From 735eec92cc3e428424f61d567090a2cebe64ac4f Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sun, 13 Feb 2022 17:23:57 +0100 Subject: [PATCH 01/35] update hookshot registration.yml based on comments in chat: https://matrix.to/#/!TlZdPIYrhwNvXlBiEk:half-shot.uk/$RbG6itEHVV8J_u5ry1HiFdC76n19M3vmopfQOyRmkKU?via=half-shot.uk&via=matrix.org&via=envs.net --- .../templates/registration.yml.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 index ced3bd77..d076ea10 100644 --- a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -5,8 +5,22 @@ hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this namespaces: rooms: [] users: +{% if matrix_hookshot_github_enabled %} - regex: "@_github_.*:{{ matrix_domain }}" exclusive: true +{% endif %} +{% if matrix_hookshot_gitlab_enabled %} + - regex: "@_gitlab_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain + exclusive: true +{% endif %} +{% if matrix_hookshot_jira_enabled %} + - regex: "@_jira_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain + exclusive: true +{% endif %} +{% if matrix_hookshot_generic_enabled %} + - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf + exclusive: true +{% endif %} aliases: - regex: "#github_.+:{{ matrix_domain }}" exclusive: true From d556952bb67d2aecccbf018be7d0f6182210da8a Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 16 Feb 2022 19:51:00 +0100 Subject: [PATCH 02/35] update hookshot to respect protocol and custom ports --- group_vars/matrix_servers | 4 ++++ roles/matrix-bridge-hookshot/defaults/main.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 596fba13..02e89176 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -695,6 +695,10 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" +matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" +matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled }}{{ matrix_hookshot_generic_endpoint }}" + ###################################################################### # # /matrix-bridge-hookshot diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 2db8ba77..f83865e8 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -92,6 +92,7 @@ matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksho matrix_hookshot_generic_enabled: true # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +# urlprefix gets updated with protocol & port in group_vars/matrix_servers matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap From ffa57055f471b9dfd6e5b9a855a9123f340ec977 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 24 Feb 2022 20:50:06 +0200 Subject: [PATCH 03/35] updated honoroit 0.9.4 -> 0.9.5 --- roles/matrix-bot-honoroit/defaults/main.yml | 5 ++++- roles/matrix-bot-honoroit/templates/env.j2 | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 2c50a1f7..8495c6e1 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.4 +matrix_bot_honoroit_version: v0.9.5 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: '' # Log level matrix_bot_honoroit_loglevel: '' +# Max items in cache +matrix_bot_honoroit_cachesize: '' + # Text prefix: open matrix_bot_honoroit_text_prefix_open: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index fdd9b13d..37719d03 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -7,6 +7,7 @@ HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }} HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }} HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} +HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} From 3719abe0e69dafe6d7084f98273d9074bf33f03f Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Sat, 26 Feb 2022 14:56:51 +0100 Subject: [PATCH 04/35] Optimize signal bridge startup order bridge requires the daemon, so start it first --- roles/matrix-bridge-mautrix-signal/tasks/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index 21d52066..a7fe8278 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal-daemon.service', 'matrix-mautrix-signal.service'] }}" when: matrix_mautrix_signal_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. From 4f1423365e6f1221016a87ce1de156d33984b5f7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 27 Feb 2022 10:17:15 +0200 Subject: [PATCH 05/35] Update issue templates Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1657 --- .github/ISSUE_TEMPLATE/bug_report.md | 57 ++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..2a05e3ce --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,57 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + + + +**To Reproduce** +My `vars.yml` file looks like this: + +```yaml +Paste your vars.yml file here. +Make sure to remove any secret values before posting your vars.yml file publicly. +``` + + + + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Matrix Server (please complete the following information):** + - OS: [e.g. Ubuntu 21.04] + - Architecture [e.g. amd64, arm32, arm64] + +**Ansible (please complete the following information):** +If your problem appears to be with Ansible, tell us: +- where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?) +- what version of Ansible you're running (see `ansible --version`) + + + +**Client (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + + + +**Additional context** +Add any other context about the problem here. From 85a47d645d81e0f24f83c0cc39aca118f04b10c0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 27 Feb 2022 10:25:55 +0200 Subject: [PATCH 06/35] Add Feature request issue template --- .github/ISSUE_TEMPLATE/feature_request.md | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..3fb2ffe2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,28 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + + + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From 238838c31b47b51946235d9b7be4e1ad9997c7c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 27 Feb 2022 10:33:42 +0200 Subject: [PATCH 07/35] Add an "I need help" custom issue template Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1657 --- .github/ISSUE_TEMPLATE/bug_report.md | 6 ++-- .github/ISSUE_TEMPLATE/i-need-help.md | 49 +++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/i-need-help.