|  | ||||
| matrix_heisenbridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'heisen.as.tok') | to_uuid }}" | ||||
| matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'heisen.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_heisenbridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}" | ||||
| matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_heisenbridge_systemd_wanted_services_list: | | ||||
|   {{ | ||||
| @@ -626,15 +626,15 @@ matrix_mx_puppet_skype_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_skype_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'skype.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_skype_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'skype.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_skype_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'skype.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_skype_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'skype.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_skype_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}" | ||||
| matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -665,15 +665,15 @@ matrix_mx_puppet_slack_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_slack_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}" | ||||
| matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -703,9 +703,9 @@ matrix_mx_puppet_twitter_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| @@ -713,7 +713,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_twitter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}" | ||||
| matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -744,15 +744,15 @@ matrix_mx_puppet_instagram_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_instagram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}" | ||||
| matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -782,15 +782,15 @@ matrix_mx_puppet_discord_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_discord_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" | ||||
| matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -820,15 +820,15 @@ matrix_mx_puppet_steam_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxste.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_steam_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}" | ||||
| matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -858,15 +858,15 @@ matrix_mx_puppet_groupme_systemd_required_services_list: | | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_mx_puppet_groupme_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_groupme_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}" | ||||
| matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}" | ||||
|  | ||||
| matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_mx_puppet_groupme_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}" | ||||
| matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -896,7 +896,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: | | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_bot_matrix_reminder_bot_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'reminder.bot.db') | to_uuid }}" | ||||
| matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'reminder.bot.db') | to_uuid }}" | ||||
| matrix_bot_matrix_reminder_bot_container_self_build: "{{ matrix_architecture != 'amd64' }}" | ||||
|  | ||||
| ###################################################################### | ||||
| @@ -1045,6 +1045,8 @@ matrix_coturn_container_additional_volumes: | | ||||
|  | ||||
| matrix_dimension_enabled: false | ||||
|  | ||||
| matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # the Dimension HTTP port to the local host. | ||||
| @@ -1068,7 +1070,7 @@ matrix_dimension_systemd_required_services_list: | | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_dimension_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db') | to_uuid }}" | ||||
| matrix_dimension_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'dimension.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -1093,7 +1095,7 @@ matrix_etherpad_systemd_required_services_list: | | ||||
|     (['matrix-postgres.service'] if matrix_postgres_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_etherpad_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'etherpad.db') | to_uuid }}" | ||||
| matrix_etherpad_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'etherpad.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -1152,9 +1154,9 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_pro | ||||
|  | ||||
| matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}" | ||||
|  | ||||
| matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}" | ||||
| matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" | ||||
| matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}" | ||||
| matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'jibri') | to_uuid }}" | ||||
| matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'jicofo') | to_uuid }}" | ||||
| matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'jvb') | to_uuid }}" | ||||
|  | ||||
| matrix_jitsi_web_stun_servers: | | ||||
|   {{ | ||||
| @@ -1257,7 +1259,7 @@ matrix_ma1sd_systemd_wanted_services_list: | | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_ma1sd_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ma1sd.db') | to_uuid }}" | ||||
| matrix_ma1sd_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'ma1sd.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -1746,7 +1748,7 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat | ||||
| # For exposing the Synapse worker (and metrics) ports to the local host. | ||||
| matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}" | ||||
|  | ||||
| matrix_synapse_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'synapse.db') | to_uuid }}" | ||||
| matrix_synapse_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'synapse.db') | to_uuid }}" | ||||
|  | ||||
| # We do not enable TLS in Synapse by default. | ||||
| # TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse. | ||||
| @@ -1897,7 +1899,7 @@ matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exp | ||||
