kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2024-09-19 16:03:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implemented draft for matrix-docker-ansible-deploy

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2023-12-21 17:32:54 +01:00
parent 27b8e79b79
commit 616044d715
12 changed files with 183 additions and 732 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all
View File

@ -141,3 +141,6 @@ version_mastodon: "latest"
pixelfed_app_name: "Pictures"
top_domain: "localhost"
# Prints well formated debug information
verbose: false

1
roles/docker-matrix/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
matrix-docker-ansible-deploy/

8
roles/docker-matrix/handlers/main.yml
View File

@ -1,8 +0,0 @@
---
- name: recreate matrix
command:
cmd: docker-compose up -d --force-recreate
chdir: "{{docker_compose_instance_directory}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600

139
roles/docker-matrix/tasks/main.yml
View File

@ -1,59 +1,108 @@
---
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
vars:
domain: "{{synapse_domain}}"
http_port: "{{synapse_http_port}}"
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
vars:
domain: "{{element_domain}}"
http_port: "{{element_http_port}}"
loop: "{{ domains }}"
loop_control:
loop_var: domain
- name: "create {{docker_compose_instance_directory}}"
file:
path: "{{docker_compose_instance_directory}}"
- name: Clone the git repository
git:
repo: https://github.com/spantaleev/matrix-docker-ansible-deploy.git
dest: "{{ local_repository_directory }}"
update: yes
delegate_to: localhost
become: false
- name: create temporary inventory directory
tempfile:
state: directory
mode: 0755
register: matrix_inventory_tmp_dir
delegate_to: localhost
become: false
- name: "create {{docker_compose_instance_directory}}mautrix_whatsapp"
- name: protect inventory directory
file:
path: "{{docker_compose_instance_directory}}mautrix_whatsapp"
state: directory
mode: 0755
path: "{{ matrix_inventory_tmp_dir.path }}"
mode: '0700' # Nur der Besitzer kann lesen, schreiben und ausführen
delegate_to: localhost
become: false
- name: add whatsapp-bridge-config.yml
- name: set the hosts path
set_fact:
hosts_path: "{{ matrix_inventory_tmp_dir.path }}/hosts.yml"
- name: create hosts.yml
template:
src: "whatsapp-bridge-config.yml.j2"
dest: "{{docker_compose_instance_directory}}mautrix_whatsapp/config.yml"
notify: recreate matrix
src: "hosts.yml.j2"
dest: "{{hosts_path}}"
become: false
delegate_to: localhost
- name: add element-config.json
template:
src: "element-config.json.j2"
dest: "{{docker_compose_instance_directory}}element-config.json"
notify: recreate matrix
- name: show variable information
debug:
msg: "hosts_path: {{hosts_path}}\nmatrix_inventory_tmp_dir:{{ matrix_inventory_tmp_dir }}"
when: verbose | bool
- name: add homeserver.yaml
template:
src: "homeserver.yaml.j2"
dest: "{{docker_compose_instance_directory}}homeserver.yaml"
notify: recreate matrix
- name: install requirements
local_action: command just roles
args:
chdir: "{{ local_repository_directory }}"
become: false
- name: add log.config
template:
src: "log.config.j2"
dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config"
notify: recreate matrix
#- name: delete inventory directory
# file:
# path: "{{ matrix_inventory_tmp_dir.path }}"
# state: absent
# delegate_to: localhost
# become: false
#
# https://github.com/matrix-org/synapse/issues/6303
- name: set correct folder permissions
command:
cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
notify: recreate matrix
#- name: "create {{docker_compose_instance_directory}}"
# file:
# path: "{{docker_compose_instance_directory}}"
# state: directory
# mode: 0755
#
#- name: "create {{docker_compose_instance_directory}}mautrix_whatsapp"
# file:
# path: "{{docker_compose_instance_directory}}mautrix_whatsapp"
# state: directory
# mode: 0755
#
#- name: add whatsapp-bridge-config.yml
# template:
# src: "whatsapp-bridge-config.yml.j2"
# dest: "{{docker_compose_instance_directory}}mautrix_whatsapp/config.yml"
# notify: recreate matrix
#
#- name: add element-config.json
# template:
# src: "element-config.json.j2"
# dest: "{{docker_compose_instance_directory}}element-config.json"
# notify: recreate matrix
#
#- name: add homeserver.yaml
# template:
# src: "homeserver.yaml.j2"
# dest: "{{docker_compose_instance_directory}}homeserver.yaml"
# notify: recreate matrix
#
#- name: add log.config
# template:
# src: "log.config.j2"
# dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config"
# notify: recreate matrix
#
## https://github.com/matrix-org/synapse/issues/6303
#- name: set correct folder permissions
# command:
# cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
#
#- name: add docker-compose.yml
# template:
# src: "docker-compose.yml.j2"
# dest: "{{docker_compose_instance_directory}}docker-compose.yml"
# notify: recreate matrix

