kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-17 17:26:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added more matrix constants for easier debugging and readability

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-15 18:15:58 +02:00
parent 6c966bce2e
commit 012426cf3b
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
12 changed files with 42 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/web-app-matrix/config/main.yml
View File

@ -15,7 +15,7 @@ docker:
volumes:
synapse: "matrix_synapse_data"
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
server_name: "{{ PRIMARY_DOMAIN }}" # Adress for the account names etc.
server_name: "{{ PRIMARY_DOMAIN }}" # Adress for the account names etc.
setup: false # Set true in inventory file to execute the setup and initializing procedures
features:
matomo: false # Deactivated, because in html CSP restricts use

2
roles/web-app-matrix/tasks/01_docker.yml
View File

@ -103,7 +103,7 @@
- name: create admin account
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u {{ MATRIX_ADMINISTRATOR_USERNAME }} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications | get_app_conf(application_id, 'setup', True) | bool

4
roles/web-app-matrix/templates/docker-compose.yml.j2
View File

@ -82,13 +82,13 @@
KEYV_BOT_ENCRYPTION: 'false'
KEYV_BOT_STORAGE: 'true'
MATRIX_HOMESERVER_URL: '{{ MATRIX_SYNAPSE_URL }}'
MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
MATRIX_BOT_USERNAME: '@chatgptbot:{{ MATRIX_SERVER_NAME }}'
MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
MATRIX_BOT_PASSWORD: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True) }}'
MATRIX_DEFAULT_PREFIX: '!chatgpt'
MATRIX_DEFAULT_PREFIX_REPLY: 'false'
#MATRIX_BLACKLIST: ''
MATRIX_WHITELIST: ':{{applications | get_app_conf(application_id, 'server_name', True)}}'
MATRIX_WHITELIST: ':{{ MATRIX_SERVER_NAME }}'
MATRIX_AUTOJOIN: 'true'
MATRIX_ENCRYPTION: 'true'
MATRIX_THREADS: 'true'

10
roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -143,7 +143,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_DOMAIN }}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_DOMAIN }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -154,7 +154,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }}
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: false
@ -380,8 +380,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
"{{ MATRIX_SERVER_NAME }}": user
"@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any

2
roles/web-app-matrix/templates/mautrix/imessage.config.yml.j2
View File

@ -10,7 +10,7 @@ homeserver:
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.

10
roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -134,7 +134,7 @@ bridge:
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
@ -143,7 +143,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
@ -359,8 +359,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
"{{ MATRIX_SERVER_NAME }}": user
"@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any

10
roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -141,7 +141,7 @@ bridge:
federate_rooms: true
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -150,7 +150,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
@ -274,8 +274,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
"{{ MATRIX_SERVER_NAME }}": user
"@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin
# Settings for relay mode
relay:

10
roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -118,7 +118,7 @@ bridge:
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -127,7 +127,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
@ -278,8 +278,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
"{{ MATRIX_SERVER_NAME }}": user
"@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:

14
roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -62,7 +62,7 @@ appservice:
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://{{applications | get_app_conf(application_id, 'server_name', True)}}/public
external: {{ WEB_PROTOCOL }}://{{ MATRIX_SERVER_NAME }}/public
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
@ -198,7 +198,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -209,7 +209,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
@ -530,9 +530,9 @@ bridge:
# mxid - Specific user
permissions:
"*": "relaybot"
"public.{{applications | get_app_conf(application_id, 'server_name', True)}}": "user"
"{{applications | get_app_conf(application_id, 'server_name', True)}}": "full"
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": "admin"
"public.{{ MATRIX_SERVER_NAME }}": "user"
"{{ MATRIX_SERVER_NAME }}": "full"
"@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": "admin"
# Options related to the message relay Telegram bot.
relaybot:

10
roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
domain: {{ MATRIX_SERVER_NAME }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -236,7 +236,7 @@ bridge:
force_active_delivery_receipts: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -245,7 +245,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
{{ MATRIX_SERVER_NAME }}: {{ MATRIX_REGISTRATION_SHARED_SECRET }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
@ -434,8 +434,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
"{{ MATRIX_SERVER_NAME }}": user
"@{{ MATRIX_ADMINISTRATOR_USERNAME }}:{{ MATRIX_SERVER_NAME }}": admin
# Settings for relay mode
relay:

4
roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
View File

@ -1,4 +1,4 @@
server_name: "{{applications | get_app_conf(application_id, 'server_name', True)}}"
server_name: "{{ MATRIX_SERVER_NAME }}"
pid_file: /data/homeserver.pid
max_upload_size: {{ client_max_body_size }}
listeners:
@ -20,7 +20,7 @@ database:
cp_max: 10
log_config: "{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}"
media_store_path: "/data/media_store"
registration_shared_secret: "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}"
registration_shared_secret: "{{ MATRIX_REGISTRATION_SHARED_SECRET }}"
report_stats: true
macaroon_secret_key: "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
form_secret: "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"

3
roles/web-app-matrix/vars/main.yml
View File

@ -10,10 +10,13 @@ client_max_body_size: "{{ applications | get_app_conf(applicatio
# Matrix
## General
MATRIX_SERVER_NAME: "{{ applications | get_app_conf(application_id, 'server_name') }}"
MATRIX_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
MATRIX_WELL_KNOWN_DIRECTORY: "{{ NGINX.DIRECTORIES.DATA.WELL_KNOWN }}/matrix/"
MATRIX_WELL_KNOWN_FILE: "{{ MATRIX_WELL_KNOWN_DIRECTORY }}server"
MATRIX_PROJECT: "{{ application_id | get_entity_name }}"
MATRIX_REGISTRATION_FILE_FOLDER: "/data/"
MATRIX_REGISTRATION_SHARED_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.registration_shared_secret') }}"
## Synapse
MATRIX_SYNAPSE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version') }}"