| ###################################################################### | ||||
|  | ||||
| matrix_prometheus_postgres_exporter_enabled: false | ||||
| matrix_prometheus_postgres_exporter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}" | ||||
| matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}" | ||||
|  | ||||
| matrix_prometheus_postgres_exporter_systemd_required_services_list: | | ||||
|   {{ | ||||
| @@ -1973,7 +1975,7 @@ matrix_registration_systemd_required_services_list: | | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_registration_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx.registr.db') | to_uuid }}" | ||||
| matrix_registration_database_password: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'mx.registr.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
|   | ||||
| @@ -118,6 +118,72 @@ matrix_client_element_e2ee_secure_backup_required: false | ||||
| # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md | ||||
| matrix_client_element_e2ee_secure_backup_setup_methods: [] | ||||
|  | ||||
| # Default `/.well-known/matrix/client` configuration - it covers the generic use case. | ||||
| # You can customize it by controlling the various variables inside the template file that it references. | ||||
| # | ||||
| # For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_client_configuration_extension_json`) | ||||
| # or completely replace this variable with your own template. | ||||
| # | ||||
| # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. | ||||
| # This is unlike what it does when looking up YAML template files (no automatic parsing there). | ||||
| matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-client.j2') }}" | ||||
|  | ||||
| # Your custom JSON configuration for `/.well-known/matrix/client` should go to `matrix_well_known_matrix_client_configuration_extension_json`. | ||||
| # This configuration extends the default starting configuration (`matrix_well_known_matrix_client_configuration_default`). | ||||
| # | ||||
| # You can override individual variables from the default configuration, or introduce new ones. | ||||
| # | ||||
| # If you need something more special, you can take full control by | ||||
| # completely redefining `matrix_well_known_matrix_client_configuration`. | ||||
| # | ||||
| # Example configuration extension follows: | ||||
| # | ||||
| # matrix_well_known_matrix_client_configuration_extension_json: | | ||||
| #   { | ||||
| #     "io.element.call_behaviour": { | ||||
| #       "widget_build_url": "https://dimension.example.com/api/v1/dimension/bigbluebutton/widget_state" | ||||
| #     } | ||||
| #   } | ||||
| matrix_well_known_matrix_client_configuration_extension_json: '{}' | ||||
|  | ||||
| matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json|from_json if matrix_well_known_matrix_client_configuration_extension_json|from_json is mapping else {} }}" | ||||
|  | ||||
| # Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension). | ||||
| # You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`. | ||||
| matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default|combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}" | ||||
|  | ||||
| # Default `/.well-known/matrix/server` configuration - it covers the generic use case. | ||||
| # You can customize it by controlling the various variables inside the template file that it references. | ||||
| # | ||||
| # For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_server_configuration_extension_json`) | ||||
| # or completely replace this variable with your own template. | ||||
| # | ||||
| # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. | ||||
| # This is unlike what it does when looking up YAML template files (no automatic parsing there). | ||||
| matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-server.j2') }}" | ||||
|  | ||||
| # Your custom JSON configuration for `/.well-known/matrix/server` should go to `matrix_well_known_matrix_server_configuration_extension_json`. | ||||
| # This configuration extends the default starting configuration (`matrix_well_known_matrix_server_configuration_default`). | ||||
| # | ||||
| # You can override individual variables from the default configuration, or introduce new ones. | ||||
| # | ||||
| # If you need something more special, you can take full control by | ||||
| # completely redefining `matrix_well_known_matrix_server_configuration`. | ||||
| # | ||||
| # Example configuration extension follows: | ||||
| # | ||||
| # matrix_well_known_matrix_server_configuration_extension_json: | | ||||
| #   { | ||||
| #     "something": "another" | ||||
| #   } | ||||
| matrix_well_known_matrix_server_configuration_extension_json: '{}' | ||||
|  | ||||
| matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json|from_json if matrix_well_known_matrix_server_configuration_extension_json|from_json is mapping else {} }}" | ||||
|  | ||||
| # Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension). | ||||
| # You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`. | ||||
| matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}" | ||||
|  | ||||
| # The Docker network that all services would be put into | ||||
| matrix_docker_network: "matrix" | ||||
|  | ||||
|   | ||||
| @@ -13,16 +13,16 @@ | ||||
|     - "{{ matrix_static_files_base_path }}/.well-known/matrix" | ||||
|  | ||||
| - name: Ensure Matrix /.well-known/matrix/client file configured | ||||
|   template: | ||||
|     src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2" | ||||
|   copy: | ||||
|     content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}" | ||||
|     dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client" | ||||
|     mode: 0644 | ||||
|     owner: "{{ matrix_user_username }}" | ||||
|     group: "{{ matrix_user_groupname }}" | ||||
|  | ||||
| - name: Ensure Matrix /.well-known/matrix/server file configured | ||||
|   template: | ||||
|     src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2" | ||||
|   copy: | ||||
|     content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}" | ||||
|     dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" | ||||
|     mode: 0644 | ||||