84
roles/docker-matrix/templates/docker-compose.yml.j2
View File

@ -1,84 +0,0 @@
version: '3.1'
services:
synapse:
image: matrixdotorg/synapse:latest
restart: always
logging:
driver: journald
volumes:
- synapse_data:/data
- ./homeserver.yaml:/data/homeserver.yaml:ro
- ./{{synapse_domain}}.log.config:/data/{{synapse_domain}}.log.config:ro
environment:
- SYNAPSE_SERVER_NAME={{synapse_domain}}
- SYNAPSE_REPORT_STATS=no
ports:
- "127.0.0.1:{{synapse_http_port}}:8008"
depends_on:
- database
database:
logging:
driver: journald
image: postgres:16
restart: unless-stopped
volumes:
- database:/var/lib/postgresql/data
environment:
- POSTGRES_DB=matrix
- POSTGRES_USER=matrix
- POSTGRES_PASSWORD={{matrix_database_password}}
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
healthcheck:
test: ["CMD-SHELL", "pg_isready -U matrix"]
interval: 10s
timeout: 5s
retries: 6
element:
image: vectorim/element-web:latest
restart: unless-stopped
volumes:
- ./element-config.json:/app/config.json
ports:
- "127.0.0.1:{{element_http_port}}:80"
# bridges
#mautrix-telegram:
# container_name: mautrix-telegram
# image: dock.mau.dev/mautrix/telegram:<version>
# restart: unless-stopped
# volumes:
# - telegram_bridge_data:/data
#mautrix-whatsapp:
# container_name: mautrix-whatsapp
# image: dock.mau.dev/mautrix/whatsapp:latest
# restart: unless-stopped
# volumes:
# - ./mautrix_whatsapp:/data
#mautrix-facebook:
# container_name: mautrix-facebook
# image: dock.mau.dev/mautrix/facebook:<version>
# restart: unless-stopped
# volumes:
# - facebook_bridge_data:/data
#mautrix-instagram:
# container_name: mautrix-instagram
# image: dock.mau.dev/mautrix/instagram:<version>
# restart: unless-stopped
# volumes:
# - instagram_bridge_data:/data
volumes:
database:
synapse_data:
#telegram_bridge_data:
#whatsapp_bridge_data:
#facebook_bridge_data:
#instagram_bridge_data:
networks:
default:
driver: bridge

59
roles/docker-matrix/templates/element-config.json.j2
View File

@ -1,59 +0,0 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://{{domain_matrix_synapse}}",
"server_name": "{{domain_matrix_synapse}}"
},
"m.identity_server": {
"base_url": "https://{{top_domain}}"
}
},
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"uisi_autorageshake_app": "element-auto-uisi",
"show_labs_settings": true,
"room_directory": {
"servers": ["matrix.org", "gitter.im", "libera.chat"]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"terms_and_conditions_links": [
{
"url": "https://element.io/privacy",
"text": "Privacy Policy"
},
{
"url": "https://element.io/cookie-policy",
"text": "Cookie Policy"
}
],
"sentry": {
"dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6",
"environment": "develop"
},
"posthog": {
"project_api_key": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO",
"api_host": "https://posthog.element.io"
},
"privacy_policy_url": "https://element.io/cookie-policy",
"features": {
"feature_video_rooms": true,
"feature_rust_crypto": true,
"feature_new_room_decoration_ui": true
},
"element_call": {
"url": "https://call.element.dev"
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}