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 2a05e3ce..9dffaee8 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -28,11 +28,11 @@ Make sure to remove any secret values before posting your vars.yml file publicly **Expected behavior** A clear and concise description of what you expected to happen. -**Matrix Server (please complete the following information):** +**Matrix Server:** - OS: [e.g. Ubuntu 21.04] - Architecture [e.g. amd64, arm32, arm64] -**Ansible (please complete the following information):** +**Ansible:** If your problem appears to be with Ansible, tell us: - where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?) - what version of Ansible you're running (see `ansible --version`) @@ -42,7 +42,7 @@ The above is only applicable if you're hitting a problem with Ansible itself. We don't need this information in most cases. Delete this section if not applicable. --> -**Client (please complete the following information):** +**Client:** - Device: [e.g. iPhone6] - OS: [e.g. iOS8.1] - Browser [e.g. stock browser, safari] diff --git a/.github/ISSUE_TEMPLATE/i-need-help.md b/.github/ISSUE_TEMPLATE/i-need-help.md new file mode 100644 index 00000000..6e862463 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/i-need-help.md @@ -0,0 +1,49 @@ +--- +name: I need help +about: Get support from our community +title: '' +labels: '' +assignees: '' + +--- + + + +**Playbook Configuration**: + +My `vars.yml` file looks like this: + +```yaml +Paste your vars.yml file here. +Make sure to remove any secret values before posting your vars.yml file publicly. +``` + +**Matrix Server:** + - OS: [e.g. Ubuntu 21.04] + - Architecture [e.g. amd64, arm32, arm64] + +**Ansible:** +If your problem appears to be with Ansible, tell us: +- where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?) +- what version of Ansible you're running (see `ansible --version`) + +**Problem description**: + +Describe what you're doing, what you expect to happen and what happens instead here. +Tell us what you've tried and what you're aiming to achieve. + +**Client (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + + + +**Additional context** +Add any other context about the problem here. From 28f6091ed41232461e2b4992607fb673ecef019c Mon Sep 17 00:00:00 2001 From: GoMatrixHosting Date: Sun, 27 Feb 2022 17:40:20 +0800 Subject: [PATCH 08/35] GoMatrixHosting v0.7.0 --- README.md | 2 - docs/configuring-awx-system.md | 1 + .../surveys/configure_mjolnir.json.j2 | 29 ++++++++ roles/matrix-awx/tasks/main.yml | 9 +++ .../tasks/set_variables_dimension.yml | 4 +- .../matrix-awx/tasks/set_variables_ma1sd.yml | 10 +-- .../tasks/set_variables_mjolnir.yml | 68 +++++++++++++++++++ .../tasks/init.yml | 2 +- .../matrix-postgres/tasks/setup_postgres.yml | 7 ++ .../matrix-postgres-cli-non-interactive.j2 | 12 ++++ 10 files changed, 134 insertions(+), 10 deletions(-) create mode 100644 roles/matrix-awx/surveys/configure_mjolnir.json.j2 create mode 100755 roles/matrix-awx/tasks/set_variables_mjolnir.yml create mode 100644 roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 diff --git a/README.md b/README.md index 6ae3ca0b..e1e901d0 100644 --- a/README.md +++ b/README.md @@ -152,5 +152,3 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w ## Services by the community - [etke.cc](https://etke.cc) - matrix-docker-ansible-deploy and system stuff "as a service". That service will create your matrix homeserver on your domain and server (doesn't matter if it's cloud provider or on an old laptop in the corner of your room), (optional) maintains it (server's system updates, cleanup, security adjustments, tuning, etc.; matrix homeserver updates & maintenance) and (optional) provide full-featured email service for your domain - -- [GoMatrixHosting](https://gomatrixhosting.com) - matrix-docker-ansible-deploy "as a service" with [Ansible AWX](https://github.com/ansible/awx). Members can be assigned a server from DigitalOcean, or they can connect their on-premises server. This AWX system can manage the updates, configuration, import and export, backups, and monitoring on its own. For more information [see our GitLab group](https://gitlab.com/GoMatrixHosting) or come [visit us on Matrix](https://matrix.to/#/#general:gomatrixhosting.com). diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index c33664c2..3819a0d3 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -10,6 +10,7 @@ The AWX system is arranged into 'members' each with their own 'subscriptions'. A This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). +Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.** ## Other Required Playbooks diff --git a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 new file mode 100644 index 00000000..5e1d78f4 --- /dev/null +++ b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 @@ -0,0 +1,29 @@ +{ + "name": "Configure Mjolnir", + "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.", + "spec": [ + { + "question_name": "Enable Mjolnir", + "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.", + "required": true, + "min": null, + "max": null, + "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_bot_mjolnir_enabled", + "type": "multiplechoice" + }, + { + "question_name": "Mjolnir Management Room", + "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'", + "required": true, + "min": null, + "max": null, + "default": "{{ matrix_bot_mjolnir_management_room }}", + "new_question": true, + "variable": "matrix_bot_mjolnir_management_room", + "type": "text" + } + ] +} \ No newline at end of file diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index b5e951c6..93128713 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -170,6 +170,15 @@ tags: - setup-ma1sd +# Additional playbook to set the variable file during Mjolnir Bot configuration +- include_tasks: + file: "set_variables_mjolnir.yml" + apply: + tags: setup-bot-mjolnir + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - setup-bot-mjolnir + # Additional playbook to set the variable file during Corporal configuration - include_tasks: file: "set_variables_corporal.yml" diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index d692e081..8d8f9c44 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -14,7 +14,7 @@ - name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX @@ -26,7 +26,7 @@ insertafter: '# Dimension Settings Start' with_dict: 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' - 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"' + 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"' - name: Set final users list if users are defined set_fact: diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index fba7225a..d46d797f 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -38,22 +38,22 @@ replace: path: '{{ awx_cached_matrix_vars }}' regexp: '^.