1
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-12-12 08:43:55 +02:00

Merge pull request #1 from mattcen/mautrix-twitter

Mautrix twitter
This commit is contained in:
Shreyas Ajjarapu 2021-12-20 23:25:26 -06:00 committed by GitHub
commit 2fbddf59ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 862 additions and 78 deletions

View File

@ -1,3 +1,12 @@
# 2021-12-14
## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability
Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable.
One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md).
# 2021-11-11
## Dropped support for Postgres v9.6

View File

@ -51,6 +51,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)

View File

@ -0,0 +1,35 @@
# Setting up Mautrix Twitter (optional)
The playbook can install and configure [mautrix-twitter](https://github.com/tulir/mautrix-twitter) for you.
See the project's [documentation](https://github.com/tulir/mautrix-twitter/wiki#usage) to learn what it does and why it might be useful to you.
```yaml
matrix_mautrix_twitter_enabled: true
```
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-twitter/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
### Method 2: manually, by asking each user to provide a working access token
This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/tulir/mautrix-twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
## Usage
1. You then need to start a chat with `@twitterbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. Send login-cookie to start the login. The bot should respond with instructions on how to proceed.
You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/twitter/authentication.html).
If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

View File

@ -41,13 +41,23 @@ If you're fine with such an open Jitsi instance, please skip to [Apply changes](
If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms.
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true
matrix_jitsi_prosody_auth_internal_accounts:
- username: "jitsi-moderator"
password: "secret-password"
- username: "another-user"
password: "another-password"
```
**Caution:** Accounts added here and subsquently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
### (Optional) LDAP authentication
The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be:
@ -122,19 +132,6 @@ You may want to **limit the maximum video resolution**, to save up resources on
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
## Required if configuring Jitsi with internal authentication: register new users
Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.
Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:
```bash
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD>
```
Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
## Usage

View File

@ -102,6 +102,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
- [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional)
- [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)

View File

@ -46,6 +46,8 @@ These services are not part of our default installation, but can be enabled by [
- [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/tulir/mautrix-twitter) bridge to [Twitter](https://twitter.com/) (optional)
- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)

View File

@ -12,7 +12,8 @@ If your database name differs, be sure to change `matrix_synapse_database_databa
The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`).
Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...)
Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay).
@ -32,6 +33,7 @@ ansible-playbook -i inventory/hosts setup.yml \
## Troubleshooting
### Table Ownership
A table ownership issue can occur if you are importing from a Synapse installation which was both:
- migrated from SQLite to Postgres, and
@ -71,6 +73,8 @@ Note that if the previous import failed with an error it may have made changes w
ERROR: relation \"access_tokens\" already exists
```
### Repeat import
In this case you can use the command suggested in the import task to clear the database before retrying the import:
```Shell
@ -79,4 +83,20 @@ In this case you can use the command suggested in the import task to clear the d
# systemctl start matrix-postgres
```
Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.
Now on your local machine run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-postgres` to prepare the database roles etc.
If not, you probably get this error. `synapse` is the correct table owner, but the role is missing in database.
```
"ERROR: role synapse does not exist"
```
Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.
Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
```
/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
```
### Hints
To open psql terminal run `/usr/local/bin/matrix-postgres-cli`

View File

@ -18,6 +18,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-registration`
- `matrix-coturn`
- `matrix-corporal`
- `matrix-dimension`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-bridge-appservice-irc`

View File

@ -113,7 +113,7 @@ matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
@ -152,7 +152,7 @@ matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_pr
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}"
matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}"
@ -511,6 +511,45 @@ matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_synapse_maca
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_twitter_enabled: false
matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_twitter_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_twitter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-twitter
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-whatsapp
@ -1045,6 +1084,8 @@ matrix_coturn_container_additional_volumes: |
matrix_dimension_enabled: false
matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Dimension HTTP port to the local host.
@ -1509,6 +1550,12 @@ matrix_postgres_additional_databases: |
'password': matrix_mautrix_telegram_database_password,
}] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_twitter_database_name,
'username': matrix_mautrix_twitter_database_username,
'password': matrix_mautrix_twitter_database_password,
}] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_whatsapp_database_name,
'username': matrix_mautrix_whatsapp_database_username,

