From 156f52a1c4f3b36dde3a8af45c584c5758a2aa2b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 21 Dec 2023 17:32:54 +0100 Subject: [PATCH] Implemented draft for matrix-docker-ansible-deploy --- group_vars/all | 3 + roles/docker-matrix/.gitignore | 1 + roles/docker-matrix/handlers/main.yml | 8 - roles/docker-matrix/tasks/main.yml | 139 ++++-- .../templates/docker-compose.yml.j2 | 84 ---- .../templates/element-config.json.j2 | 59 --- .../templates/homeserver.yaml.j2 | 46 -- roles/docker-matrix/templates/hosts.yml.j2 | 79 +++ roles/docker-matrix/templates/log.config.j2 | 25 - .../templates/whatsapp-bridge-config.yml.j2 | 461 ------------------ roles/docker-matrix/vars/main.yml | 2 +- servers.yml | 8 +- 12 files changed, 183 insertions(+), 732 deletions(-) create mode 100644 roles/docker-matrix/.gitignore delete mode 100644 roles/docker-matrix/handlers/main.yml delete mode 100644 roles/docker-matrix/templates/docker-compose.yml.j2 delete mode 100644 roles/docker-matrix/templates/element-config.json.j2 delete mode 100644 roles/docker-matrix/templates/homeserver.yaml.j2 create mode 100644 roles/docker-matrix/templates/hosts.yml.j2 delete mode 100644 roles/docker-matrix/templates/log.config.j2 delete mode 100644 roles/docker-matrix/templates/whatsapp-bridge-config.yml.j2 diff --git a/group_vars/all b/group_vars/all index 08628c06..8143caf7 100644 --- a/group_vars/all +++ b/group_vars/all @@ -141,3 +141,6 @@ version_mastodon: "latest" pixelfed_app_name: "Pictures" top_domain: "localhost" + +# Prints well formated debug information +verbose: false diff --git a/roles/docker-matrix/.gitignore b/roles/docker-matrix/.gitignore new file mode 100644 index 00000000..27fcb31f --- /dev/null +++ b/roles/docker-matrix/.gitignore @@ -0,0 +1 @@ +matrix-docker-ansible-deploy/ \ No newline at end of file diff --git a/roles/docker-matrix/handlers/main.yml b/roles/docker-matrix/handlers/main.yml deleted file mode 100644 index 6a081ccb..00000000 --- a/roles/docker-matrix/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: recreate matrix - command: - cmd: docker-compose up -d --force-recreate - chdir: "{{docker_compose_instance_directory}}" - environment: - COMPOSE_HTTP_TIMEOUT: 600 - DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/docker-matrix/tasks/main.yml b/roles/docker-matrix/tasks/main.yml index aa51f8a7..5cd2cb2b 100644 --- a/roles/docker-matrix/tasks/main.yml +++ b/roles/docker-matrix/tasks/main.yml @@ -1,59 +1,108 @@ --- - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml - vars: - domain: "{{synapse_domain}}" - http_port: "{{synapse_http_port}}" - -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml - vars: - domain: "{{element_domain}}" - http_port: "{{element_http_port}}" + loop: "{{ domains }}" + loop_control: + loop_var: domain -- name: "create {{docker_compose_instance_directory}}" - file: - path: "{{docker_compose_instance_directory}}" +- name: Clone the git repository + git: + repo: https://github.com/spantaleev/matrix-docker-ansible-deploy.git + dest: "{{ local_repository_directory }}" + update: yes + delegate_to: localhost + become: false + +- name: create temporary inventory directory + tempfile: state: directory - mode: 0755 + register: matrix_inventory_tmp_dir + delegate_to: localhost + become: false -- name: "create {{docker_compose_instance_directory}}mautrix_whatsapp" +- name: protect inventory directory file: - path: "{{docker_compose_instance_directory}}mautrix_whatsapp" - state: directory - mode: 0755 + path: "{{ matrix_inventory_tmp_dir.path }}" + mode: '0700' # Nur der Besitzer kann lesen, schreiben und ausführen + delegate_to: localhost + become: false -- name: add whatsapp-bridge-config.yml +- name: set the hosts path + set_fact: + hosts_path: "{{ matrix_inventory_tmp_dir.path }}/hosts.yml" + +- name: create hosts.yml template: - src: "whatsapp-bridge-config.yml.j2" - dest: "{{docker_compose_instance_directory}}mautrix_whatsapp/config.yml" - notify: recreate matrix + src: "hosts.yml.j2" + dest: "{{hosts_path}}" + become: false + delegate_to: localhost -- name: add element-config.json - template: - src: "element-config.json.j2" - dest: "{{docker_compose_instance_directory}}element-config.json" - notify: recreate matrix +- name: show variable information + debug: + msg: "hosts_path: {{hosts_path}}\nmatrix_inventory_tmp_dir:{{ matrix_inventory_tmp_dir }}" + when: verbose | bool -- name: add homeserver.yaml - template: - src: "homeserver.yaml.j2" - dest: "{{docker_compose_instance_directory}}homeserver.yaml" - notify: recreate matrix +- name: install requirements + local_action: command just roles + args: + chdir: "{{ local_repository_directory }}" + become: false -- name: add log.config - template: - src: "log.config.j2" - dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config" - notify: recreate matrix +#- name: delete inventory directory +# file: +# path: "{{ matrix_inventory_tmp_dir.path }}" +# state: absent +# delegate_to: localhost +# become: false +# -# https://github.com/matrix-org/synapse/issues/6303 -- name: set correct folder permissions - command: - cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" -- name: add docker-compose.yml - template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose_instance_directory}}docker-compose.yml" - notify: recreate matrix + + +#- name: "create {{docker_compose_instance_directory}}" +# file: +# path: "{{docker_compose_instance_directory}}" +# state: directory +# mode: 0755 +# +#- name: "create {{docker_compose_instance_directory}}mautrix_whatsapp" +# file: +# path: "{{docker_compose_instance_directory}}mautrix_whatsapp" +# state: directory +# mode: 0755 +# +#- name: add whatsapp-bridge-config.yml +# template: +# src: "whatsapp-bridge-config.yml.j2" +# dest: "{{docker_compose_instance_directory}}mautrix_whatsapp/config.yml" +# notify: recreate matrix +# +#- name: add element-config.json +# template: +# src: "element-config.json.j2" +# dest: "{{docker_compose_instance_directory}}element-config.json" +# notify: recreate matrix +# +#- name: add homeserver.yaml +# template: +# src: "homeserver.yaml.j2" +# dest: "{{docker_compose_instance_directory}}homeserver.yaml" +# notify: recreate matrix +# +#- name: add log.config +# template: +# src: "log.config.j2" +# dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config" +# notify: recreate matrix +# +## https://github.com/matrix-org/synapse/issues/6303 +#- name: set correct folder permissions +# command: +# cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" +# +#- name: add docker-compose.yml +# template: +# src: "docker-compose.yml.j2" +# dest: "{{docker_compose_instance_directory}}docker-compose.yml" +# notify: recreate matrix diff --git a/roles/docker-matrix/templates/docker-compose.yml.j2 b/roles/docker-matrix/templates/docker-compose.yml.j2 deleted file mode 100644 index 26cdb4dc..00000000 --- a/roles/docker-matrix/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,84 +0,0 @@ -version: '3.1' - -services: - - synapse: - image: matrixdotorg/synapse:latest - restart: always - logging: - driver: journald - volumes: - - synapse_data:/data - - ./homeserver.yaml:/data/homeserver.yaml:ro - - ./{{synapse_domain}}.log.config:/data/{{synapse_domain}}.log.config:ro - environment: - - SYNAPSE_SERVER_NAME={{synapse_domain}} - - SYNAPSE_REPORT_STATS=no - ports: - - "127.0.0.1:{{synapse_http_port}}:8008" - depends_on: - - database - database: - logging: - driver: journald - image: postgres:16 - restart: unless-stopped - volumes: - - database:/var/lib/postgresql/data - environment: - - POSTGRES_DB=matrix - - POSTGRES_USER=matrix - - POSTGRES_PASSWORD={{matrix_database_password}} - - POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C - healthcheck: - test: ["CMD-SHELL", "pg_isready -U matrix"] - interval: 10s - timeout: 5s - retries: 6 - element: - image: vectorim/element-web:latest - restart: unless-stopped - volumes: - - ./element-config.json:/app/config.json - ports: - - "127.0.0.1:{{element_http_port}}:80" - - # bridges - #mautrix-telegram: - # container_name: mautrix-telegram - # image: dock.mau.dev/mautrix/telegram: - # restart: unless-stopped - # volumes: - # - telegram_bridge_data:/data - - #mautrix-whatsapp: - # container_name: mautrix-whatsapp - # image: dock.mau.dev/mautrix/whatsapp:latest - # restart: unless-stopped - # volumes: - # - ./mautrix_whatsapp:/data - - #mautrix-facebook: - # container_name: mautrix-facebook - # image: dock.mau.dev/mautrix/facebook: - # restart: unless-stopped - # volumes: - # - facebook_bridge_data:/data - - #mautrix-instagram: - # container_name: mautrix-instagram - # image: dock.mau.dev/mautrix/instagram: - # restart: unless-stopped - # volumes: - # - instagram_bridge_data:/data - -volumes: - database: - synapse_data: - #telegram_bridge_data: - #whatsapp_bridge_data: - #facebook_bridge_data: - #instagram_bridge_data: -networks: - default: - driver: bridge \ No newline at end of file diff --git a/roles/docker-matrix/templates/element-config.json.j2 b/roles/docker-matrix/templates/element-config.json.j2 deleted file mode 100644 index 618287df..00000000 --- a/roles/docker-matrix/templates/element-config.json.j2 +++ /dev/null @@ -1,59 +0,0 @@ -{ - "default_server_config": { - "m.homeserver": { - "base_url": "https://{{domain_matrix_synapse}}", - "server_name": "{{domain_matrix_synapse}}" - }, - "m.identity_server": { - "base_url": "https://{{top_domain}}" - } - }, - "brand": "Element", - "integrations_ui_url": "https://scalar.vector.im/", - "integrations_rest_url": "https://scalar.vector.im/api", - "integrations_widgets_urls": [ - "https://scalar.vector.im/_matrix/integrations/v1", - "https://scalar.vector.im/api", - "https://scalar-staging.vector.im/_matrix/integrations/v1", - "https://scalar-staging.vector.im/api", - "https://scalar-staging.riot.im/scalar/api" - ], - "bug_report_endpoint_url": "https://element.io/bugreports/submit", - "uisi_autorageshake_app": "element-auto-uisi", - "show_labs_settings": true, - "room_directory": { - "servers": ["matrix.org", "gitter.im", "libera.chat"] - }, - "enable_presence_by_hs_url": { - "https://matrix.org": false, - "https://matrix-client.matrix.org": false - }, - "terms_and_conditions_links": [ - { - "url": "https://element.io/privacy", - "text": "Privacy Policy" - }, - { - "url": "https://element.io/cookie-policy", - "text": "Cookie Policy" - } - ], - "sentry": { - "dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6", - "environment": "develop" - }, - "posthog": { - "project_api_key": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO", - "api_host": "https://posthog.element.io" - }, - "privacy_policy_url": "https://element.io/cookie-policy", - "features": { - "feature_video_rooms": true, - "feature_rust_crypto": true, - "feature_new_room_decoration_ui": true - }, - "element_call": { - "url": "https://call.element.dev" - }, - "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx" -} \ No newline at end of file diff --git a/roles/docker-matrix/templates/homeserver.yaml.j2 b/roles/docker-matrix/templates/homeserver.yaml.j2 deleted file mode 100644 index 39ccd99c..00000000 --- a/roles/docker-matrix/templates/homeserver.yaml.j2 +++ /dev/null @@ -1,46 +0,0 @@ -server_name: "{{domain_matrix_synapse}}" -pid_file: /data/homeserver.pid -listeners: - - port: 8008 - tls: false - type: http - x_forwarded: true - resources: - - names: [client, federation] - compress: false -database: - name: psycopg2 - args: - user: matrix - password: {{matrix_database_password}} - database: matrix - host: database - cp_min: 5 - cp_max: 10 -log_config: "/data/{{domain_matrix_synapse}}.log.config" -media_store_path: /data/media_store -registration_shared_secret: "{{matrix_registration_shared_secret}}" -report_stats: true -macaroon_secret_key: "{{matrix_macaroon_secret_key}}" -form_secret: "{{matrix_form_secret}}" -signing_key_path: "/data/{{domain_matrix_synapse}}.signing.key" -web_client_location: "https://{{element_domain}}" -public_baseurl: "https://{{synapse_domain}}" -trusted_key_servers: - - server_name: "matrix.org" -admin_contact: 'mailto:{{administrator_email}}' - -email: - smtp_host: "{{system_email_host}}" - smtp_port: "{{system_email_smtp_port}}" - smtp_user: "{{system_email_username}}" - smtp_pass: "{{system_email_password}}" - #force_tls: true - #require_transport_security: true - enable_tls: "{{ system_email_tls | upper }}" - notif_from: "Your Friendly %(app)s homeserver <{{system_email}}>" - app_name: "Matrix on {{top_domain}}" - enable_notifs: true - notif_for_new_users: false - client_base_url: "{{domain_matrix_synapse}}" - validation_token_lifetime: 15m \ No newline at end of file diff --git a/roles/docker-matrix/templates/hosts.yml.j2 b/roles/docker-matrix/templates/hosts.yml.j2 new file mode 100644 index 00000000..bd479c20 --- /dev/null +++ b/roles/docker-matrix/templates/hosts.yml.j2 @@ -0,0 +1,79 @@ +matrix_servers: + hosts: + {{inventory_hostname}}: + ansible_host: "{{ip4_address}}" + ansible_ssh_user: administrator + become: true + become_user: root + ansible_become_password: "{{ansible_become_password}}" +# The bare domain name which represents your Matrix identity. +# Matrix user ids for your server will be of the form (`@user:`). +# +# Note: this playbook does not touch the server referenced here. +# Installation happens on another server ("matrix."). +# +# If you've deployed using the wrong domain, you'll have to run the Uninstalling step, +# because you can't change the Domain after deployment. +# +# Example value: example.com + matrix_domain: "{{synapse_domain}}" + +# The Matrix homeserver software to install. +# See: +# - `roles/custom/matrix-base/defaults/main.yml` for valid options +# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice + matrix_homeserver_implementation: synapse + +# A secret used as a base, for generating various other secrets. +# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). + matrix_homeserver_generic_secret_key: "{{matrix_generic_secret_key}}" + +# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server. +# It will retrieve SSL certificates for you on-demand and forward requests to all other components. +# For alternatives, see `docs/configuring-playbook-own-webserver.md`. + matrix_playbook_reverse_proxy_type: playbook-managed-traefik + +# Ensure that public urls use https + matrix_playbook_ssl_enabled: true + +# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval + devture_traefik_config_entrypoint_web_secure_enabled: false + +# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81` + devture_traefik_container_web_host_bind_port: "127.0.0.1:{{http_port}}" + +# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from +# a reverse-proxy running on the local machine is safe enough. + devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true + +# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains. +# +# In case SSL renewal fails at some point, you'll also get an email notification there. +# +# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt), +# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). +# +# Example value: someone@example.com + devture_traefik_config_certificatesResolvers_acme_email: "{{administrator_email}}" + +# A Postgres password to use for the superuser Postgres user (called `matrix` by default). +# +# The playbook creates additional Postgres users and databases (one for each enabled service) +# using this superuser account. + devture_postgres_connection_password: '' + +# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file. +# If this value is an external IP address, you can skip this section. +# +# If `ansible_host` is not the server's external IP address, you have 2 choices: +# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below) +# 2. Uncomment and adjust the line below to specify an IP address manually +# +# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API. +# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role +# (see `roles/custom/matrix-coturn/defaults/main.yml`). +# +# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses. +# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']` +# +# matrix_coturn_turn_external_ip_address: '' \ No newline at end of file diff --git a/roles/docker-matrix/templates/log.config.j2 b/roles/docker-matrix/templates/log.config.j2 deleted file mode 100644 index e8a842b5..00000000 --- a/roles/docker-matrix/templates/log.config.j2 +++ /dev/null @@ -1,25 +0,0 @@ -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: precise - filename: /data/{{synapse_domain}}.homeserver.log - maxBytes: 10485760 - backupCount: 3 - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse: - level: INFO - handlers: [file, console] - -root: - level: INFO - handlers: [file, console] diff --git a/roles/docker-matrix/templates/whatsapp-bridge-config.yml.j2 b/roles/docker-matrix/templates/whatsapp-bridge-config.yml.j2 deleted file mode 100644 index bfe1912d..00000000 --- a/roles/docker-matrix/templates/whatsapp-bridge-config.yml.j2 +++ /dev/null @@ -1,461 +0,0 @@ -# Homeserver details. -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: https://{{synapse_domain}} - # The domain of the homeserver (for MXIDs, etc). - domain: {{synapse_domain}} - - # What software is the homeserver running? - # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. - software: standard - # The URL to push real-time bridge status to. - # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. - # The bridge will use the appservice as_token to authorize requests. - status_endpoint: null - # Endpoint for reporting per-message status. - message_send_checkpoint_endpoint: null - # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false - # Should the bridge use a websocket for connecting to the homeserver? - # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, - # mautrix-asmux (deprecated), and hungryserv (proprietary). - websocket: false - # How often should the websocket be pinged? Pinging will be disabled if this is zero. - ping_interval_seconds: 0 - -# Application service host/registration related details. -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: http://localhost:29318 - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29318 - - # Database config. - database: - # The database type. "sqlite3-fk-wal" and "postgres" are supported. - type: postgres - # The database URI. - # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. - # https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable - # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: postgres://matrix:{{matrix_database_password}}@database/matrix?sslmode=disable - # Maximum number of connections. Mostly relevant for Postgres. - max_open_conns: 20 - max_idle_conns: 2 - # Maximum connection idle time and lifetime before they're closed. Disabled if null. - # Parsed with https://pkg.go.dev/time#ParseDuration - max_conn_idle_time: null - max_conn_lifetime: null - - # The unique ID of this appservice. - id: whatsapp - # Appservice bot details. - bot: - # Username of the appservice bot. - username: whatsappbot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: WhatsApp bridge bot - avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr - # Whether or not to receive ephemeral events