|     owner: "{{ matrix_user_username }}" | ||||
|   | ||||
| @@ -3,14 +3,13 @@ | ||||
|  | ||||
| matrix_bot_mjolnir_enabled: true | ||||
|  | ||||
| matrix_bot_mjolnir_version: "v1.1.20" | ||||
| matrix_bot_mjolnir_version: "v1.2.1" | ||||
|  | ||||
| matrix_bot_mjolnir_container_image_self_build: false | ||||
| matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" | ||||
|  | ||||
| matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" | ||||
| matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
|  | ||||
| matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir" | ||||
|   | ||||
| @@ -48,7 +48,7 @@ matrix_appservice_discord_bridge_enableSelfServiceBridging: false | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_appservice_discord_database_*` variables | ||||
| matrix_appservice_discord_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db" | ||||
|   | ||||
| @@ -22,8 +22,6 @@ matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks | ||||
| matrix_appservice_webhooks_public_endpoint: /appservice-webhooks | ||||
| matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}" | ||||
|  | ||||
| # Once you make a control room in Matrix, you can get its ID by typing any message and checking its source | ||||
| matrix_appservice_webhooks_control_room_id: '' | ||||
| matrix_appservice_webhooks_bot_name: 'webhookbot' | ||||
| matrix_appservice_webhooks_user_prefix: '_webhook' | ||||
|  | ||||
|   | ||||
| @@ -42,7 +42,7 @@ matrix_mautrix_facebook_homeserver_token: '' | ||||
| # - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future). | ||||
| # | ||||
| # To use Postgres: | ||||
| # - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_mautrix_facebook_database_*` variables | ||||
| matrix_mautrix_facebook_database_engine: 'postgres' | ||||
|  | ||||
| matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db" | ||||
|   | ||||
| @@ -47,7 +47,7 @@ matrix_mautrix_googlechat_homeserver_token: '' | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_mautrix_googlechat_database_*` variables | ||||
| matrix_mautrix_googlechat_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db" | ||||
|   | ||||
| @@ -47,7 +47,7 @@ matrix_mautrix_hangouts_homeserver_token: '' | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_mautrix_hangouts_database_*` variables | ||||
| matrix_mautrix_hangouts_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" | ||||
|   | ||||
| @@ -37,7 +37,7 @@ matrix_mautrix_instagram_homeserver_token: '' | ||||
| # Database-related configuration fields. | ||||
| # | ||||
| # To use Postgres: | ||||
| # - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_mautrix_instagram_database_*` variables | ||||
| matrix_mautrix_instagram_database_engine: 'postgres' | ||||
|  | ||||
| matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram' | ||||
|   | ||||
| @@ -17,7 +17,7 @@ matrix_mautrix_signal_daemon_container_self_build: false | ||||
| matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" | ||||
| matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" | ||||
|  | ||||
| matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}" | ||||
| matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}" | ||||
| matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" | ||||
|   | ||||
| @@ -15,6 +15,8 @@ homeserver: | ||||
|     # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     status_endpoint: null | ||||
|     # Endpoint for reporting per-message status. | ||||
|     message_send_checkpoint_endpoint: null | ||||
|  | ||||
| # Application service host/registration related details | ||||
| # Changing these values requires regeneration of the registration. | ||||
| @@ -32,25 +34,19 @@ appservice: | ||||
|     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s | ||||
|     max_body_size: 1 | ||||
|  | ||||
|     # The full URI to the database. Only Postgres is currently supported. | ||||
|     # The full URI to the database. SQLite and Postgres are supported. | ||||
|     # Format examples: | ||||
|     #   SQLite:   sqlite:///filename.db | ||||
|     #   Postgres: postgres://username:password@hostname/dbname | ||||
|     database: {{ matrix_mautrix_signal_database_connection_string }} | ||||
|     # Additional arguments for asyncpg.create_pool() | ||||
|     # Additional arguments for asyncpg.create_pool() or sqlite3.connect() | ||||
|     # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool | ||||
|     # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect | ||||
|     # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. | ||||
|     database_opts: | ||||
|         min_size: 5 | ||||
|         max_size: 10 | ||||
|  | ||||
|     # Provisioning API part of the web server for automated portal creation and fetching information. | ||||
|     # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). | ||||
|     provisioning: | ||||
|         # Whether or not the provisioning API should be enabled. | ||||
|         enabled: true | ||||
|         # The prefix to use in the provisioning API endpoints. | ||||
|         prefix: /_matrix/provision/v1 | ||||
|         # The shared secret to authorize users of the API. | ||||
|         # Set to "generate" to generate and save a new token. | ||||
|         shared_secret: generate | ||||
|  | ||||
|     # The unique ID of this appservice. | ||||
|     id: signal | ||||
|     # Username of the appservice bot. | ||||
| @@ -66,7 +62,12 @@ appservice: | ||||
|     # Example: "+signal:example.com". Set to false to disable. | ||||
|     community_id: false | ||||
|  | ||||
|     # Authentication tokens for AS <-> HS communication. | ||||
|     # Whether or not to receive ephemeral events via appservice transactions. | ||||
|     # Requires MSC2409 support (i.e. Synapse 1.22+). | ||||
|     # You should disable bridge -> sync_with_custom_puppets when this is enabled. | ||||
|     ephemeral_events: false | ||||
|  | ||||
|     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. | ||||
|     as_token: "{{ matrix_mautrix_signal_appservice_token }}" | ||||
|     hs_token: "{{ matrix_mautrix_signal_homeserver_token }}" | ||||
|  | ||||
| @@ -75,6 +76,17 @@ metrics: | ||||
|     enabled: false | ||||