View File

@ -3,14 +3,13 @@
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.1.20"
matrix_bot_mjolnir_version: "v1.2.1"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"

View File

@ -48,7 +48,7 @@ matrix_appservice_discord_bridge_enableSelfServiceBridging: false
#
# To use Postgres:
# - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables
# - adjust your database credentials via the `matrix_appservice_discord_database_*` variables
matrix_appservice_discord_database_engine: 'sqlite'
matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db"

View File

@ -22,8 +22,6 @@ matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
matrix_appservice_webhooks_control_room_id: ''
matrix_appservice_webhooks_bot_name: 'webhookbot'
matrix_appservice_webhooks_user_prefix: '_webhook'

View File

@ -42,7 +42,7 @@ matrix_mautrix_facebook_homeserver_token: ''
# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_facebook_database_*` variables
matrix_mautrix_facebook_database_engine: 'postgres'
matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"

View File

@ -47,7 +47,7 @@ matrix_mautrix_googlechat_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_googlechat_database_*` variables
matrix_mautrix_googlechat_database_engine: 'sqlite'
matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"

View File

@ -47,7 +47,7 @@ matrix_mautrix_hangouts_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_hangouts_database_*` variables
matrix_mautrix_hangouts_database_engine: 'sqlite'
matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"

View File

@ -37,7 +37,7 @@ matrix_mautrix_instagram_homeserver_token: ''
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_instagram_database_*` variables
matrix_mautrix_instagram_database_engine: 'postgres'
matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'

View File

@ -17,7 +17,7 @@ matrix_mautrix_signal_daemon_container_self_build: false
matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"

View File

@ -15,6 +15,8 @@ homeserver:
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
@ -32,25 +34,19 @@ appservice:
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. Only Postgres is currently supported.
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: {{ matrix_mautrix_signal_database_connection_string }}
# Additional arguments for asyncpg.create_pool()
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
database_opts:
min_size: 5
max_size: 10
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: signal
# Username of the appservice bot.
@ -66,7 +62,12 @@ appservice:
# Example: "+signal:example.com". Set to false to disable.
community_id: false
# Authentication tokens for AS <-> HS communication.
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_signal_appservice_token }}"
hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
@ -75,6 +76,17 @@ metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
@ -91,6 +103,8 @@ signal:
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Bridge config
bridge:
@ -102,6 +116,7 @@ bridge:
# available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly.
displayname_template: "{displayname} (Signal)"
# Whether or not contact list displaynames should be used.
# Possible values: disallow, allow, prefer
#
# Multi-user instances are recommended to disallow contact list names, as otherwise there can
@ -140,7 +155,7 @@ bridge:
# If false, created portal rooms will never be federated.
federate_rooms: true
# End-to-bridge encryption support options. You must install the e2be optional dependency for
# this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
@ -173,12 +188,38 @@ bridge:
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Interval at which to resync contacts.
# Interval at which to resync contacts (in seconds).
periodic_sync: 0
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!signal"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Signal bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `register` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.

View File

@ -63,7 +63,7 @@ matrix_mautrix_telegram_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_telegram_database_*` variables
matrix_mautrix_telegram_database_engine: 'sqlite'
matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"