via appservice transactions. - # Requires MSC2409 support (i.e. Synapse 1.22+). - ephemeral_events: true - # Should incoming events be handled asynchronously? - # This may be necessary for large public instances with lots of messages going through. - # However, messages will not be guaranteed to be bridged in the same order they were sent in. - async_transactions: false - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "GvOrixRxN8G2dO1KhUgWKL8yhC0lgSBtbr819nntLV2ZcPlWayjWj14YIVKMJHmA" - hs_token: "oQbRcd1KO2ggrF9lu13fElKnp1Zf0GDU9fiTFSwQQjnD3VmcRnVlZqhMpXu3criI" - -# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. -analytics: - # Hostname of the tracking server. The path is hardcoded to /v1/track - host: api.segment.io - # API key to send with tracking requests. Tracking is disabled if this is null. - token: null - # Optional user ID for tracking events. If null, defaults to using Matrix user ID. - user_id: null - -# Prometheus config. -metrics: - # Enable prometheus metrics? - enabled: false - # IP and port where the metrics listener should be. The path is always /metrics - listen: 127.0.0.1:8001 - -# Config for things that are directly sent to WhatsApp. -whatsapp: - # Device name that's shown in the "WhatsApp Web" section in the mobile app. - os_name: Mautrix-WhatsApp bridge - # Browser name that determines the logo shown in the mobile app. - # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon. - # List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 - browser_name: unknown - -# Bridge config -bridge: - # Localpart template of MXIDs for WhatsApp users. - # {{.}} is replaced with the phone number of the WhatsApp user. - username_template: whatsapp_{{.}} - # Displayname template for WhatsApp users. - # {{.PushName}} - nickname set by the WhatsApp user - # {{.BusinessName}} - validated WhatsApp business name - # {{.Phone}} - phone number (international format) - # The following variables are also available, but will cause problems on multi-user instances: - # {{.FullName}} - full name from contact list - # {{.FirstName}} - first name from contact list - displayname_template: "{{or .BusinessName .PushName .JID}} (WA)" - # Should the bridge create a space for each logged-in user and add bridged rooms to it? - # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. - personal_filtering_spaces: false - # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? - delivery_receipts: false - # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. - message_status_events: false - # Whether the bridge should send error notices via m.notice events when a message fails to bridge. - message_error_notices: true - # Should incoming calls send a message to the Matrix room? - call_start_notices: true - # Should another user's cryptographic identity changing send a message to Matrix? - identity_change_notices: false - portal_message_buffer: 128 - # Settings for handling history sync payloads. - history_sync: - # Enable backfilling history sync payloads from WhatsApp? - backfill: true - # The maximum number of initial conversations that should be synced. - # Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat. - max_initial_conversations: -1 - # Maximum number of messages to backfill in each conversation. - # Set to -1 to disable limit. - message_count: 50 - # Should the bridge request a full sync from the phone when logging in? - # This bumps the size of history syncs from 3 months to 1 year. - request_full_sync: false - # Configuration parameters that are sent to the phone along with the request full sync flag. - # By default (when the values are null or 0), the config isn't sent at all. - full_sync_config: - # Number of days of history to request. - # The limit seems to be around 3 years, but using higher values doesn't break. - days_limit: null - # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob. - size_mb_limit: null - # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob. - storage_quota_mb: null - # If this value is greater than 0, then if the conversation's last message was more than - # this number of hours ago, then the conversation will automatically be marked it as read. - # Conversations that have a last message that is less than this number of hours ago will - # have their unread status synced from WhatsApp. - unread_hours_threshold: 0 - ############################################################################### - # The settings below are only applicable for backfilling using batch sending, # - # which is no longer supported in Synapse. # - ############################################################################### - - # Settings for media requests. If the media expired, then it will not be on the WA servers. - # Media can always be requested by reacting with the ♻️ (recycle) emoji. - # These