|     listen_port: 8000 | ||||
|  | ||||
| # Manhole config. | ||||
| manhole: | ||||
|     # Whether or not opening the manhole is allowed. | ||||
|     enabled: false | ||||
|     # The path for the unix socket. | ||||
|     path: /var/tmp/mautrix-signal.manhole | ||||
|     # The list of UIDs who can be added to the whitelist. | ||||
|     # If empty, any UIDs can be specified in the open-manhole command. | ||||
|     whitelist: | ||||
|     - 0 | ||||
|  | ||||
| signal: | ||||
|     # Path to signald unix socket | ||||
|     socket_path: /signald/signald.sock | ||||
| @@ -91,6 +103,8 @@ signal: | ||||
|     delete_unknown_accounts_on_start: false | ||||
|     # Whether or not message attachments should be removed from disk after they're bridged. | ||||
|     remove_file_after_handling: true | ||||
|     # Whether or not users can register a primary device | ||||
|     registration_enabled: true | ||||
|  | ||||
| # Bridge config | ||||
| bridge: | ||||
| @@ -102,6 +116,7 @@ bridge: | ||||
|     # available variable in displayname_preference. The variables in displayname_preference | ||||
|     # can also be used here directly. | ||||
|     displayname_template: "{displayname} (Signal)" | ||||
|     # Whether or not contact list displaynames should be used. | ||||
|     # Possible values: disallow, allow, prefer | ||||
|     # | ||||
|     # Multi-user instances are recommended to disallow contact list names, as otherwise there can | ||||
| @@ -140,7 +155,7 @@ bridge: | ||||
|     # If false, created portal rooms will never be federated. | ||||
|     federate_rooms: true | ||||
|     # End-to-bridge encryption support options. You must install the e2be optional dependency for | ||||
|     # this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html | ||||
|     # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption | ||||
|     encryption: | ||||
|         # Allow encryption, work in group chat rooms with e2ee enabled | ||||
|         allow: false | ||||
| @@ -173,12 +188,38 @@ bridge: | ||||
|     # This field will automatically be changed back to false after it, | ||||
|     # except if the config file is not writable. | ||||
|     resend_bridge_info: false | ||||
|     # Interval at which to resync contacts. | ||||
|     # Interval at which to resync contacts (in seconds). | ||||
|     periodic_sync: 0 | ||||
|  | ||||
|     # Provisioning API part of the web server for automated portal creation and fetching information. | ||||
|     # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). | ||||
|     provisioning: | ||||
|         # Whether or not the provisioning API should be enabled. | ||||
|         enabled: true | ||||
|         # The prefix to use in the provisioning API endpoints. | ||||
|         prefix: /_matrix/provision/v1 | ||||
|         # The shared secret to authorize users of the API. | ||||
|         # Set to "generate" to generate and save a new token. | ||||
|         shared_secret: generate | ||||
|  | ||||
|     # The prefix for commands. Only required in non-management rooms. | ||||
|     command_prefix: "!signal" | ||||
|  | ||||
|     # Messages sent upon joining a management room. | ||||
|     # Markdown is supported. The defaults are listed below. | ||||
|     management_room_text: | ||||
|         # Sent when joining a room. | ||||
|         welcome: "Hello, I'm a Signal bridge bot." | ||||
|         # Sent when joining a management room and the user is already logged in. | ||||
|         welcome_connected: "Use `help` for help." | ||||
|         # Sent when joining a management room and the user is not logged in. | ||||
|         welcome_unconnected: "Use `help` for help or `register` to log in." | ||||
|         # Optional extra text sent when joining a management room. | ||||
|         additional_help: "" | ||||
|  | ||||
|     # Send each message separately (for readability in some clients) | ||||
|     management_room_multiple_messages: false | ||||
|  | ||||
|     # Permissions for using the bridge. | ||||
|     # Permitted values: | ||||
|     #      relay - Allowed to be relayed through the bridge, no access to commands. | ||||
|   | ||||
| @@ -13,7 +13,7 @@ matrix_mautrix_telegram_container_self_build: false | ||||
| matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" | ||||
| matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" | ||||
|  | ||||
| matrix_mautrix_telegram_version: v0.10.1 | ||||
| matrix_mautrix_telegram_version: v0.10.2 | ||||
| # See: https://mau.dev/mautrix/telegram/container_registry | ||||
| matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" | ||||
| matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" | ||||
| @@ -63,7 +63,7 @@ matrix_mautrix_telegram_homeserver_token: '' | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_mautrix_telegram_database_*` variables | ||||
| matrix_mautrix_telegram_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db" | ||||
|   | ||||
| @@ -42,7 +42,7 @@ matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_mautrix_whatsapp_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_mautrix_whatsapp_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_mautrix_whatsapp_database_*` variables | ||||
| matrix_mautrix_whatsapp_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_mautrix_whatsapp_sqlite_database_path_local: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" | ||||
|   | ||||
| @@ -27,6 +27,8 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url | ||||
| matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' | ||||
|  | ||||
| matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}" | ||||
|  | ||||
| # "@user:server.com" to allow specific user | ||||
| # "@.*:yourserver.com" to allow users on a specific homeserver | ||||
| # "@.*" to allow anyone | ||||
|   | ||||
| @@ -9,17 +9,17 @@ bridge: | ||||
|   domain: {{ matrix_mx_puppet_discord_homeserver_domain }} | ||||
|   # Reachable URL of the Matrix homeserver | ||||
|   homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }} | ||||
|   # Optionally specify a different media URL used for the media store | ||||
|   # | ||||
|   # This is where Discord will download user profile pictures and media | ||||
|   # from | ||||
|   mediaUrl: {{ matrix_mx_puppet_discord_bridge_mediaUrl }} | ||||
|   {% if matrix_mx_puppet_discord_login_shared_secret != '' %} | ||||
|   loginSharedSecretMap: | ||||
|     {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }} | ||||
|   {% endif %} | ||||
|   # Display name of the bridge bot | ||||
|   displayname: Discord Puppet Bridge | ||||
|   # Optionally specify a different media URL used for the media store | ||||
|   # | ||||
|   # This is where Discord will download user profile pictures and media | ||||
|   # from | ||||
|   #mediaUrl: https://external-url.org | ||||
|  | ||||
| presence: | ||||
|   # Bridge Discord online/offline status | ||||
|   | ||||
| @@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto | ||||
| # - https://github.com/vector-im/element-web/issues/19544 | ||||
| matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" | ||||
|  | ||||
| matrix_client_element_version: v1.9.5 | ||||
| matrix_client_element_version: v1.9.7 | ||||
| matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" | ||||
| matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] | ||||
| # List of systemd services that matrix-corporal.service depends on | ||||
| matrix_corporal_systemd_required_services_list: ['docker.service'] | ||||
|  | ||||
| matrix_corporal_version: 2.2.1 | ||||
| matrix_corporal_version: 2.2.2 | ||||
| matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" | ||||
| matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility | ||||
|   | ||||
| @@ -10,10 +10,16 @@ matrix_dimension_admins: [] | ||||
| # Whether to allow Dimension widgets serve websites with invalid or self signed SSL certificates | ||||
| matrix_dimension_widgets_allow_self_signed_ssl_certificates: false | ||||
|  | ||||
| matrix_dimension_container_image_self_build: false | ||||
| matrix_dimension_container_image_self_build_repo: "https://github.com/turt2live/matrix-dimension.git" | ||||
| matrix_dimension_container_image_self_build_branch: master | ||||
|  | ||||
| matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension" | ||||
| matrix_dimension_docker_src_files_path: "{{ matrix_base_data_path }}/docker-src/dimension" | ||||
|  | ||||
| matrix_dimension_version: latest | ||||
| matrix_dimension_docker_image: "{{ matrix_container_global_registry_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}" | ||||
| matrix_dimension_docker_image: "{{ matrix_dimension_docker_image_name_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}" | ||||
| matrix_dimension_docker_image_name_prefix: "{{ 'localhost/' if matrix_dimension_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| # List of systemd services that matrix-dimension.service depends on. | ||||
| @@ -48,7 +54,7 @@ matrix_dimension_homeserver_federationUrl: "" | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_dimension_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_dimension_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_dimension_database_*` variables | ||||
| matrix_dimension_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_dimension_sqlite_database_path_local: "{{ matrix_dimension_base_path }}/dimension.db" | ||||
|   | ||||
| @@ -90,6 +90,29 @@ | ||||
|     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||||
|     force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" | ||||
|   when: "not matrix_dimension_container_image_self_build|bool" | ||||
|   register: matrix_dimension_pull_results | ||||
|  | ||||
| - name: Ensure dimension repository is present on self-build | ||||
|   git: | ||||
|     repo: "{{ matrix_dimension_container_image_self_build_repo }}" | ||||
|     dest: "{{ matrix_dimension_docker_src_files_path }}" | ||||
|     version: "{{ matrix_dimension_container_image_self_build_branch }}" | ||||
|     force: "yes" | ||||
|   when: "matrix_dimension_container_image_self_build|bool" | ||||
|   register: matrix_dimension_git_pull_results | ||||
|  | ||||
| - name: Ensure Dimension Docker image is built | ||||
|   docker_image: | ||||
|     name: "{{ matrix_dimension_docker_image }}" | ||||
|     source: build | ||||
|     force_source: "{{ matrix_dimension_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_git_pull_results.changed }}" | ||||
|     build: | ||||
|       dockerfile: Dockerfile | ||||
|       path: "{{ matrix_dimension_docker_src_files_path }}" | ||||
|       pull: yes | ||||
|   when: "matrix_dimension_container_image_self_build|bool" | ||||
|  | ||||
| - name: Ensure matrix-dimension.service installed | ||||
|   template: | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_grafana_enabled: false | ||||
|  | ||||
| matrix_grafana_version: 8.2.2 | ||||
| matrix_grafana_version: 8.3.1 | ||||
| matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" | ||||
| matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -9,10 +9,23 @@ matrix_jitsi_enable_transcriptions: false | ||||
| matrix_jitsi_enable_p2p: true | ||||
| matrix_jitsi_enable_av_moderation: true | ||||
|  | ||||
| # Authentication type, must be one of internal, jwt or ldap. Currently only | ||||
| # internal and ldap are supported by this playbook. | ||||
| # Authentication type, must be one of internal, jwt or ldap. | ||||
| # Currently only internal and ldap mechanisms are supported by this playbook. | ||||
| matrix_jitsi_auth_type: internal | ||||
|  | ||||
| # A list of Jitsi (Prosody) accounts to create using the internal authentication mechanism. | ||||
| # | ||||
| # Accounts added here and subsquently removed will not be automatically removed | ||||
| # from the Prosody server until user account cleaning is integrated into the playbook. | ||||
| # | ||||
| # Example: | ||||
| # matrix_jitsi_prosody_auth_internal_accounts: | ||||
| #  - username: "jitsi-moderator" | ||||
| #    password: "secret-password" | ||||
| #  - username: "another-user" | ||||
| #    password: "another-password" | ||||
| matrix_jitsi_prosody_auth_internal_accounts: [] | ||||
|  | ||||
| # Configuration options for LDAP authentication. For details see upstream: | ||||
| #   https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap. | ||||
| # Defaults are taken from: | ||||