46
roles/docker-matrix/templates/homeserver.yaml.j2
View File

@ -1,46 +0,0 @@
server_name: "{{domain_matrix_synapse}}"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: psycopg2
args:
user: matrix
password: {{matrix_database_password}}
database: matrix
host: database
cp_min: 5
cp_max: 10
log_config: "/data/{{domain_matrix_synapse}}.log.config"
media_store_path: /data/media_store
registration_shared_secret: "{{matrix_registration_shared_secret}}"
report_stats: true
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"
form_secret: "{{matrix_form_secret}}"
signing_key_path: "/data/{{domain_matrix_synapse}}.signing.key"
web_client_location: "https://{{element_domain}}"
public_baseurl: "https://{{synapse_domain}}"
trusted_key_servers:
- server_name: "matrix.org"
admin_contact: 'mailto:{{administrator_email}}'
email:
smtp_host: "{{system_email_host}}"
smtp_port: "{{system_email_smtp_port}}"
smtp_user: "{{system_email_username}}"
smtp_pass: "{{system_email_password}}"
#force_tls: true
#require_transport_security: true
enable_tls: "{{ system_email_tls | upper }}"
notif_from: "Your Friendly %(app)s homeserver <{{system_email}}>"
app_name: "Matrix on {{top_domain}}"
enable_notifs: true
notif_for_new_users: false
client_base_url: "{{domain_matrix_synapse}}"
validation_token_lifetime: 15m

79
roles/docker-matrix/templates/hosts.yml.j2 Normal file
View File

@ -0,0 +1,79 @@
matrix_servers:
hosts:
{{inventory_hostname}}:
ansible_host: "{{ip4_address}}"
ansible_ssh_user: administrator
become: true
become_user: root
ansible_become_password: "{{ansible_become_password}}"
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: "{{synapse_domain}}"
# The Matrix homeserver software to install.
# See:
# - `roles/custom/matrix-base/defaults/main.yml` for valid options
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: "{{matrix_generic_secret_key}}"
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
# For alternatives, see `docs/configuring-playbook-own-webserver.md`.
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
# Ensure that public urls use https
matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval
devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: "127.0.0.1:{{http_port}}"
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
devture_traefik_config_certificatesResolvers_acme_email: "{{administrator_email}}"
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: ''
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.
#
# If `ansible_host` is not the server's external IP address, you have 2 choices:
# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
# 2. Uncomment and adjust the line below to specify an IP address manually
#
# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role
# (see `roles/custom/matrix-coturn/defaults/main.yml`).
#
# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
#
# matrix_coturn_turn_external_ip_address: ''

25
roles/docker-matrix/templates/log.config.j2
View File

@ -1,25 +0,0 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /data/{{synapse_domain}}.homeserver.log
maxBytes: 10485760
backupCount: 3
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse:
level: INFO
handlers: [file, console]
root:
level: INFO
handlers: [file, console]