settings determine if the media requests should be done automatically during or after backfill. - media_requests: - # Should expired media be automatically requested from the server as part of the backfill process? - auto_request_media: true - # Whether to request the media immediately after the media message is backfilled ("immediate") - # or at a specific time of the day ("local_time"). - request_method: immediate - # If request_method is "local_time", what time should the requests be sent (in minutes after midnight)? - request_local_time: 120 - # Settings for immediate backfills. These backfills should generally be small and their main purpose is - # to populate each of the initial chats (as configured by max_initial_conversations) with a few messages - # so that you can continue conversations without losing context. - immediate: - # The number of concurrent backfill workers to create for immediate backfills. - # Note that using more than one worker could cause the room list to jump around - # since there are no guarantees about the order in which the backfills will complete. - worker_count: 1 - # The maximum number of events to backfill initially. - max_events: 10 - # Settings for deferred backfills. The purpose of these backfills are to fill in the rest of - # the chat history that was not covered by the immediate backfills. - # These backfills generally should happen at a slower pace so as not to overload the homeserver. - # Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages). - # The fields are as follows: - # - start_days_ago: the number of days ago to start backfilling from. - # To indicate the start of time, use -1. For example, for a week ago, use 7. - # - max_batch_events: the number of events to send per batch. - # - batch_delay: the number of seconds to wait before backfilling each batch. - deferred: - # Last Week - - start_days_ago: 7 - max_batch_events: 20 - batch_delay: 5 - # Last Month - - start_days_ago: 30 - max_batch_events: 50 - batch_delay: 10 - # Last 3 months - - start_days_ago: 90 - max_batch_events: 100 - batch_delay: 10 - # The start of time - - start_days_ago: -1 - max_batch_events: 500 - batch_delay: 10 - # Should puppet avatars be fetched from the server even if an avatar is already set? - user_avatar_sync: true - # Should Matrix users leaving groups be bridged to WhatsApp? - bridge_matrix_leave: true - # Should the bridge update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # Should the bridge use MSC2867 to bridge manual "mark as unread"s from - # WhatsApp and set the unread status on initial backfill? - # This will only work on clients that support the m.marked_unread or - # com.famedly.marked_unread room account data. - sync_manual_marked_unread: true - # When double puppeting is enabled, users can use `!wa toggle` to change whether - # presence is bridged. This setting sets the default value. - # Existing users won't be affected when these are changed. - default_bridge_presence: true - # Send the presence as "available" to whatsapp when users start typing on a portal. - # This works as a workaround for homeservers that do not support presence, and allows - # users to see when the whatsapp user on the other side is typing during a conversation. - send_presence_on_typing: false - # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp) - # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)? - # - # By default, the bridge acts like WhatsApp web, which only sends active delivery - # receipts when it's in the foreground. - force_active_delivery_receipts: false - # Servers to always allow double puppeting from - double_puppet_server_map: - example.com: https://example.com - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, double puppeting will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret_map: - example.com: foobar - # Whether to explicitly set the avatar and room name for private chat portal rooms. - # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. - # If set to `always`, all DM rooms will have explicit names and avatars set. - # If set to `never`, DM rooms will never have names and avatars set. - private_chat_portal_meta: default - # Should group members be synced in parallel? This makes member sync faster - parallel_member_sync: false - # Should Matrix m.notice-type messages be bridged? - bridge_notices: true - # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. - # This field will automatically be changed back to false after it, except if the config file is not writable. - resend_bridge_info: false - # When using double puppeting, should muted chats be muted in Matrix? - mute_bridging: false - # When using double puppeting, should archived chats be moved to a specific tag in Matrix? - # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix. - # This