*\n' - after: '# Start ma1sd Extension' - before: '# End ma1sd Extension' + after: '# ma1sd Extension Start' + before: '# ma1sd Extension End' - name: Replace conjoined ma1sd configuration extension limiters delegate_to: 127.0.0.1 replace: path: '{{ awx_cached_matrix_vars }}' - regexp: '^# Start ma1sd Extension# End ma1sd Extension' - replace: '# Start ma1sd Extension\n# End ma1sd Extension' + regexp: '^# ma1sd Extension Start# ma1sd Extension End' + replace: '# ma1sd Extension Start\n# ma1sd Extension End' - name: Insert/Update ma1sd configuration extension variables delegate_to: 127.0.0.1 blockinfile: path: '{{ awx_cached_matrix_vars }}' marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" - insertafter: '# Start ma1sd Extension' + insertafter: '# ma1sd Extension Start' block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}' - name: Record ma1sd Custom variables locally on AWX diff --git a/roles/matrix-awx/tasks/set_variables_mjolnir.yml b/roles/matrix-awx/tasks/set_variables_mjolnir.yml new file mode 100755 index 00000000..6e3bb153 --- /dev/null +++ b/roles/matrix-awx/tasks/set_variables_mjolnir.yml @@ -0,0 +1,68 @@ +--- + +- name: Include vars in matrix_vars.yml + include_vars: + file: '{{ awx_cached_matrix_vars }}' + no_log: true + +- name: Collect the internal IP of the matrix-synapse container + shell: | + /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse + register: matrix_synapse_ip + +- name: Collect access token of @admin-mjolnir user + shell: | + curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token' + register: awx_mjolnir_user_access_token + no_log: true + +- name: Record Mjolnir Bot variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Mjolnir Settings Start' + with_dict: + 'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}' + 'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}' + 'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"' + no_log: true + +- name: Remove Synapse rate-limiting for admin-mjolnir user + shell: | + /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);" + ignore_errors: true + +- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' + +- name: Copy new 'Configure Mjolnir' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' + dest: '/matrix/awx/configure_mjolnir.json' + mode: '0660' + +- name: Recreate 'Configure Mjolnir Bot' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot" + description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-bot-mjolnir" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}" + become_enabled: true + state: present + verbosity: 1 + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + validate_certs: true diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml index a7fe8278..21d52066 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal-daemon.service', 'matrix-mautrix-signal.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" when: matrix_mautrix_signal_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index dc170460..46186a4d 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -85,6 +85,13 @@ mode: 0755 when: matrix_postgres_enabled|bool +- name: Ensure matrix-postgres-cli-non-interactive script created + template: + src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2" + dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive" + mode: 0755 + when: matrix_postgres_enabled|bool + - name: Ensure matrix-change-user-admin-status script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 new file mode 100644 index 00000000..012bb327 --- /dev/null +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 @@ -0,0 +1,12 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +docker run \ + --rm \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ + --network {{ matrix_docker_network }} \ + {{ matrix_postgres_docker_image_to_use }} \ + psql -h {{ matrix_postgres_connection_hostname }} \ + "$@" From 73847729574443ee61ee12a95fc18d46ba9f161a Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Tue, 1 Mar 2022 02:50:17 -0500 Subject: [PATCH 09/35] Upgrade Element (1.10.4 -> 1.10.5) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 51ddf1c2..7f9441a0 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.4 +matrix_client_element_version: v1.10.5 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 42a8fb3a3c2afdf064d11f299d2e8b7e5565f5c5 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Tue, 1 Mar 2022 17:30:15 -0500 Subject: [PATCH 10/35] Upgrade Element (1.10.5 -> 1.10.6) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 7f9441a0..94b28d9e 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.5 +matrix_client_element_version: v1.10.6 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From c934480832bf7c7eb1b38bccbf53658cd00c8721 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Mar 2022 17:20:17 +0000 Subject: [PATCH 11/35] Bump actions/checkout from 2.4.0 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 6445dc03..f58fe75f 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - name: ⤵️ Check out configuration from GitHub - uses: actions/checkout@v2.4.0 + uses: actions/checkout@v3 - name: 🚀 Run yamllint uses: frenck/action-yamllint@v1.1.2 From 58771a9c65bb59bdf0d29301d59d05c1a50fea02 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 2 Mar 2022 20:58:11 +0100 Subject: [PATCH 12/35] hookshot moved to matrix-org namespace --- docs/configuring-playbook-bridge-hookshot.md | 8 ++++---- roles/matrix-bridge-hookshot/defaults/main.yml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 9a7f3f53..ed96de99 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -1,22 +1,22 @@ # Setting up Hookshot (optional) -The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. +The playbook can install and configure [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) for you. Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. -See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. +See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions -Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. +Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 2db8ba77..6ac5711b 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -1,7 +1,7 @@ --- # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. -# https://github.com/Half-Shot/matrix-hookshot +# https://github.com/matrix-org/matrix-hookshot matrix_hookshot_enabled: true @@ -34,7 +34,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # You need to create a GitHub app to enable this and fill in the empty variables below -# https://half-shot.github.io/matrix-hookshot/setup/github.html +# https://matrix-org.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' # Set this variable to the contents of the generated and downloaded GitHub private key: @@ -53,7 +53,7 @@ matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App pag # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" -# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration +# These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_show_issue_room_link: false @@ -78,7 +78,7 @@ matrix_hookshot_gitlab_secret: '' matrix_hookshot_jira_enabled: false -# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth +# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth matrix_hookshot_jira_secret: '' matrix_hookshot_jira_oauth_enabled: false matrix_hookshot_jira_oauth_id: '' @@ -117,7 +117,7 @@ matrix_hookshot_provisioning_secret: '' matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" -# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions +# You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. # Example: # matrix_hookshot_permissions: From 3d47b44d64214dc7785d130c246e4dd53d31773c Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Wed, 2 Mar 2022 21:28:52 +0100 Subject: [PATCH 13/35] avoid namespace collisions between webhook bridges --- docs/configuring-playbook-bridge-hookshot.md | 4 ++++ roles/matrix-bridge-appservice-webhooks/defaults/main.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 9a7f3f53..cc55dab0 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -45,3 +45,7 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). + +### Collision with matrix-appservice-webhooks + +If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`). diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 7a6db2d0..223b9c0b 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -24,7 +24,7 @@ matrix_appservice_webhooks_public_endpoint: /appservice-webhooks matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}" matrix_appservice_webhooks_bot_name: 'webhookbot' -matrix_appservice_webhooks_user_prefix: '_webhook' +matrix_appservice_webhooks_user_prefix: '_webhook_' # Controls the webhooks_PORT and MATRIX_PORT of the installation matrix_appservice_webhooks_matrix_port: 6789 From 09d45b854ba44bf0e1e30a524c475b58f034f027 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 2 Mar 2022 20:39:23 +0000 Subject: [PATCH 14/35] Upgrade Mjolnir (1.3.1 -> 1.3.2) --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 9f45432c..cfb0d06d 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.1" +matrix_bot_mjolnir_version: "v1.3.2" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 4ec24ec34439e85a79379eedd5ccaf487391be9d Mon Sep 17 00:00:00 2001 From: Alejo Diaz <49624607+xlejo@users.noreply.github.com> Date: Thu, 3 Mar 2022 13:15:39 -0300 Subject: [PATCH 15/35] Add support for obtain ECDSA keys (#1667) * Add support for obtain ECDSA keys * Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type --- docs/configuring-playbook-ssl-certificates.md | 9 +++++++++ roles/matrix-nginx-proxy/defaults/main.yml | 4 ++++ roles/matrix-nginx-proxy/tasks/ssl/main.yml | 5 +++++ .../ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml | 2 ++ .../matrix-ssl-lets-encrypt-certificates-renew.j2 | 3 ++- 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 07e49c5a..eae584e7 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -100,3 +100,12 @@ For automated certificate renewal to work, each port `80` vhost for each domain See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf` Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers. + + +## Specify the SSL private key algorithm + +If you'd like to [specify the private key type](https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys) used with Let's Encrypt, define your own custom configuration like this: + +```yaml +matrix_ssl_lets_encrypt_key_type: ecdsa +``` diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 32702ec9..4b1810ea 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -489,6 +489,10 @@ matrix_ssl_lets_encrypt_support_email: ~ # If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`) matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80' +# Specify key type of the private key algorithm. +# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys +matrix_ssl_lets_encrypt_key_type: rsa + matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml index 6c060818..6b843c7b 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -5,6 +5,11 @@ msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value" when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" +- name: Fail if using unsupported private key type + fail: + msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value" + when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']" + # Common tasks, required by almost any method below. diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e4dd53c2..12a21257 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -45,6 +45,7 @@ --http-01-port 8080 {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} --standalone --preferred-challenges http --agree-tos @@ -74,6 +75,7 @@ --http-01-port 8080 {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} --standalone --preferred-challenges http --agree-tos diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 index bc45e85e..89113629 100644 --- a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 +++ b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 @@ -22,8 +22,9 @@ docker run \ --work-dir=/tmp \ --http-01-port 8080 \ {% if matrix_ssl_lets_encrypt_staging %} - --staging \ + --staging \ {% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} \ --standalone \ --preferred-challenges http \ --agree-tos \ From 648001875e0b4da1855d80a14e59f36683c11df8 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Thu, 3 Mar 2022 20:49:57 +0100 Subject: [PATCH 16/35] Fix for old jinja versions Co-authored-by: Procuria <37988494+Procuria@users.noreply.github.com> --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 02e89176..97b7cf70 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -697,7 +697,7 @@ matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_s matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" ###################################################################### # From 211f05abbea850b62eb25fe7c87a09875b8e403d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20Sch=C3=BCmann?= Date: Thu, 3 Mar 2022 22:21:21 +0100 Subject: [PATCH 17/35] add $is_args$args to proxy url params in GET requests --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index a2229c36..041bb764 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -68,10 +68,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; - proxy_pass http://$backend/$1; + proxy_pass http://$backend/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; {% endif %} proxy_set_header Host $host; } From f62279581d6a1ad006907011353f4dee6ac16678 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Fri, 4 Mar 2022 16:54:17 +0100 Subject: [PATCH 18/35] Upgrade Hookshot (1.1.0 -> 1.2.0) all features were actually already silently supported :tada: upstream changelog: https://github.com/matrix-org/matrix-hookshot/releases/tag/1.2.0 --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index d7a443cd..e6be626e 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.1.0 +matrix_hookshot_version: 1.2.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From 584e50d117a0075ebabf46e6915a13dc9fbcdccd Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 4 Mar 2022 14:40:05 -0300 Subject: [PATCH 19/35] fix hookshot provisioning url in nginx Hello, this PR should fix Hookshot container not receiving API calls with the right path because nginx proxy was stripping the /v1 from it. --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 041bb764..8bd2d5a0 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/$1; + proxy_pass http://$backend/v1/$1; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1; {% endif %} proxy_set_header Host $host; } From 833ac506fe904f21e2350c72560220a3fea19e26 Mon Sep 17 00:00:00 2001 From: Luis Date: Fri, 4 Mar 2022 15:08:16 -0300 Subject: [PATCH 20/35] pass GET parameters too This fixes parameters not being passed to the provisioning api --- roles/matrix-bridge-hookshot/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 8bd2d5a0..25204f04 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/v1/$1; + proxy_pass http://$backend/v1/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args; {% endif %} proxy_set_header Host $host; } From ba68d2ad36100a62330d54aacbd03ad7f0b5c864 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:49:32 +0100 Subject: [PATCH 21/35] Remove deprecated community options "Community" support - has been removed from mautrix/facebook in v0.3.3: https://github.com/mautrix/facebook/commit/31cac6fb5e75667d272bf0daae094578add09a1f - has been removed from mautrix/signal in v0.2.2: https://github.com/mautrix/signal/commit/1f27a608a661118e17e2ef89412fd7ee2735b15c - will be removed in the next mautrix/instagram release: https://github.com/mautrix/instagram/commit/e2ae1ca503e7ab05e1f9dd703c26e4a5a2d4e517 - will be removed in the next mautrix/twitter release: https://github.com/mautrix/twitter/commit/3893075265fc78021be773acc58203619ffaa067 --- ...guring-playbook-bridge-mautrix-facebook.md | 25 ------------------- .../templates/config.yaml.j2 | 6 ----- .../templates/config.yaml.j2 | 6 ----- .../templates/config.yaml.j2 | 6 ----- .../templates/config.yaml.j2 | 6 ----- 5 files changed, 49 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 282865e7..1845682f 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -70,31 +70,6 @@ If you run into trouble, check the [Troubleshooting](#troubleshooting) section b After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. -## Set up community-grouping - -This is an **optional feature** that you may wish to enable. - -The Facebook bridge can create a Matrix community for you, which would contain all your chats and contacts. - -For this to work, the bridge's bot needs to have permissions to create communities (also referred to as groups). -Since the bot is a non-admin user, you need to enable such group-creation for non-privileged users in [Synapse's settings](configuring-playbook-synapse.md). - -Here's an example configuration: - -```yaml -matrix_synapse_configuration_extension_yaml: | - enable_group_creation: true - group_creation_prefix: "unofficial/" - -matrix_mautrix_facebook_configuration_extension_yaml: | - bridge: - community_template: "unofficial/facebook_{localpart}={server}" -``` - -Once the bridge is restarted, it would create a community and invite you to it. You need to accept the community invitation manually. -If you don't see all your contacts, you may wish to send a `sync` message to the bot. - - ## Troubleshooting ### Facebook rejecting login attempts and forcing you to change password diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 628db713..0b178e43 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -66,12 +66,6 @@ bridge: # Localpart template of MXIDs for Facebook users. # {userid} is replaced with the user ID of the Facebook user. username_template: "facebook_{userid}" - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # - # `facebook_{localpart}={server}` is a good value. - community_template: null # Displayname template for Facebook users. # {displayname} is replaced with the display name of the Facebook user # as defined below in displayname_preference. diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index ac14754c..8df2020f 