461
roles/docker-matrix/templates/whatsapp-bridge-config.yml.j2
View File

@ -1,461 +0,0 @@
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://{{synapse_domain}}
# The domain of the homeserver (for MXIDs, etc).
domain: {{synapse_domain}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket: false
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://localhost:29318
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29318
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://matrix:{{matrix_database_password}}@database/matrix?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "GvOrixRxN8G2dO1KhUgWKL8yhC0lgSBtbr819nntLV2ZcPlWayjWj14YIVKMJHmA"
hs_token: "oQbRcd1KO2ggrF9lu13fElKnp1Zf0GDU9fiTFSwQQjnD3VmcRnVlZqhMpXu3criI"
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# Hostname of the tracking server. The path is hardcoded to /v1/track
host: api.segment.io
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: false
# IP and port where the metrics listener should be. The path is always /metrics
listen: 127.0.0.1:8001
# Config for things that are directly sent to WhatsApp.
whatsapp:
# Device name that's shown in the "WhatsApp Web" section in the mobile app.
os_name: Mautrix-WhatsApp bridge
# Browser name that determines the logo shown in the mobile app.
# Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
# List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
browser_name: unknown
# Bridge config
bridge:
# Localpart template of MXIDs for WhatsApp users.
# {{.}} is replaced with the phone number of the WhatsApp user.
username_template: whatsapp_{{.}}
# Displayname template for WhatsApp users.
# {{.PushName}} - nickname set by the WhatsApp user
# {{.BusinessName}} - validated WhatsApp business name
# {{.Phone}} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{.FullName}} - full name from contact list
# {{.FirstName}} - first name from contact list
displayname_template: "{{or .BusinessName .PushName .JID}} (WA)"
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
personal_filtering_spaces: false
# Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should incoming calls send a message to the Matrix room?
call_start_notices: true
# Should another user's cryptographic identity changing send a message to Matrix?
identity_change_notices: false
portal_message_buffer: 128
# Settings for handling history sync payloads.
history_sync:
# Enable backfilling history sync payloads from WhatsApp?
backfill: true
# The maximum number of initial conversations that should be synced.
# Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
max_initial_conversations: -1
# Maximum number of messages to backfill in each conversation.
# Set to -1 to disable limit.
message_count: 50
# Should the bridge request a full sync from the phone when logging in?
# This bumps the size of history syncs from 3 months to 1 year.
request_full_sync: false
# Configuration parameters that are sent to the phone along with the request full sync flag.
# By default (when the values are null or 0), the config isn't sent at all.
full_sync_config:
# Number of days of history to request.
# The limit seems to be around 3 years, but using higher values doesn't break.
days_limit: null
# This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
size_mb_limit: null
# This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
storage_quota_mb: null
# If this value is greater than 0, then if the conversation's last message was more than
# this number of hours ago, then the conversation will automatically be marked it as read.
# Conversations that have a last message that is less than this number of hours ago will
# have their unread status synced from WhatsApp.
unread_hours_threshold: 0
###############################################################################
# The settings below are only applicable for backfilling using batch sending, #
# which is no longer supported in Synapse. #
###############################################################################
# Settings for media requests. If the media expired, then it will not be on the WA servers.
# Media can always be requested by reacting with the ♻️ (recycle) emoji.
# These settings determine if the media requests should be done automatically during or after backfill.
media_requests:
# Should expired media be automatically requested from the server as part of the backfill process?
auto_request_media: true
# Whether to request the media immediately after the media message is backfilled ("immediate")
# or at a specific time of the day ("local_time").
request_method: immediate
# If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
request_local_time: 120
# Settings for immediate backfills. These backfills should generally be small and their main purpose is
# to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
# so that you can continue conversations without losing context.
immediate:
# The number of concurrent backfill workers to create for immediate backfills.
# Note that using more than one worker could cause the room list to jump around
# since there are no guarantees about the order in which the backfills will complete.
worker_count: 1
# The maximum number of events to backfill initially.
max_events: 10
# Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
# the chat history that was not covered by the immediate backfills.
# These backfills generally should happen at a slower pace so as not to overload the homeserver.
# Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
# The fields are as follows:
# - start_days_ago: the number of days ago to start backfilling from.
# To indicate the start of time, use -1. For example, for a week ago, use 7.
# - max_batch_events: the number of events to send per batch.
# - batch_delay: the number of seconds to wait before backfilling each batch.
deferred:
# Last Week
- start_days_ago: 7
max_batch_events: 20
batch_delay: 5
# Last Month
- start_days_ago: 30
max_batch_events: 50
batch_delay: 10
# Last 3 months
- start_days_ago: 90
max_batch_events: 100
batch_delay: 10
# The start of time
- start_days_ago: -1
max_batch_events: 500
batch_delay: 10
# Should puppet avatars be fetched from the server even if an avatar is already set?
user_avatar_sync: true
# Should Matrix users leaving groups be bridged to WhatsApp?
bridge_matrix_leave: true
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Should the bridge use MSC2867 to bridge manual "mark as unread"s from
# WhatsApp and set the unread status on initial backfill?
# This will only work on clients that support the m.marked_unread or
# com.famedly.marked_unread room account data.
sync_manual_marked_unread: true
# When double puppeting is enabled, users can use `!wa toggle` to change whether
# presence is bridged. This setting sets the default value.
# Existing users won't be affected when these are changed.
default_bridge_presence: true
# Send the presence as "available" to whatsapp when users start typing on a portal.
# This works as a workaround for homeservers that do not support presence, and allows
# users to see when the whatsapp user on the other side is typing during a conversation.
send_presence_on_typing: false
# Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
# even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
#
# By default, the bridge acts like WhatsApp web, which only sends active delivery
# receipts when it's in the foreground.
force_active_delivery_receipts: false
# Servers to always allow double puppeting from
double_puppet_server_map:
example.com: https://example.com
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
example.com: foobar
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# Should group members be synced in parallel? This makes member sync faster
parallel_member_sync: false
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
# Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
archive_tag: null
# Same as above, but for pinned chats. The favorite tag is called m.favourite
pinned_tag: null
# Should mute status and tags only be bridged when the portal room is created?
tag_only_on_create: true
# Should WhatsApp status messages be bridged into a Matrix room?
# Disabling this won't affect already created status broadcast rooms.
enable_status_broadcast: true
# Should sending WhatsApp status messages be allowed?
# This can cause issues if the user has lots of contacts, so it's disabled by default.
disable_status_broadcast_send: true
# Should the status broadcast room be muted and moved into low priority by default?
# This is only applied when creating the room, the user can unmute it later.
mute_status_broadcast: true
# Tag to apply to the status broadcast room.
status_broadcast_tag: m.lowpriority
# Should the bridge use thumbnails from WhatsApp?
# They're disabled by default due to very low resolution.
whatsapp_thumbnail: false
# Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups)
allow_user_invite: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge stop if the WhatsApp server says another user connected with the same session?
# This is only safe on single-user bridges.
crash_on_stream_replaced: false
# Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
# and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
# key in the event content even if this is disabled.
url_previews: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Send galleries as a single event? This is not an MSC (yet).
beeper_galleries: false
# Should polls be sent using MSC3381 event types?
extev_polls: false
# Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
cross_room_replies: false
# Disable generating reply fallbacks? Some extremely bad clients still rely on them,
# but they're being phased out and will be completely removed in the future.
disable_reply_fallbacks: false
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: null
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 120s
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a WhatsApp bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# Should users mentions be in the event wire content to enable the server to send push notifications?
plaintext_mentions: false
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: kY8Ez6M80YBpvGtMz5R1Mb1c7deb8d9zxmlvqwTv0HGCKPVqcrTmHu90Wi04828z
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": relay
"example.com": user
"@admin:example.com": admin
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# Should only admins be allowed to set themselves as relay users?
admin_only: true
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
m.notice: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
m.emote: "* <b>{{ .Sender.Displayname }}</b> {{ .Message }}"
m.file: "<b>{{ .Sender.Displayname }}</b> sent a file"
m.image: "<b>{{ .Sender.Displayname }}</b> sent an image"
m.audio: "<b>{{ .Sender.Displayname }}</b> sent an audio file"
m.video: "<b>{{ .Sender.Displayname }}</b> sent a video"
m.location: "<b>{{ .Sender.Displayname }}</b> sent a location"
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: debug
writers:
- type: stdout
format: pretty-colored

2
roles/docker-matrix/vars/main.yml
View File

@ -1,2 +1,2 @@
---
docker_compose_instance_directory: "{{path_docker_compose_instances}}matrix/"
local_repository_directory: "{{role_path}}/matrix-docker-ansible-deploy"

8
servers.yml
View File

@ -205,10 +205,12 @@
roles:
- role: docker-matrix
vars:
synapse_domain: "{{domain_matrix_synapse}}"
synapse_http_port: 8021
domains:
- "{{domain_matrix_element}}"
- "{{domain_matrix_synapse}}"
element_domain: "{{domain_matrix_element}}"
element_http_port: 8022
synapse_domain: "{{domain_matrix_synapse}}"
http_port: 8021
- name: setup akaunting hosts
hosts: akaunting