can be set to a tag (e.g. m.lowpriority), or null to disable. - archive_tag: null - # Same as above, but for pinned chats. The favorite tag is called m.favourite - pinned_tag: null - # Should mute status and tags only be bridged when the portal room is created? - tag_only_on_create: true - # Should WhatsApp status messages be bridged into a Matrix room? - # Disabling this won't affect already created status broadcast rooms. - enable_status_broadcast: true - # Should sending WhatsApp status messages be allowed? - # This can cause issues if the user has lots of contacts, so it's disabled by default. - disable_status_broadcast_send: true - # Should the status broadcast room be muted and moved into low priority by default? - # This is only applied when creating the room, the user can unmute it later. - mute_status_broadcast: true - # Tag to apply to the status broadcast room. - status_broadcast_tag: m.lowpriority - # Should the bridge use thumbnails from WhatsApp? - # They're disabled by default due to very low resolution. - whatsapp_thumbnail: false - # Allow invite permission for user. User can invite any bots to room with whatsapp - # users (private chat and groups) - allow_user_invite: false - # Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - # Should the bridge never send alerts to the bridge management room? - # These are mostly things like the user being logged out. - disable_bridge_alerts: false - # Should the bridge stop if the WhatsApp server says another user connected with the same session? - # This is only safe on single-user bridges. - crash_on_stream_replaced: false - # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, - # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` - # key in the event content even if this is disabled. - url_previews: false - # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. - # This is currently not supported in most clients. - caption_in_message: false - # Send galleries as a single event? This is not an MSC (yet). - beeper_galleries: false - # Should polls be sent using MSC3381 event types? - extev_polls: false - # Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this. - cross_room_replies: false - # Disable generating reply fallbacks? Some extremely bad clients still rely on them, - # but they're being phased out and will be completely removed in the future. - disable_reply_fallbacks: false - # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration - # Null means there's no enforced timeout. - message_handling_timeout: - # Send an error message after this timeout, but keep waiting for the response until the deadline. - # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. - # If the message is older than this when it reaches the bridge, the message won't be handled at all. - error_after: null - # Drop messages after this timeout. They may still go through if the message got sent to the servers. - # This is counted from the time the bridge starts handling the message. - deadline: 120s - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" - - # Messages sent upon joining a management room. - # Markdown is supported. The defaults are listed below. - management_room_text: - # Sent when joining a room. - welcome: "Hello, I'm a WhatsApp bridge bot." - # Sent when joining a management room and the user is already logged in. - welcome_connected: "Use `help` for help." - # Sent when joining a management room and the user is not logged in. - welcome_unconnected: "Use `help` for help or `login` to log in." - # Optional extra text sent when joining a management room. - additional_help: "" - - # End-to-bridge encryption support options. - # - # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. - appservice: false - # Require encryption, drop any unencrypted messages. - require: false - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow_key_sharing: false - # Should users mentions be in the event wire content to enable the server to send push notifications? - plaintext_mentions: false - # Options for deleting megolm sessions from the bridge. - delete_keys: - # Beeper-specific: delete outbound sessions when hungryserv confirms - # that the user has uploaded the key to key backup. - delete_outbound_on_ack: false - # Don't store outbound sessions in the inbound table. - dont_store_outbound: false - # Ratchet megolm sessions forward after decrypting messages. - ratchet_on_decrypt: false - # Delete fully used keys (index >= max_messages) after decrypting messages. - delete_fully_used_on_decrypt: false - # Delete previous megolm sessions from same device when receiving a new one. - delete_prev_on_new_session: false - # Delete megolm sessions received from a device when the device is deleted. - delete_on_device_delete: false - # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. - periodically_delete_expired: false - # Delete inbound megolm sessions that don't have the received_at field used for - # automatic ratcheting and expired session deletion. This is meant as a migration - # to delete old keys prior to the bridge update. - delete_outdated_inbound: false - # What level of device verification should be required from users? - # - # Valid levels: - # unverified - Send keys to all device in the room. - # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. - # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). - # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. - # Note that creating user signatures from the bridge bot is not currently possible. - # verified - Require manual per-device verification - # (currently only possible by modifying the `trust` column in the `crypto_device` database table). - verification_levels: - # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. - receive: unverified - # Minimum level that the bridge should accept for incoming Matrix messages. - send: unverified - # Minimum level that the bridge should require for accepting key requests. - share: cross-signed-tofu - # Options for Megolm room key rotation. These options allow you to - # configure the m.room.encryption event content. See: - # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for - # more information about that event. - rotation: - # Enable custom Megolm room key rotation settings. Note that these - # settings will only apply to rooms created after this option is - # set. - enable_custom: false - # The maximum number of milliseconds a session should be used - # before changing it. The Matrix spec recommends 604800000 (a week) - # as the default. - milliseconds: 604800000 - # The maximum number of messages that should be sent with a given a - # session before changing it. The Matrix spec recommends 100 as the - # default. - messages: 100 - # Disable rotating keys when a user's devices change? - # You should not enable this option unless you understand all the implications. - disable_device_change_key_rotation: false - - # Settings for provisioning API - provisioning: - # Prefix for the provisioning API paths. - prefix: /_matrix/provision - # Shared secret for authentication. If set to "generate", a random secret will be generated, - # or if set to "disable", the provisioning API will be disabled. - shared_secret: kY8Ez6M80YBpvGtMz5R1Mb1c7deb8d9zxmlvqwTv0HGCKPVqcrTmHu90Wi04828z - # Enable debug API at /debug with provisioning authentication. - debug_endpoints: false - - # Permissions for using the bridge. - # Permitted values: - # relay - Talk through the relaybot (if enabled), no access otherwise - # user - Access to use the bridge to chat with a WhatsApp account. - # admin - User level and some additional administration tools - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "*": relay - "example.com": user - "@admin:example.com": admin - - # Settings for relay mode - relay: - # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any - # authenticated user into a relaybot for that chat. - enabled: false - # Should only admins be allowed to set themselves as relay users? - admin_only: true - # The formats to use when sending messages to WhatsApp via the relaybot. - message_formats: - m.text: "{{ .Sender.Displayname }}: {{ .Message }}" - m.notice: "{{ .Sender.Displayname }}: {{ .Message }}" - m.emote: "* {{ .Sender.Displayname }} {{ .Message }}" - m.file: "{{ .Sender.Displayname }} sent a file" - m.image: "{{ .Sender.Displayname }} sent an image" - m.audio: "{{ .Sender.Displayname }} sent an audio file" - m.video: "{{ .Sender.Displayname }} sent a video" - m.location: "{{ .Sender.Displayname }} sent a location" - -# Logging config. See https://github.com/tulir/zeroconfig for details. -logging: - min_level: debug - writers: - - type: stdout - format: pretty-colored diff --git a/roles/docker-matrix/vars/main.yml b/roles/docker-matrix/vars/main.yml index 4161111b..798e8e45 100644 --- a/roles/docker-matrix/vars/main.yml +++ b/roles/docker-matrix/vars/main.yml @@ -1,2 +1,2 @@ --- -docker_compose_instance_directory: "{{path_docker_compose_instances}}matrix/" \ No newline at end of file +local_repository_directory: "{{role_path}}/matrix-docker-ansible-deploy" \ No newline at end of file diff --git a/servers.yml b/servers.yml index 05a9f0fb..05aa7dd0 100644 --- a/servers.yml +++ b/servers.yml @@ -205,10 +205,12 @@ roles: - role: docker-matrix vars: - synapse_domain: "{{domain_matrix_synapse}}" - synapse_http_port: 8021 + domains: + - "{{domain_matrix_element}}" + - "{{domain_matrix_synapse}}" element_domain: "{{domain_matrix_element}}" - element_http_port: 8022 + synapse_domain: "{{domain_matrix_synapse}}" + http_port: 8021 - name: setup akaunting hosts hosts: akaunting