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -46,12 +46,6 @@ appservice: bot_displayname: Instagram bridge bot bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+instagram:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0498d6ea..493aa5b1 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -56,12 +56,6 @@ appservice: bot_displayname: Signal bridge bot bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+signal:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 9bfa3123..12e45f18 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -54,12 +54,6 @@ appservice: bot_displayname: Twitter bridge bot bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+twitter:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. From a5e95c42b2907d577fc21a304321e227804d8b74 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Sun, 6 Mar 2022 01:46:09 +0000 Subject: [PATCH 22/35] feat(appservice-discord): add disablePortalBridging bridge option This allows disabling the automatic portal bridging, meaning bridges must be manually setup via self-servicing, by setting: matrix_appservice_discord_bridge_enableSelfServiceBridging: true --- roles/matrix-bridge-appservice-discord/defaults/main.yml | 1 + roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index daa83dea..b2ef2cdf 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -42,6 +42,7 @@ matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}" matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" matrix_appservice_discord_bridge_disablePresence: false matrix_appservice_discord_bridge_enableSelfServiceBridging: false +matrix_appservice_discord_bridge_disablePortalBridging: false # Database-related configuration fields. # diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 index 6286a5d4..569a3030 100644 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -28,6 +28,8 @@ bridge: disableJoinLeaveNotifications: false # Disable Invite echos from matrix disableInviteNotifications: false + # Disable portal briding (automatic room creation) + disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} # Auto-determine the language of code blocks (this can be CPU-intensive) determineCodeLanguage: false # Authentication configuration for the discord bot. From 620e3b1b0d7229e856b96a4e3aa052f02e90b91e Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Sun, 6 Mar 2022 01:48:28 +0000 Subject: [PATCH 23/35] docs(appservice-discord): improve and expand bridging method docs --- ...ring-playbook-bridge-appservice-discord.md | 52 ++++++++++++++----- 1 file changed, 38 insertions(+), 14 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 82a2edc2..e25686bf 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -23,18 +23,51 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" ``` 5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -6. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). -7. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. -8. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. +## Self-Service Bridging (Manual) -## Getting Administrator access in a room +Self-service bridging allows you to bridge specific and existing Matrix rooms to specific Discord rooms. This is disabled by default, so it must be enabled by adding this to your `vars.yml`: + +```yaml +matrix_appservice_discord_bridge_enableSelfServiceBridging: true +``` + +_Note: If self-service bridging is not enabled, `!discord help` commands will return no results._ + +Once self-service is enabled: + +1. Start a chat with `@_discord_bot:` and say `!discord help bridge`. +2. Follow the instructions in the help output message. If the bot is not already in the Discord server, follow the provided invite link. This may require you to be a administrator of the Discord server. + +_Note: Encrypted Matrix rooms are not supported as of writing._ + +On the Discord side, you can say `!matrix help` to get a list of available commands to manage the bridge and Matrix users. + +## Portal Bridging (Automatic) + +Through portal bridging, Matrix rooms will automatically be created by the bot and bridged to the relevant Discord room. This is done by simply joining a room with a specific name pattern (`#_discord__`). + +All Matrix rooms created this way are **listed publicly** by default, and you will not have admin permissions to change this. To get more control, [make yourself a room Administrator](#getting-administrator-access-in-a-portal-bridged-room). You can then unlist the room from the directory and change the join rules. + +If you want to disable portal bridging, set the following in `vars.yml`: + +```yaml +matrix_appservice_discord_bridge_disablePortalBridging: true +``` + +To get started with Portal Bridging: + +1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). +2. Room addresses follow this syntax: `#_discord__`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels//`. +3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. + +## Getting Administrator access in a portal bridged room By default, you won't have Administrator access in rooms created by the bridge. -To [adjust room access privileges](#adjusting-room-access-privileges) or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator. +To adjust room access privileges or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator. There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server: @@ -42,12 +75,3 @@ There's the Discord bridge's guide for [setting privileges on bridge managed roo docker exec -it matrix-appservice-discord \ /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100' ``` - - -## Adjusting room access privileges - -All rooms created by the bridge are **listed publicly** in your server's directory and **joinable by everyone** by default. - -To get more control of them, [make yourself a room Administrator](#getting-administrator-access-in-a-room) first. - -You can then unlist the room from the directory and change the join rules. From 2c861c90bcc5dd4b8527ff48052d823b02ca4cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:07:43 +0100 Subject: [PATCH 24/35] bridge-mautrix-facebook: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index f781ba91..1b53a416 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -33,6 +33,9 @@ matrix_mautrix_facebook_systemd_wanted_services_list: [] matrix_mautrix_facebook_appservice_token: '' matrix_mautrix_facebook_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_facebook_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 0b178e43..f04b0cff 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -141,6 +141,9 @@ bridge: delivery_receipts: false # Whether to allow inviting arbitrary mxids to portal rooms allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_facebook_federate_rooms|to_json }} # Settings for backfilling messages from Facebook. backfill: # Whether or not the Facebook users of logged in Matrix users should be From d6df1e7135d0a43c850157767d6f9ff350e03fac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:08:37 +0100 Subject: [PATCH 25/35] bridge-mautrix-googlechat: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 1b89bea6..168d08f7 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -41,6 +41,9 @@ matrix_mautrix_googlechat_systemd_wanted_services_list: [] matrix_mautrix_googlechat_appservice_token: '' matrix_mautrix_googlechat_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_googlechat_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index c54ffac2..e2af8830 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -93,6 +93,9 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_googlechat_federate_rooms|to_json }} # Public website and API configs web: # Auth server config From 5c083b638502ca2a8a765be00d13634aaf0f2377 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:09:01 +0100 Subject: [PATCH 26/35] bridge-mautrix-instagram: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 9fc42cea..c4d90e6b 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -34,6 +34,9 @@ matrix_mautrix_instagram_systemd_wanted_services_list: [] matrix_mautrix_instagram_appservice_token: '' matrix_mautrix_instagram_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_instagram_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 8df2020f..cb74d5c1 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -110,7 +110,7 @@ bridge: update_avatar_initial_sync: true # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_instagram_federate_rooms|to_json }} # Settings for backfilling messages from Instagram. backfill: # Whether or not the Instagram users of logged in Matrix users should be From d1d68417ffb29cbeba27635c09ed34622892e938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:09:21 +0100 Subject: [PATCH 27/35] bridge-mautrix-signal: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 0f91d6cc..4e95f1f9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -56,6 +56,10 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_signal_federate_rooms: true + # Database-related configuration fields # # This bridge only supports postgres. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 493aa5b1..2f427b90 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -147,7 +147,7 @@ bridge: {{ matrix_mautrix_signal_homeserver_domain }}: {{ matrix_mautrix_signal_login_shared_secret|to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_signal_federate_rooms|to_json }} # End-to-bridge encryption support options. You must install the e2be optional dependency for # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption encryption: From 5789b3bbabc5a600f3bbf6cdae50a21517fc8bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:09:36 +0100 Subject: [PATCH 28/35] bridge-mautrix-telegram: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index d1397b21..a88c0bac 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -40,6 +40,10 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_telegram_federate_rooms: true + # Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 94694351..10e6e32e 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -160,7 +160,7 @@ bridge: parallel_file_transfer: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_telegram_federate_rooms|to_json }} # Settings for converting animated stickers. animated_sticker: # Format to which animated stickers should be converted. From 3c6c8db5d50961e185f40ddba1a7debe5960227e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:10:00 +0100 Subject: [PATCH 29/35] bridge-mautrix-twitter: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index f8fd29c8..c7130f3f 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -34,6 +34,9 @@ matrix_mautrix_twitter_systemd_wanted_services_list: [] matrix_mautrix_twitter_appservice_token: '' matrix_mautrix_twitter_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_twitter_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 12e45f18..f0ae69b2 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -105,7 +105,7 @@ bridge: login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_twitter_federate_rooms|to_json }} # Settings for backfilling messages from Twitter. # # Missed message backfilling is currently based on receiving them from the Twitter polling API, From 338b4cebd2a5f92ebbb6caa1dc3dc84b4738f4ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Sat, 5 Mar 2022 21:10:24 +0100 Subject: [PATCH 30/35] bridge-mautrix-whatsapp: add option for creating non-federated rooms --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 54097ad8..68634746 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -37,6 +37,10 @@ matrix_mautrix_whatsapp_homeserver_token: '' matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_whatsapp_federate_rooms: true + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 394f16a6..0e3b855c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -136,7 +136,7 @@ bridge: allow_user_invite: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. command_prefix: "!wa" From 8c25ade9fb6d3badfdfd673acbd39e67cfef0fa9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Mar 2022 08:10:40 +0200 Subject: [PATCH 31/35] Rework matrix_mautrix_twitter_database_* variables a bit Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682 Previously, when matrix-postgres was disabled, we were setting `matrix_mautrix_twitter_database_engine` to an invalid empty value. Now, we always hardcode `matrix_mautrix_twitter_database_engine: postgres`, but set/unset the database hostname and password values