| @@ -54,7 +67,7 @@ matrix_jitsi_jibri_recorder_password: '' | ||||
|  | ||||
| matrix_jitsi_enable_lobby: false | ||||
|  | ||||
| matrix_jitsi_version: stable-6173 | ||||
| matrix_jitsi_version: stable-6726 | ||||
| matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility | ||||
|  | ||||
| matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" | ||||
| @@ -205,7 +218,6 @@ matrix_jitsi_jicofo_component_secret: '' | ||||
| matrix_jitsi_jicofo_auth_user: focus | ||||
| matrix_jitsi_jicofo_auth_password: '' | ||||
|  | ||||
|  | ||||
| matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" | ||||
| matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -4,7 +4,7 @@ | ||||
| # Tasks related to setting up jitsi-prosody | ||||
| # | ||||
|  | ||||
| - name: Ensure Matrix jitsi-prosody path exists | ||||
| - name: Ensure Matrix jitsi-prosody environment exists | ||||
|   file: | ||||
|     path: "{{ item.path }}" | ||||
|     state: directory | ||||
| @@ -25,14 +25,14 @@ | ||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" | ||||
|   when: matrix_jitsi_enabled|bool | ||||
|  | ||||
| - name: Ensure jitsi-prosody environment variables file created | ||||
| - name: Ensure jitsi-prosody environment variables file is created | ||||
|   template: | ||||
|     src: "{{ role_path }}/templates/prosody/env.j2" | ||||
|     dest: "{{ matrix_jitsi_prosody_base_path }}/env" | ||||
|     mode: 0640 | ||||
|   when: matrix_jitsi_enabled|bool | ||||
|  | ||||
| - name: Ensure matrix-jitsi-prosody.service installed | ||||
| - name: Ensure matrix-jitsi-prosody.service file is installed | ||||
|   template: | ||||
|     src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" | ||||
|     dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" | ||||
| @@ -40,16 +40,24 @@ | ||||
|   register: matrix_jitsi_prosody_systemd_service_result | ||||
|   when: matrix_jitsi_enabled|bool | ||||
|  | ||||
| - name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation | ||||
| - name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation | ||||
|   service: | ||||
|     daemon_reload: yes | ||||
|   when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" | ||||
|  | ||||
| - name: Ensure authentication is properly configured | ||||
|   include_tasks: | ||||
|     file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" | ||||
|   when: | ||||
|     - matrix_jitsi_enabled|bool | ||||
|     - matrix_jitsi_enable_auth|bool | ||||
|  | ||||
|  | ||||
| # | ||||
| # Tasks related to getting rid of jitsi-prosody (if it was previously enabled) | ||||
| # | ||||
|  | ||||
| - name: Check existence of matrix-jitsi-prosody service | ||||
| - name: Ensure matrix-jitsi-prosody.service file exists | ||||
|   stat: | ||||
|     path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" | ||||
|   register: matrix_jitsi_prosody_service_stat | ||||
| @@ -64,13 +72,13 @@ | ||||
|   register: stopping_result | ||||
|   when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" | ||||
|  | ||||
| - name: Ensure matrix-jitsi-prosody.service doesn't exist | ||||
| - name: Ensure matrix-jitsi-prosody.service file doesn't exist | ||||
|   file: | ||||
|     path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" | ||||
|     state: absent | ||||
|   when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" | ||||
|  | ||||
| - name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal | ||||
| - name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal | ||||
|   service: | ||||
|     daemon_reload: yes | ||||
|   when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" | ||||
|   | ||||
							
								
								
									
										43
									
								
								roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| --- | ||||
| # | ||||
| # Start Necessary Services | ||||
| # | ||||
|  | ||||
| - name: Ensure matrix-jitsi-prosody container is running | ||||
|   systemd: | ||||
|     state: started | ||||
|     name: matrix-jitsi-prosody | ||||
|   register: matrix_jitsi_prosody_start_result | ||||
|  | ||||
|  | ||||
| # | ||||
| # Tasks related to configuring Jitsi internal authentication | ||||
| # | ||||
|  | ||||
| - name: Ensure Jitsi internal authentication users are configured | ||||
|   shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" | ||||
|   with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}" | ||||
|   when: | ||||
|     - matrix_jitsi_auth_type == "internal" | ||||
|     - matrix_jitsi_prosody_auth_internal_accounts|length > 0 | ||||
|  | ||||
|  | ||||
| # | ||||
| # Tasks related to configuring other Jitsi authentication mechanisms | ||||
| # | ||||
|  | ||||
|  | ||||
|  | ||||
| # | ||||
| # Tasks related to cleaning after Jitsi authentication configuration | ||||
| # | ||||
|  | ||||
|  | ||||
| # | ||||
| # Stop Necessary Services | ||||
| # | ||||
| - name: Ensure matrix-jitsi-prosody container is stopped if necessary | ||||
|   systemd: | ||||
|     state: stopped | ||||
|     name: matrix-jitsi-prosody | ||||
|   when: matrix_jitsi_prosody_start_result.changed|bool | ||||
| @@ -3,14 +3,14 @@ | ||||
| - name: Fail if required Jitsi settings not defined | ||||
|   fail: | ||||
|     msg: >- | ||||
|       You need to define a required configuration setting (`{{ item }}`) for using Jitsi. | ||||
|       You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi. | ||||
|  | ||||
|       If you're setting up Jitsi for the first time, you may have missed a step. | ||||
|       Refer to our setup instructions (docs/configuring-playbook-jitsi.md). | ||||
|  | ||||
|       If you had setup Jitsi successfully before and it's just now that you're observing this failure, | ||||
|       it means that your installation may be using some default passwords that the playbook used to define until now. | ||||
|       This is not secure and we urge you to rebuild your Jitsi setup. | ||||
|       If you had previously setup Jitsi successfully and are only now facing this error, | ||||
|       it means that your installation is most likely using default passwords previously defined by the playbook. | ||||
|       These defaults are insecure. Jitsi should be rebuilt with secure values. | ||||
|       Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md). | ||||
|   when: "vars[item] == ''" | ||||
|   with_items: | ||||
| @@ -19,6 +19,20 @@ | ||||
|     - "matrix_jitsi_jicofo_auth_password" | ||||
|     - "matrix_jitsi_jvb_auth_password" | ||||
|  | ||||
|  | ||||
| - name: Fail if a Jitsi internal authentication account is not defined | ||||
|   fail: | ||||
|     msg: >- | ||||
|       At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication. | ||||
|        | ||||
|       If you're setting up Jitsi for the first time, you may have missed a step. | ||||
|       Refer to our setup instructions (docs/configuring-playbook-jitsi.md). | ||||
|   when: | ||||
|     - matrix_jitsi_enable_auth|bool | ||||
|     - matrix_jitsi_auth_type == 'internal' | ||||
|     - matrix_jitsi_prosody_auth_internal_accounts|length == 0 | ||||
|  | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed settings | ||||
|   fail: | ||||
|     msg: >- | ||||
|   | ||||
| @@ -48,7 +48,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: false | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_ma1sd_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_ma1sd_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_ma1sd_database_*` variables | ||||
| matrix_ma1sd_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_ma1sd_sqlite_database_path_local: "{{ matrix_ma1sd_data_path }}/ma1sd.db" | ||||
|   | ||||
| @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev | ||||
| matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" | ||||
| matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" | ||||
|  | ||||
| matrix_mailer_version: 4.94.2-r0-5 | ||||
| matrix_mailer_version: 4.95-r0 | ||||
| matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" | ||||
| matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -382,6 +382,11 @@ matrix_nginx_proxy_ssl_prefer_server_ciphers: "{{ matrix_nginx_proxy_ssl_presets | ||||
| # To see the full list for suportes ciphers run `openssl ciphers` on your server | ||||
| matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}" | ||||
|  | ||||
| # Specifies what to use for the X-Forwarded-For variable. | ||||
| # If you're fronting the nginx reverse-proxy with additional reverse-proxy servers, | ||||
| # you may wish to set this to '$proxy_add_x_forwarded_for' instead. | ||||
| matrix_nginx_proxy_x_forwarded_for: '$remote_addr' | ||||
|  | ||||
| # Controls whether the self-check feature should validate SSL certificates. | ||||
| matrix_nginx_proxy_self_check_validate_certificates: true | ||||
|  | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
| {% endmacro %} | ||||
|  | ||||
|   | ||||
| @@ -35,7 +35,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
| {% endmacro %} | ||||
|  | ||||
|   | ||||
| @@ -33,7 +33,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
| {% endmacro %} | ||||
|  | ||||
|   | ||||
| @@ -30,7 +30,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
| {% endmacro %} | ||||
|  | ||||
|   | ||||
| @@ -58,7 +58,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
| 	} | ||||
| 	{% endif %} | ||||
| @@ -76,7 +76,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
| 	} | ||||
| 	{% endif %} | ||||
| @@ -94,7 +94,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
| 	{% endif %} | ||||
|  | ||||
| @@ -111,7 +111,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
| 	} | ||||
| 	{% endif %} | ||||
| @@ -136,7 +136,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
|  | ||||
| 		client_body_buffer_size 25M; | ||||
| @@ -284,7 +284,7 @@ server { | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
|  | ||||
| 		client_body_buffer_size 25M; | ||||
|   | ||||
| @@ -37,7 +37,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
| {% endmacro %} | ||||
|  | ||||
|   | ||||
| @@ -30,7 +30,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 	} | ||||
|  | ||||
| 	# colibri (JVB) websockets | ||||
| @@ -45,7 +45,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header Upgrade $http_upgrade; | ||||
| 		proxy_set_header Connection "upgrade"; | ||||
|  | ||||
| @@ -70,7 +70,7 @@ | ||||
| 		proxy_read_timeout 900s; | ||||
| 		proxy_set_header Connection "upgrade"; | ||||
| 		proxy_set_header Upgrade $http_upgrade; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
| 		tcp_nodelay on; | ||||
| 	} | ||||
|   | ||||
| @@ -28,7 +28,7 @@ | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
| 		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; | ||||
| 		proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; | ||||
| 	} | ||||
| {% endmacro %} | ||||
|   | ||||
| @@ -33,7 +33,7 @@ matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_pr | ||||
| matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}" | ||||
| matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}" | ||||
| matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}" | ||||
| matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}" | ||||
| matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v14 }}" | ||||
|  | ||||
| # This variable is assigned at runtime. Overriding its value has no effect. | ||||
| matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_prometheus_enabled: false | ||||
|  | ||||
| matrix_prometheus_version: v2.30.3 | ||||
| matrix_prometheus_version: v2.31.1 | ||||
| matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" | ||||
| matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -5,7 +5,7 @@ matrix_redis_connection_password: "" | ||||
| matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" | ||||
| matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" | ||||
|  | ||||
| matrix_redis_version: 6.2.4-alpine | ||||
| matrix_redis_version: 6.2.6-alpine | ||||
| matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}" | ||||
| matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" | ||||
| matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' | ||||
|   | ||||
| @@ -38,7 +38,7 @@ matrix_registration_container_http_host_bind_port: '' | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_registration_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_registration_postgres_*` variables | ||||
| # - adjust your database credentials via the `matrix_registration_database_*` variables | ||||
| matrix_registration_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_registration_sqlite_database_path_local: "{{ matrix_registration_data_path }}/db.sqlite3" | ||||
|   | ||||
| @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont | ||||
| # amd64 gets released first. | ||||
| # arm32 relies on self-building, so the same version can be built immediately. | ||||
| # arm64 users need to wait for a prebuilt image to become available. | ||||
| matrix_synapse_version: v1.47.1 | ||||
| matrix_synapse_version_arm64: v1.47.1 | ||||
| matrix_synapse_version: v1.49.0 | ||||
| matrix_synapse_version_arm64: v1.49.0 | ||||
| matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" | ||||
| matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -667,8 +667,8 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }} | ||||
| # | ||||
| #federation_certificate_verification_whitelist: | ||||
| #  - lon.example.com | ||||
| #  - *.domain.com | ||||
| #  - *.onion | ||||
| #  - "*.domain.com" | ||||
| #  - "*.onion" | ||||
|  | ||||
| # List of custom certificate authorities for federation traffic. | ||||
| # | ||||
| @@ -1227,6 +1227,46 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} | ||||
| # | ||||
| #session_lifetime: 24h | ||||
|  | ||||
| # Time that an access token remains valid for, if the session is | ||||
| # using refresh tokens. | ||||
| # For more information about refresh tokens, please see the manual. | ||||
| # Note that this only applies to clients which advertise support for | ||||
| # refresh tokens. | ||||
| # | ||||
| # Note also that this is calculated at login time and refresh time: | ||||
| # changes are not applied to existing sessions until they are refreshed. | ||||
| # | ||||
| # By default, this is 5 minutes. | ||||
| # | ||||
| #refreshable_access_token_lifetime: 5m | ||||
|  | ||||
| # Time that a refresh token remains valid for (provided that it is not | ||||
| # exchanged for another one first). | ||||
| # This option can be used to automatically log-out inactive sessions. | ||||
| # Please see the manual for more information. | ||||
| # | ||||
| # Note also that this is calculated at login time and refresh time: | ||||
| # changes are not applied to existing sessions until they are refreshed. | ||||
| # | ||||
| # By default, this is infinite. | ||||
| # | ||||
| #refresh_token_lifetime: 24h | ||||
|  | ||||
| # Time that an access token remains valid for, if the session is NOT | ||||
| # using refresh tokens. | ||||
| # Please note that not all clients support refresh tokens, so setting | ||||
| # this to a short value may be inconvenient for some users who will | ||||
| # then be logged out frequently. | ||||
| # | ||||
| # Note also that this is calculated at login time: changes are not applied | ||||
| # retrospectively to existing sessions for users that have already logged in. | ||||
| # | ||||
| # By default, this is infinite. | ||||
| # | ||||
| #nonrefreshable_access_token_lifetime: 24h | ||||
|  | ||||
| # The user must provide all of the below types of 3PID when registering. | ||||
|  | ||||
| # The user must provide all of the below types of 3PID when registering. | ||||
| # | ||||
| #registrations_require_3pid: | ||||
| @@ -2229,6 +2269,12 @@ sso: | ||||
|     # | ||||
|     #algorithm: "provided-by-your-issuer" | ||||
|  | ||||
|     # Name of the claim containing a unique identifier for the user. | ||||
|     # | ||||
|     # Optional, defaults to `sub`. | ||||
|     # | ||||
|     #subject_claim: "sub" | ||||
|  | ||||
|     # The issuer to validate the "iss" claim against. | ||||
|     # | ||||
|     # Optional, if provided the "iss" claim will be required and | ||||
| @@ -2338,8 +2384,10 @@ email: | ||||
|  | ||||
|   # Username/password for authentication to the SMTP server. By default, no | ||||
|   # authentication is attempted. | ||||
|   {% if matrix_synapse_email_smtp_user %} | ||||
|   smtp_user: {{ matrix_synapse_email_smtp_user|string|to_json }} | ||||
|   smtp_pass: {{ matrix_synapse_email_smtp_pass|string|to_json }} | ||||
|   {% endif %} | ||||
|  | ||||
|   # Uncomment the following to require TLS transport security for SMTP. | ||||
|   # By default, Synapse will connect over plain text, and will then switch to | ||||
| @@ -2637,8 +2685,8 @@ user_directory: | ||||
|     # indexes were (re)built was before Synapse 1.44, you'll have to | ||||
|     # rebuild the indexes in order to search through all known users. | ||||
|     # These indexes are built the first time Synapse starts; admins can | ||||
|     # manually trigger a rebuild following the instructions at | ||||
|     #     https://matrix-org.github.io/synapse/latest/user_directory.html | ||||
|     # manually trigger a rebuild via API following the instructions at | ||||
|     #     https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run | ||||
|     # | ||||
|     # Uncomment to return search results containing all known users, even if that | ||||
|     # user does not share a room with the requester. | ||||
|   | ||||
| @@ -33,7 +33,7 @@ matrix_synapse_workers_generic_worker_endpoints: | ||||
|   - ^/_matrix/federation/v1/get_groups_publicised$ | ||||
|   - ^/_matrix/key/v2/query | ||||
|   - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/ | ||||
|   - ^/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/ | ||||
|   - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ | ||||
|  | ||||
|   # Inbound federation transaction request | ||||
|   - ^/_matrix/federation/v1/send/ | ||||
| @@ -46,7 +46,7 @@ matrix_synapse_workers_generic_worker_endpoints: | ||||
|   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ | ||||
|   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ | ||||
|   - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ | ||||
|   - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$ | ||||
|   - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ | ||||
|   - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ | ||||
|   - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ | ||||
|   - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user