From 012426cf3b9f68c68d334f20b1b440f9ffa7d489 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 15 Aug 2025 18:15:58 +0200 Subject: [PATCH] Added more matrix constants for easier debugging and readability --- roles/web-app-matrix/config/main.yml | 2 +- roles/web-app-matrix/tasks/01_docker.yml | 2 +- .../web-app-matrix/templates/docker-compose.yml.j2 | 4 ++-- .../templates/mautrix/facebook.config.yml.j2 | 10 +++++----- .../templates/mautrix/imessage.config.yml.j2 | 2 +- .../templates/mautrix/instagram.config.yml.j2 | 10 +++++----- .../templates/mautrix/signal.config.yml.j2 | 10 +++++----- .../templates/mautrix/slack.config.yml.j2 | 10 +++++----- .../templates/mautrix/telegram.config.yml.j2 | 14 +++++++------- .../templates/mautrix/whatsapp.config.yml.j2 | 10 +++++----- .../templates/synapse/homeserver.yaml.j2 | 4 ++-- roles/web-app-matrix/vars/main.yml | 3 +++ 12 files changed, 42 insertions(+), 39 deletions(-) diff --git a/roles/web-app-matrix/config/main.yml b/roles/web-app-matrix/config/main.yml index 57315953..e31c1e29 100644 --- a/roles/web-app-matrix/config/main.yml +++ b/roles/web-app-matrix/config/main.yml @@ -15,7 +15,7 @@ docker: volumes: synapse: "matrix_synapse_data" playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start -server_name: "{{ PRIMARY_DOMAIN }}" # Adress for the account names etc. +server_name: "{{ PRIMARY_DOMAIN }}" # Adress for the account names etc. setup: false # Set true in inventory file to execute the setup and initializing procedures features: matomo: false # Deactivated, because in html CSP restricts use diff --git a/roles/web-app-matrix/tasks/01_docker.yml b/roles/web-app-matrix/tasks/01_docker.yml index dcc6dc02..f868b2f0 100644 --- a/roles/web-app-matrix/tasks/01_docker.yml +++ b/roles/web-app-matrix/tasks/01_docker.yml @@ -103,7 +103,7 @@ - name: create admin account command: - cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008 + cmd: docker compose exec -it synapse register_new_matrix_user -u {{ MATRIX_ADMINISTRATOR_USERNAME }} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008 chdir: "{{ docker_compose.directories.instance }}" ignore_errors: true when: applications | get_app_conf(application_id, 'setup', True) | bool diff --git a/roles/web-app-matrix/templates/docker-compose.yml.j2 b/roles/web-app-matrix/templates/docker-compose.yml.j2 index 71b3c45d..090b357c 100644 --- a/roles/web-app-matrix/templates/docker-compose.yml.j2 +++ b/roles/web-app-matrix/templates/docker-compose.yml.j2 @@ -82,13 +82,13 @@ KEYV_BOT_ENCRYPTION: 'false' KEYV_BOT_STORAGE: 'true' MATRIX_HOMESERVER_URL: '{{ MATRIX_SYNAPSE_URL }}' - MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}' + MATRIX_BOT_USERNAME: '@chatgptbot:{{ MATRIX_SERVER_NAME }}' MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}' MATRIX_BOT_PASSWORD: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True) }}' MATRIX_DEFAULT_PREFIX: '!chatgpt' MATRIX_DEFAULT_PREFIX_REPLY: 'false' #MATRIX_BLACKLIST: '' - MATRIX_WHITELIST: ':{{applications | get_app_conf(application_id, 'server_name', True)}}' + MATRIX_WHITELIST: ':{{ MATRIX_SERVER_NAME }}' MATRIX_AUTOJOIN: 'true' MATRIX_ENCRYPTION: 'true' MATRIX_THREADS: 'true' diff --git a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 index a55823bb..7d0e5f69 100644 --- a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -143,7 +143,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_DOMAIN }} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_DOMAIN }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -154,7 +154,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }} # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, # so it might be more suspicious to Facebook. presence_from_facebook: false @@ -380,8 +380,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{applications | get_app_conf(application_id, 'server_name', True)}}": user - "@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin + "{{ MATRIX_SERVER_NAME }}": user + "@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/web-app-matrix/templates/mautrix/imessage.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/imessage.config.yml.j2 index 3ec82eb5..babc37e2 100644 --- a/roles/web-app-matrix/templates/mautrix/imessage.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/imessage.config.yml.j2 @@ -10,7 +10,7 @@ homeserver: # How often should the websocket be pinged? Pinging will be disabled if this is zero. ping_interval_seconds: 0 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. diff --git a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 index 1f0e5593..1a05e427 100644 --- a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -134,7 +134,7 @@ bridge: double_puppet_allow_discovery: false # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }} # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth # # If set, custom puppets will be enabled automatically for local users @@ -143,7 +143,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true @@ -359,8 +359,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{applications | get_app_conf(application_id, 'server_name', True)}}": user - "@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin + "{{ MATRIX_SERVER_NAME }}": user + "@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin relay: # Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any diff --git a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 index 52d51fbb..43dbf421 100644 --- a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. @@ -141,7 +141,7 @@ bridge: federate_rooms: true # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -150,7 +150,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }} # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration # Null means there's no enforced timeout. @@ -274,8 +274,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{applications | get_app_conf(application_id, 'server_name', True)}}": user - "@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin + "{{ MATRIX_SERVER_NAME }}": user + "@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin # Settings for relay mode relay: diff --git a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 index 5e59fb6d..3e77355a 100644 --- a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. @@ -118,7 +118,7 @@ bridge: # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -127,7 +127,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }} message_handling_timeout: # Send an error message after this timeout, but keep waiting for the response until the deadline. @@ -278,8 +278,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{applications | get_app_conf(application_id, 'server_name', True)}}": user - "@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin + "{{ MATRIX_SERVER_NAME }}": user + "@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin # Logging config. See https://github.com/tulir/zeroconfig for details. logging: diff --git a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 index 3338ab95..e9c9919b 100644 --- a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -62,7 +62,7 @@ appservice: prefix: /public # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://{{applications | get_app_conf(application_id, 'server_name', True)}}/public + external: {{ WEB_PROTOCOL }}://{{ MATRIX_SERVER_NAME }}/public # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). @@ -198,7 +198,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -209,7 +209,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }} # Set to false to disable link previews in messages sent to Telegram. telegram_link_preview: true # Whether or not the !tg join command should do a HTTP request @@ -530,9 +530,9 @@ bridge: # mxid - Specific user permissions: "*": "relaybot" - "public.{{applications | get_app_conf(application_id, 'server_name', True)}}": "user" - "{{applications | get_app_conf(application_id, 'server_name', True)}}": "full" - "@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": "admin" + "public.{{ MATRIX_SERVER_NAME }}": "user" + "{{ MATRIX_SERVER_NAME }}": "full" + "@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": "admin" # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 index 84edbf02..76ca20c4 100644 --- a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{applications | get_app_conf(application_id, 'server_name', True)}} + domain: {{ MATRIX_SERVER_NAME }} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. @@ -236,7 +236,7 @@ bridge: force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -245,7 +245,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}} + {{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }} # Whether to explicitly set the avatar and room name for private chat portal rooms. # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. # If set to `always`, all DM rooms will have explicit names and avatars set. @@ -434,8 +434,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{applications | get_app_conf(application_id, 'server_name', True)}}": user - "@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin + "{{ MATRIX_SERVER_NAME }}": user + "@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin # Settings for relay mode relay: diff --git a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 index 4ebde375..a9c2170c 100644 --- a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 +++ b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 @@ -1,4 +1,4 @@ -server_name: "{{applications | get_app_conf(application_id, 'server_name', True)}}" +server_name: "{{ MATRIX_SERVER_NAME }}" pid_file: /data/homeserver.pid max_upload_size: {{ client_max_body_size }} listeners: @@ -20,7 +20,7 @@ database: cp_max: 10 log_config: "{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}" media_store_path: "/data/media_store" -registration_shared_secret: "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}" +registration_shared_secret: "{{ MATRIX_REGISTRATION_SHARED_SECRET }}" report_stats: true macaroon_secret_key: "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}" form_secret: "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}" diff --git a/roles/web-app-matrix/vars/main.yml b/roles/web-app-matrix/vars/main.yml index 90506f11..92332184 100644 --- a/roles/web-app-matrix/vars/main.yml +++ b/roles/web-app-matrix/vars/main.yml @@ -10,10 +10,13 @@ client_max_body_size: "{{ applications | get_app_conf(applicatio # Matrix ## General +MATRIX_SERVER_NAME: "{{ applications | get_app_conf(application_id, 'server_name') }}" +MATRIX_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" MATRIX_WELL_KNOWN_DIRECTORY: "{{ NGINX.DIRECTORIES.DATA.WELL_KNOWN }}/matrix/" MATRIX_WELL_KNOWN_FILE: "{{ MATRIX_WELL_KNOWN_DIRECTORY }}server" MATRIX_PROJECT: "{{ application_id | get_entity_name }}" MATRIX_REGISTRATION_FILE_FOLDER: "/data/" +MATRIX_REGISTRATION_SHARED_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.registration_shared_secret') }}" ## Synapse MATRIX_SYNAPSE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version') }}"