instead. --- group_vars/matrix_servers | 6 ++---- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 4 ++-- .../tasks/validate_config.yml | 10 ++-------- 3 files changed, 6 insertions(+), 14 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 97b7cf70..4301ae7e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -558,10 +558,8 @@ matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_ke matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain -# and point them to a migration path. -matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}" +matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index f8fd29c8..4ab1303d 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -42,8 +42,8 @@ matrix_mautrix_twitter_homeserver_token: '' matrix_mautrix_twitter_database_engine: 'postgres' matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter' -matrix_mautrix_twitter_database_password: 'some-password' -matrix_mautrix_twitter_database_hostname: 'matrix-postgres' +matrix_mautrix_twitter_database_password: '' +matrix_mautrix_twitter_database_hostname: '' matrix_mautrix_twitter_database_port: 5432 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter' diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml index 114fd2cf..5b6e3d02 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml @@ -8,11 +8,5 @@ with_items: - "matrix_mautrix_twitter_appservice_token" - "matrix_mautrix_twitter_homeserver_token" - -- name: Fail if database is not defined - fail: - msg: >- - You need to define a need to set `matrix_mautrix_twitter_database_engine: postgres` and redefine the other `matrix_mautrix_twitter_database_*` variables - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_twitter_database_engine" + - "matrix_mautrix_twitter_database_hostname" + - "matrix_mautrix_twitter_database_password" From d5de1e8352fb90f15cc7264cd5a08b3324ba6d5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Mar 2022 09:28:48 +0200 Subject: [PATCH 32/35] Document that using an external Postgres server has serious downsides Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682 - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1679 --- docs/configuring-playbook-external-postgres.md | 8 +++++++- roles/matrix-postgres/defaults/main.yml | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index 0becc8ff..eef3cbac 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -5,7 +5,9 @@ If that's alright, you can skip this. If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file (`inventory/host_vars/matrix./vars.yml`). -It should be something like this: +**NOTE**: using **an external Postgres server is currently [not very seamless](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682#issuecomment-1061461683) when it comes to enabling various other playbook services** - you will need to create a new database/credentials for each service and to point each service to its corresponding database using custom `vars.yml` configuration. **For the best experience with the playbook, stick to using the integrated Postgres server**. + +If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: ```yaml matrix_postgres_enabled: false @@ -15,6 +17,10 @@ matrix_synapse_database_host: "your-postgres-server-hostname" matrix_synapse_database_user: "your-postgres-server-username" matrix_synapse_database_password: "your-postgres-server-password" matrix_synapse_database_database: "your-postgres-server-database-name" + +# Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server. +# Each service expects to have its own dedicated database on the Postgres server +# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity. ``` The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 76529a82..8593bb83 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,5 +1,8 @@ --- +# Controls if the Postgres server managed by the playbook is enabled. +# You can turn it off and use an external Postgres server by setting this to `false`. +# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more. matrix_postgres_enabled: true matrix_postgres_connection_hostname: "matrix-postgres" From 9c43c0e806118d6a3b27e16d7b94c0830eb2a750 Mon Sep 17 00:00:00 2001 From: tctovsli Date: Tue, 8 Mar 2022 09:11:04 +0100 Subject: [PATCH 33/35] Riot is now named Element --- docs/configuring-playbook-bridge-appservice-slack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md index 7d45d34d..fc2bf166 100644 --- a/docs/configuring-playbook-bridge-appservice-slack.md +++ b/docs/configuring-playbook-bridge-appservice-slack.md @@ -11,7 +11,7 @@ See the project's [documentation](https://github.com/matrix-org/matrix-appservic loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup) 1. Create a new Matrix room to act as the administration control room. Note its internal room ID. This can -be done in Riot by making a message, opening the options for that message and choosing "view source". The +be done in Element by making a message, opening the options for that message and choosing "view source". The room ID will be displayed near the top. 2. Enable the bridge with the following configuration in your `vars.yml` file: From fabbc91cfa9f7999b50233fb8cdfec80511fe9d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Tue, 8 Mar 2022 13:04:55 +0100 Subject: [PATCH 34/35] client-cinny: update to v1.8.0 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 1cb9b26f..392b7502 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.7.0 +matrix_client_cinny_version: v1.8.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From a05bcc98b08cc79e838f94f6b8acdf93e777a84e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Mar 2022 16:56:42 +0200 Subject: [PATCH 35/35] Upgrade Synapse (1.53.0 -> 1.54.0) --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 3e3ee121..c7be1b43 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.53.0 +matrix_synapse_version: v1.54.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -69,7 +69,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-synapse.service wants matrix_synapse_systemd_wanted_services_list: [] -matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages" +matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages" # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste