From a508d2a069a11eb15bafeb73e2a38505dc89275f Mon Sep 17 00:00:00 2001 From: Fabio Bonelli Date: Wed, 19 Jun 2024 13:58:10 +0200 Subject: [PATCH 1/4] Make maubot automatically create its own user. --- docs/configuring-playbook-bot-maubot.md | 10 +++++++++- group_vars/matrix_servers | 6 ++++++ roles/custom/matrix-bot-maubot/defaults/main.yml | 5 +++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index bf2b1d14b..a8c6dcb61 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -27,9 +27,17 @@ maubot administration interface. After configuring the playbook, run the [installation](installing.md) command again: ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_maubot_initial_password` in your `vars.yml` file) subsequently, + the bot user's credentials on the homeserver won't be updated automatically. + If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it. + ## Usage You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 284ed497a..f84bf4e55 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5174,6 +5174,12 @@ matrix_user_creator_users_auto: | 'initial_password': matrix_bot_buscarron_password, 'initial_type': 'bot', }] if matrix_bot_buscarron_enabled else []) + + + ([{ + 'username': matrix_bot_maubot_login, + 'initial_password': matrix_bot_maubot_initial_password, + 'initial_type': 'bot', + }] if matrix_bot_maubot_enabled else []) }} ###################################################################### diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 183ceabcb..c0b6ca519 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -5,6 +5,11 @@ matrix_bot_maubot_enabled: true +matrix_bot_maubot_login: bot.maubot +# This is just initial password and it will not manage subsequent password changes. +# Use a tool like synapse-admin if you need to change it. +matrix_bot_maubot_initial_password: "{{ lookup('password', '/dev/null', length=64 }}" + matrix_bot_maubot_scheme: https matrix_bot_maubot_hostname: '' matrix_bot_maubot_path_prefix: /_matrix/maubot From fb3745a7b28cf232d4412f003265971b44253a2e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 22 Jun 2024 14:40:35 +0300 Subject: [PATCH 2/4] Update maubot docs (explicit password, other clarification) --- docs/configuring-playbook-bot-maubot.md | 37 +++++++++---------------- 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index a8c6dcb61..d2b7dbc27 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -14,26 +14,26 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_maubot_enabled: true + +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_maubot_login: bot.maubot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_maubot_initial_password: PASSWORD_FOR_THE_BOT + matrix_bot_maubot_admins: - yourusername: securepassword ``` -You can add multiple admins. The admin accounts are not connected to any matrix ID and are only used to access the -maubot administration interface. +You can add multiple admins. The admin accounts are only used to access the maubot administration interface. ## Installing -After configuring the playbook, run the [installation](installing.md) command again: - -``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start -``` +After configuring the playbook, run the [installation](installing.md) command again (`just install-all`): **Notes**: -- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account - - if you change the bot password (`matrix_bot_maubot_initial_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it. @@ -43,24 +43,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-use You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. You should start in the following order -1. **Create one or more clients:** A client is a matrix account which the bot will use to message. +1. **Create one or more clients:** A client is a matrix account which the bot will use to message. By default, the playbook creates a `bot.maubot` account (as per the configuration above). You only need to [obtain an access token](#obtaining-an-access-token) for it 2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source. 3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use and the plugin (how the bot will behave) -To add a client you first need to create an account and obtain a valid access token. +## Obtaining an access token -## Registering the bot user +This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands, you'll first need to `exec` into the maubot container with `docker exec -it matrix-bot-maubot sh`. -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - -## Obtaining an admin access token - -This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh` -Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). +Alternatively, you can follow our generic [obtain an access token](obtaining-access-tokens.md) documentation. From 5a40e99d1148e93a9d08ade4f8f112a328f4ee4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 22 Jun 2024 14:43:04 +0300 Subject: [PATCH 3/4] Explicitly ask for matrix_bot_maubot_initial_password --- roles/custom/matrix-bot-maubot/defaults/main.yml | 3 ++- roles/custom/matrix-bot-maubot/tasks/validate_config.yml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index c0b6ca519..cef180f18 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -6,9 +6,10 @@ matrix_bot_maubot_enabled: true matrix_bot_maubot_login: bot.maubot + # This is just initial password and it will not manage subsequent password changes. # Use a tool like synapse-admin if you need to change it. -matrix_bot_maubot_initial_password: "{{ lookup('password', '/dev/null', length=64 }}" +matrix_bot_maubot_initial_password: '' matrix_bot_maubot_scheme: https matrix_bot_maubot_hostname: '' diff --git a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml index 4247c8b58..297cec952 100644 --- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml @@ -25,3 +25,4 @@ - {'name': 'matrix_bot_maubot_container_network', when: true} - {'name': 'matrix_bot_maubot_homeserver_name', when: true} - {'name': 'matrix_bot_maubot_homeserver_url', when: true} + - {'name': 'matrix_bot_maubot_initial_password', when: true} From 639a4454c048f2b4794c9731d2ca4ae7b7c6e6ba Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 22 Jun 2024 14:48:30 +0300 Subject: [PATCH 4/4] Add changelog entry for maubot user management --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b84d36230..cf92179aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +# 2024-06-22 + +## The maubot user is now managed by the playbook + +To make things easier and to be consistent with other roles, the [maubot](./docs/configuring-playbook-bot-maubot.md) user (`bot.maubot` by default) is [now](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3376) automatically created be the playbook. + +If you have an existing maubot installation, you will need to specify `matrix_bot_maubot_initial_password` in your `vars.yml` file to make the playbook not complain about it being undefined. +Since the bot is already registered in your installation, there's nothing for the playbook to do anyway. In case you don't remember the password you've registered your maubot user account with, you can specify any value for this variable. + +If you've registered another username for the bot (other than the recommended default of `bot.maubot`), consider adjusting the `matrix_bot_maubot_login` variable (e.g. `matrix_bot_maubot_login: my.maubot.username`). + + # 2024-06-03 ## WeChat bridging support