View File

@ -0,0 +1,103 @@
# mautrix-twitter is a Matrix <-> Twitter bridge
# See: https://github.com/tulir/mautrix-twitter
matrix_mautrix_twitter_enabled: true
matrix_mautrix_twitter_container_image_self_build: false
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/tulir/mautrix-twitter.git"
matrix_mautrix_twitter_version: latest
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_twitter_docker_image_force_pull: "{{ matrix_mautrix_twitter_docker_image.endswith(':latest') }}"
matrix_mautrix_twitter_base_path: "{{ matrix_base_data_path }}/mautrix-twitter"
matrix_mautrix_twitter_config_path: "{{ matrix_mautrix_twitter_base_path }}/config"
matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data"
matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src"
matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
# A list of extra arguments to pass to the container
matrix_mautrix_twitter_container_extra_arguments: []
# List of systemd services that matrix-mautrix-twitter.service depends on.
matrix_mautrix_twitter_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-twitter.service wants
matrix_mautrix_twitter_systemd_wanted_services_list: []
matrix_mautrix_twitter_appservice_token: ''
matrix_mautrix_twitter_homeserver_token: ''
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_twitter_postgres_*` variables
matrix_mautrix_twitter_database_engine: 'postgres'
matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter'
matrix_mautrix_twitter_database_password: 'some-password'
matrix_mautrix_twitter_database_hostname: 'matrix-postgres'
matrix_mautrix_twitter_database_port: 5432
matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}'
matrix_mautrix_twitter_appservice_database: "{{
{
'postgres': matrix_mautrix_twitter_database_connection_string,
}[matrix_mautrix_twitter_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_twitter_login_shared_secret: ''
matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitter_homeserver_domain: matrix_mautrix_twitter_login_shared_secret} if matrix_mautrix_twitter_login_shared_secret else {} }}"
matrix_mautrix_twitter_appservice_bot_username: twitterbot
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_twitter_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_twitter_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_twitter_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_twitter_configuration_yaml`.
matrix_mautrix_twitter_configuration_extension: "{{ matrix_mautrix_twitter_configuration_extension_yaml|from_yaml if matrix_mautrix_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_twitter_configuration_yaml`.
matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml|from_yaml|combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}"
matrix_mautrix_twitter_registration_yaml: |
id: twitter
as_token: "{{ matrix_mautrix_twitter_appservice_token }}"
hs_token: "{{ matrix_mautrix_twitter_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@twitter_.+:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_twitter_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_twitter_appservice_address }}
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_twitter_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml|from_yaml }}"

View File

@ -0,0 +1,23 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}"
when: matrix_mautrix_twitter_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mautrix-twitter-registration.yaml"] }}
when: matrix_mautrix_twitter_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Mautrix Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_twitter_container_image_self_build"

View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool"
tags:
- setup-all
- setup-mautrix-twitter
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool"
tags:
- setup-all
- setup-mautrix-twitter
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mautrix_twitter_enabled|bool"
tags:
- setup-all
- setup-mautrix-twitter

View File

@ -0,0 +1,88 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- set_fact:
matrix_mautrix_twitter_requires_restart: false
- name: Ensure Mautrix Twitter image is pulled
docker_image:
name: "{{ matrix_mautrix_twitter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}"
when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build
- name: Ensure Mautrix Twitter paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mautrix_twitter_base_path }}", when: true }
- { path: "{{ matrix_mautrix_twitter_config_path }}", when: true }
- { path: "{{ matrix_mautrix_twitter_data_path }}", when: true }
- { path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}" }
when: item.when|bool
- name: Ensure Mautrix Twitter repository is present on self-build
git:
repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
# version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_mautrix_twitter_git_pull_results
when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build"
- name: Ensure Mautrix Twitter Docker image is built
docker_image:
name: "{{ matrix_mautrix_twitter_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_twitter_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool"
- name: Ensure mautrix-twitter config.yaml installed
copy:
content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-twitter registration.yaml installed
copy:
content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-twitter.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
mode: 0644
register: matrix_mautrix_twitter_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_twitter_systemd_service_result.changed"
- name: Ensure matrix-mautrix-twitter.service restarted, if necessary
service:
name: "matrix-mautrix-twitter.service"
state: restarted
when: "matrix_mautrix_twitter_requires_restart|bool"

View File

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mautrix-twitter service
stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
register: matrix_mautrix_twitter_service_stat
- name: Ensure matrix-mautrix-twitter is stopped
service:
name: matrix-mautrix-twitter
state: stopped
daemon_reload: yes
when: "matrix_mautrix_twitter_service_stat.stat.exists"
- name: Ensure matrix-mautrix-twitter.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
state: absent
when: "matrix_mautrix_twitter_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal
service:
daemon_reload: yes
when: "matrix_mautrix_twitter_service_stat.stat.exists"

View File

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_twitter_appservice_token"
- "matrix_mautrix_twitter_homeserver_token"

View File

@ -0,0 +1,209 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_twitter_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_twitter_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
asmux: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_twitter_appservice_address }}
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29327
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. Only Postgres is currently supported.
database: {{ matrix_mautrix_twitter_appservice_database|to_json }}
# Additional arguments for asyncpg.create_pool()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
database_opts:
min_size: 5
max_size: 10
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: twitter
# Username of the appservice bot.
bot_username: {{ matrix_mautrix_twitter_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Twitter bridge bot
bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn
# Community ID for bridged users (changes registration file) and rooms.
# Must be created manually.
#
# Example: "+twitter:example.com". Set to false to disable.
community_id: false
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_twitter_appservice_token }}"
hs_token: "{{ matrix_mautrix_twitter_homeserver_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Bridge config
bridge:
# Localpart template of MXIDs for Twitter users.
# {userid} is replaced with the user ID of the Twitter user.
username_template: "twitter_{userid}"
# Displayname template for Twitter users.
# {displayname} is replaced with the display name of the Twitter user.
# {username} is replaced with the username of the Twitter user.
displayname_template: "{displayname} (Twitter)"
# Maximum length of displayname
displayname_max_length: 100
# Number of conversations to sync (and create portals for) on login.
# Set 0 to disable automatic syncing.
initial_conversation_sync: 10
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: true
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map: {}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for backfilling messages from Twitter.
#
# Missed message backfilling is currently based on receiving them from the Twitter polling API,
# rather than manually asking for messages in each conversation. Due to this, there's no way to
# set a limit for missed message backfilling.
backfill:
# Whether or not the Twitter users of logged in Matrix users should be
# invited to private chats when backfilling history from Twitter. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal.
initial_limit: 0
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: false
# End-to-bridge encryption support options. You must install the e2be optional dependency for
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Twitter.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: false
# Whether or not non-fatal polling errors should send notices to the notice room.
temporary_disconnect_notices: true
# Number of seconds to sleep more than the previous error when a polling error occurs.
# Growth is capped at 15 minutes.
error_sleep: 5
# Maximum number of polling errors before giving up. Set to -1 to retry forever.
max_poll_errors: 12
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tw"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_twitter_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_twitter.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

View File

@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Twitter bridge
{% for service in matrix_mautrix_twitter_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_twitter_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitter \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_twitter_config_path }}:/config:z \
-v {{ matrix_mautrix_twitter_data_path }}:/data:z \
{% for arg in matrix_mautrix_twitter_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_twitter_docker_image }} \
python3 -m mautrix_twitter -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-twitter
[Install]
WantedBy=multi-user.target

View File

@ -42,7 +42,7 @@ matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
#
# To use Postgres:
# - change the engine (`matrix_mautrix_whatsapp_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_whatsapp_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_whatsapp_database_*` variables
matrix_mautrix_whatsapp_database_engine: 'sqlite'
matrix_mautrix_whatsapp_sqlite_database_path_local: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"

View File

@ -27,6 +27,8 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}"
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone

View File

@ -9,17 +9,17 @@ bridge:
domain: {{ matrix_mx_puppet_discord_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }}
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
mediaUrl: {{ matrix_mx_puppet_discord_bridge_mediaUrl }}
{% if matrix_mx_puppet_discord_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }}
{% endif %}
# Display name of the bridge bot
displayname: Discord Puppet Bridge
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
#mediaUrl: https://external-url.org
presence:
# Bridge Discord online/offline status

View File

@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.9.5
matrix_client_element_version: v1.9.7
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View File

@ -10,10 +10,16 @@ matrix_dimension_admins: []
# Whether to allow Dimension widgets serve websites with invalid or self signed SSL certificates
matrix_dimension_widgets_allow_self_signed_ssl_certificates: false
matrix_dimension_container_image_self_build: false
matrix_dimension_container_image_self_build_repo: "https://github.com/turt2live/matrix-dimension.git"
matrix_dimension_container_image_self_build_branch: master
matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension"
matrix_dimension_docker_src_files_path: "{{ matrix_base_data_path }}/docker-src/dimension"
matrix_dimension_version: latest
matrix_dimension_docker_image: "{{ matrix_container_global_registry_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}"
matrix_dimension_docker_image: "{{ matrix_dimension_docker_image_name_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}"
matrix_dimension_docker_image_name_prefix: "{{ 'localhost/' if matrix_dimension_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}"
# List of systemd services that matrix-dimension.service depends on.
@ -48,7 +54,7 @@ matrix_dimension_homeserver_federationUrl: ""
#
# To use Postgres:
# - change the engine (`matrix_dimension_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_dimension_postgres_*` variables
# - adjust your database credentials via the `matrix_dimension_database_*` variables
matrix_dimension_database_engine: 'sqlite'
matrix_dimension_sqlite_database_path_local: "{{ matrix_dimension_base_path }}/dimension.db"

View File

@ -90,6 +90,29 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}"
when: "not matrix_dimension_container_image_self_build|bool"
register: matrix_dimension_pull_results
- name: Ensure dimension repository is present on self-build
git:
repo: "{{ matrix_dimension_container_image_self_build_repo }}"
dest: "{{ matrix_dimension_docker_src_files_path }}"
version: "{{ matrix_dimension_container_image_self_build_branch }}"
force: "yes"
when: "matrix_dimension_container_image_self_build|bool"
register: matrix_dimension_git_pull_results
- name: Ensure Dimension Docker image is built
docker_image:
name: "{{ matrix_dimension_docker_image }}"
source: build
force_source: "{{ matrix_dimension_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_dimension_docker_src_files_path }}"
pull: yes
when: "matrix_dimension_container_image_self_build|bool"
- name: Ensure matrix-dimension.service installed
template:

View File

@ -3,7 +3,7 @@
matrix_grafana_enabled: false
matrix_grafana_version: 8.3.0
matrix_grafana_version: 8.3.1
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

View File

@ -9,10 +9,23 @@ matrix_jitsi_enable_transcriptions: false
matrix_jitsi_enable_p2p: true
matrix_jitsi_enable_av_moderation: true
# Authentication type, must be one of internal, jwt or ldap. Currently only
# internal and ldap are supported by this playbook.
# Authentication type, must be one of internal, jwt or ldap.
# Currently only internal and ldap mechanisms are supported by this playbook.
matrix_jitsi_auth_type: internal
# A list of Jitsi (Prosody) accounts to create using the internal authentication mechanism.
#
# Accounts added here and subsquently removed will not be automatically removed
# from the Prosody server until user account cleaning is integrated into the playbook.
#
# Example:
# matrix_jitsi_prosody_auth_internal_accounts:
# - username: "jitsi-moderator"
# password: "secret-password"
# - username: "another-user"
# password: "another-password"
matrix_jitsi_prosody_auth_internal_accounts: []
# Configuration options for LDAP authentication. For details see upstream:
# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
# Defaults are taken from:
@ -54,7 +67,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-6173
matrix_jitsi_version: stable-6726
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
@ -205,7 +218,6 @@ matrix_jitsi_jicofo_component_secret: ''
matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: ''
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"

View File

@ -4,7 +4,7 @@
# Tasks related to setting up jitsi-prosody
#
- name: Ensure Matrix jitsi-prosody path exists
- name: Ensure Matrix jitsi-prosody environment exists
file:
path: "{{ item.path }}"
state: directory
@ -25,14 +25,14 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-prosody environment variables file created
- name: Ensure jitsi-prosody environment variables file is created
template:
src: "{{ role_path }}/templates/prosody/env.j2"
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
mode: 0640
when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-prosody.service installed
- name: Ensure matrix-jitsi-prosody.service file is installed
template:
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
@ -40,16 +40,24 @@
register: matrix_jitsi_prosody_systemd_service_result
when: matrix_jitsi_enabled|bool
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
- name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation
service:
daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
- name: Ensure authentication is properly configured
include_tasks:
file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
when:
- matrix_jitsi_enabled|bool
- matrix_jitsi_enable_auth|bool
#
# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
#
- name: Check existence of matrix-jitsi-prosody service
- name: Ensure matrix-jitsi-prosody.service file exists
stat:
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
register: matrix_jitsi_prosody_service_stat
@ -64,13 +72,13 @@
register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure matrix-jitsi-prosody.service doesn't exist
- name: Ensure matrix-jitsi-prosody.service file doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
- name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal
service:
daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"

View File

@ -0,0 +1,43 @@
---
#
# Start Necessary Services
#
- name: Ensure matrix-jitsi-prosody container is running
systemd:
state: started
name: matrix-jitsi-prosody
register: matrix_jitsi_prosody_start_result
#
# Tasks related to configuring Jitsi internal authentication
#
- name: Ensure Jitsi internal authentication users are configured
shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
when:
- matrix_jitsi_auth_type == "internal"
- matrix_jitsi_prosody_auth_internal_accounts|length > 0
#
# Tasks related to configuring other Jitsi authentication mechanisms
#
#
# Tasks related to cleaning after Jitsi authentication configuration
#
#
# Stop Necessary Services
#
- name: Ensure matrix-jitsi-prosody container is stopped if necessary
systemd:
state: stopped
name: matrix-jitsi-prosody
when: matrix_jitsi_prosody_start_result.changed|bool

View File

@ -3,14 +3,14 @@
- name: Fail if required Jitsi settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using Jitsi.
You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi.
If you're setting up Jitsi for the first time, you may have missed a step.
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
If you had setup Jitsi successfully before and it's just now that you're observing this failure,
it means that your installation may be using some default passwords that the playbook used to define until now.
This is not secure and we urge you to rebuild your Jitsi setup.
If you had previously setup Jitsi successfully and are only now facing this error,
it means that your installation is most likely using default passwords previously defined by the playbook.
These defaults are insecure. Jitsi should be rebuilt with secure values.
Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
when: "vars[item] == ''"
with_items:
@ -19,6 +19,20 @@
- "matrix_jitsi_jicofo_auth_password"
- "matrix_jitsi_jvb_auth_password"
- name: Fail if a Jitsi internal authentication account is not defined
fail:
msg: >-
At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication.
If you're setting up Jitsi for the first time, you may have missed a step.
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
when:
- matrix_jitsi_enable_auth|bool
- matrix_jitsi_auth_type == 'internal'
- matrix_jitsi_prosody_auth_internal_accounts|length == 0
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-

View File

@ -48,7 +48,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: false
#
# To use Postgres:
# - change the engine (`matrix_ma1sd_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_ma1sd_postgres_*` variables
# - adjust your database credentials via the `matrix_ma1sd_database_*` variables
matrix_ma1sd_database_engine: 'sqlite'
matrix_ma1sd_sqlite_database_path_local: "{{ matrix_ma1sd_data_path }}/ma1sd.db"

View File

@ -33,7 +33,7 @@ matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_pr
matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}"
matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}"
matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}"
matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}"
matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v14 }}"
# This variable is assigned at runtime. Overriding its value has no effect.
matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}'

View File

@ -38,7 +38,7 @@ matrix_registration_container_http_host_bind_port: ''
#
# To use Postgres:
# - change the engine (`matrix_registration_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_registration_postgres_*` variables
# - adjust your database credentials via the `matrix_registration_database_*` variables
matrix_registration_database_engine: 'sqlite'
matrix_registration_sqlite_database_path_local: "{{ matrix_registration_data_path }}/db.sqlite3"

View File

@ -2344,8 +2344,10 @@ email:
# Username/password for authentication to the SMTP server. By default, no
# authentication is attempted.
{% if matrix_synapse_email_smtp_user %}
smtp_user: {{ matrix_synapse_email_smtp_user|string|to_json }}
smtp_pass: {{ matrix_synapse_email_smtp_pass|string|to_json }}
{% endif %}
# Uncomment the following to require TLS transport security for SMTP.
# By default, Synapse will connect over plain text, and will then switch to

View File

@ -5,10 +5,10 @@ matrix_synapse_workers_generic_worker_endpoints:
# expressions:
# Sync requests
- ^/_matrix/client/(v2_alpha|r0)/sync$
- ^/_matrix/client/(api/v1|v2_alpha|r0)/events$
- ^/_matrix/client/(api/v1|r0)/initialSync$
- ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$
- ^/_matrix/client/(v2_alpha|r0|v3)/sync$
- ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$
- ^/_matrix/client/(api/v1|r0|v3)/initialSync$
- ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$
# Federation requests
- ^/_matrix/federation/v1/event/
@ -63,7 +63,7 @@ matrix_synapse_workers_generic_worker_endpoints:
# Registration/login requests
- ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
- ^/_matrix/client/(r0|unstable)/register$
- ^/_matrix/client/(r0|v3|unstable)/register$
- ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$
# Event sending requests

View File

@ -20,6 +20,7 @@
- matrix-bridge-appservice-irc
- matrix-bridge-beeper-linkedin
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-twitter
- matrix-bridge-mautrix-hangouts
- matrix-bridge-mautrix-googlechat
- matrix-bridge-mautrix-instagram