Merge pull request #204 from spantaleev/irc-bridge-refactoring

Make IRC bridge configuration entirely managed by the playbook
This commit is contained in:
Slavi Pantaleev 2019-06-20 17:00:16 +03:00 committed by GitHub
commit e585f314b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 615 additions and 510 deletions

View File

@ -1,10 +1,30 @@
# 2019-06-20
## (BC Break) IRC bridge configuration is now entirely managed by the playbook
Until now, configuration files for the [IRC bridge](docs/configuring-playbook-bridge-appservice-irc.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/appservice-irc/config.yaml` or `/matrix/appservice-irc/registration.yaml` configuration files, those would be lost the next time you run the playbook.
The bridge now stores configuration in a subdirectory (`/matrix/appservice-irc/config`), so your old configuration remains in the base directory (`/matrix/appservice-irc`).
Previously, we asked people to configure bridged IRC servers by extending the bridge configuration (`matrix_appservice_irc_configuration_extension_yaml`). While this is still possible and will continue working forever, **we now recommend defining IRC servers in the easier to use `matrix_appservice_irc_ircService_servers` variable**. See [our IRC bridge documentation page](docs/configuring-playbook-bridge-appservice-irc.md) for an example.
If you decide to continue using `matrix_appservice_irc_configuration_extension_yaml`, you might be interested to know that `ircService.databaseUri` and a few other keys now have default values in the base configuration (`matrix_appservice_irc_configuration_yaml`). You may wish to stop redefining those keys, unless you really intend to override them. You most likely only need to override `ircService.servers`.
Bridge data (`passkey.pem` and database files) is now also stored in a subdirectory (`/matrix/appservice-irc/data`).
When you run the playbook with an existing `/matrix/appservice-irc/passkey.pem` file, the playbook will stop the bridge and relocate the passkey and database files (`rooms.db` and `users.db`) to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`).
# 2019-06-15 # 2019-06-15
## (BC Break) Telegram bridge configuration is now entirely managed by the playbook ## (BC Break) Telegram bridge configuration is now entirely managed by the playbook
Until now, configuration files for the [Telegram bridge](docs/configuring-playbook-bridge-mautrix-telegram.md) were created by the playbook initially, but never modified later on. Until now, configuration files for the [Telegram bridge](docs/configuring-playbook-bridge-mautrix-telegram.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep those configuration in sync for you. From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/mautrix-telegram/config.yaml` or `/matrix/mautrix-telegram/registration.yaml` configuration files, those would be lost the next time you run the playbook. This means that if you were making manual changes to the `/matrix/mautrix-telegram/config.yaml` or `/matrix/mautrix-telegram/registration.yaml` configuration files, those would be lost the next time you run the playbook.
@ -44,7 +64,7 @@ Besides this optional/non-urgent DNS change, assuming you're already on Synapse
Until now, configuration files for the [Facebook bridge](docs/configuring-playbook-bridge-mautrix-facebook.md) were created by the playbook initially, but never modified later on. Until now, configuration files for the [Facebook bridge](docs/configuring-playbook-bridge-mautrix-facebook.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep those configuration in sync for you. From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/mautrix-facebook/config.yaml` or `/matrix/mautrix-facebook/registration.yaml` configuration files, those would be lost the next time you run the playbook. This means that if you were making manual changes to the `/matrix/mautrix-facebook/config.yaml` or `/matrix/mautrix-facebook/registration.yaml` configuration files, those would be lost the next time you run the playbook.

View File

@ -8,69 +8,52 @@ You'll need to use the following playbook configuration:
```yaml ```yaml
matrix_appservice_irc_enabled: true matrix_appservice_irc_enabled: true
matrix_appservice_irc_configuration_extension_yaml: |
# Your custom YAML configuration for Appservice IRC servers goes here. matrix_appservice_irc_ircService_servers:
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`). irc.example.com:
# name: "ExampleNet"
# You can override individual variables from the default configuration, or introduce new ones. port: 6697
# ssl: true
# If you need something more special, you can take full control by sasl: false
# completely redefining `matrix_appservice_irc_configuration_yaml`. allowExpiredCerts: false
# sendConnectionMessages: true
# For a full example configuration with comments, see `roles/matrix-synapse/defaults/main.yml` botConfig:
# enabled: true
# A simple example configuration extension follows: nick: "MatrixBot"
# joinChannelsIfNoUsers: true
ircService: privateMessages:
databaseUri: "nedb:///data" # does not typically need modification enabled: true
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification federate: true
matrixHandler: dynamicChannels:
eventCacheSize: 4096 enabled: true
servers: createAlias: true
irc.example.com: published: true
name: "ExampleNet" joinRule: public
port: 6697 groupId: +myircnetwork:localhost
ssl: true federate: true
sasl: false aliasTemplate: "#irc_$CHANNEL"
allowExpiredCerts: false membershipLists:
sendConnectionMessages: true enabled: false
botConfig: floodDelayMs: 10000
enabled: true global:
nick: "MatrixBot" ircToMatrix:
joinChannelsIfNoUsers: true initial: false
privateMessages: incremental: false
enabled: true matrixToIrc:
federate: true initial: false
dynamicChannels: incremental: false
enabled: true matrixClients:
createAlias: true userTemplate: "@irc_$NICK"
published: true displayName: "$NICK (IRC)"
joinRule: public joinAttempts: -1
groupId: +myircnetwork:localhost ircClients:
federate: true nickTemplate: "$DISPLAY[m]"
aliasTemplate: "#irc_$CHANNEL" allowNickChanges: true
membershipLists: maxClients: 30
enabled: false idleTimeout: 10800
floodDelayMs: 10000 reconnectIntervalMs: 5000
global: concurrentReconnectLimit: 50
ircToMatrix: lineLimit: 3
initial: false
incremental: false
matrixToIrc:
initial: false
incremental: false
matrixClients:
userTemplate: "@irc_$NICK"
displayName: "$NICK (IRC)"
joinAttempts: -1
ircClients:
nickTemplate: "$DISPLAY[m]"
allowNickChanges: true
maxClients: 30
idleTimeout: 10800
reconnectIntervalMs: 5000
concurrentReconnectLimit: 50
lineLimit: 3
``` ```
You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

View File

@ -78,6 +78,10 @@ matrix_appservice_irc_systemd_required_services_list: |
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
}} }}
matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'appservice-irc-appservice-token') | to_uuid }}"
matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'appservice-irc-homeserver-token') | to_uuid }}"
###################################################################### ######################################################################
# #
# /matrix-bridge-appservice-irc # /matrix-bridge-appservice-irc

View File

@ -7,11 +7,323 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"
matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data"
matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008' matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008'
matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}' matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}'
matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}' matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}'
matrix_appservice_irc_homeserver_enablePresence: true matrix_appservice_irc_homeserver_enablePresence: true
matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'
matrix_appservice_irc_ircService_servers: []
# Example of `matrix_appservice_irc_ircService_servers` with one server (and all its options):
#
# matrix_appservice_irc_ircService_servers:
# # The address of the server to connect to.
# irc.example.com:
# # A human-readable short name. This is used to label IRC status rooms
# # where matrix users control their connections.
# # E.g. 'ExampleNet IRC Bridge status'.
# # It is also used in the Third Party Lookup API as the instance `desc`
# # property, where each server is an instance.
# name: "ExampleNet"
# additionalAddresses: [ "irc2.example.com" ]
# #
# # [DEPRECATED] Use `name`, above, instead.
# # A human-readable description string
# # description: "Example.com IRC network"
# # An ID for uniquely identifying this server amongst other servers being bridged.
# # networkId: "example"
# # URL to an icon used as the network icon whenever this network appear in
# # a network list. (Like in the riot room directory, for instance.)
# # icon: https://example.com/images/hash.png
# # The port to connect to. Optional.
# port: 6697
# # Whether to use SSL or not. Default: false.
# ssl: true
# # Whether or not IRC server is using a self-signed cert or not providing CA Chain
# sslselfsign: false
# # Should the connection attempt to identify via SASL (if a server or user password is given)
# # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
# sasl: false
# # Whether to allow expired certs when connecting to the IRC server.
# # Usually this should be off. Default: false.
# allowExpiredCerts: false
# # A specific CA to trust instead of the default CAs. Optional.
# #ca: |
# # -----BEGIN CERTIFICATE-----
# # ...
# # -----END CERTIFICATE-----
# #
# # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# # password: 'pa$$w0rd'
# #
# # Whether or not to send connection/error notices to real Matrix users. Default: true.
# sendConnectionMessages: true
# quitDebounce:
# # Whether parts due to net-splits are debounced for delayMs, to allow
# # time for the netsplit to resolve itself. A netsplit is detected as being
# # a QUIT rate higher than quitsPerSecond. Default: false.
# enabled: false
# # The maximum number of quits per second acceptable above which a netsplit is
# # considered ongoing. Default: 5.
# quitsPerSecond: 5
# # The time window in which to wait before bridging a QUIT to Matrix that occurred during
# # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
# # is not sent many requests to leave rooms all at once if a netsplit occurs and many
# # people to not rejoin.
# # If the user with the same IRC nick as the one who sent the quit rejoins a channel
# # they are considered back online and the quit is not bridged, so long as the rejoin
# # occurs before the randomly-jittered timeout is not reached.
# # Default: 3600000, = 1h
# delayMinMs: 3600000 # 1h
# # Default: 7200000, = 2h
# delayMaxMs: 7200000 # 2h
# # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
# # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
# # been given multiple modes, the one that maps to the highest power level will be used.
# modePowerMap:
# o: 50
# botConfig:
# # Enable the presence of the bot in IRC channels. The bot serves as the entity
# # which maps from IRC -> Matrix. You can disable the bot entirely which
# # means IRC -> Matrix chat will be shared by active "M-Nick" connections
# # in the room. If there are no users in the room (or if there are users
# # but their connections are not on IRC) then nothing will be bridged to
# # Matrix. If you're concerned about the bot being treated as a "logger"
# # entity, then you may want to disable the bot. If you want IRC->Matrix
# # but don't want to have TCP connections to IRC unless a Matrix user speaks
# # (because your client connection limit is low), then you may want to keep
# # the bot enabled. Default: true.
# # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
# # on, else there will be no users and no bot in a channel (meaning no
# # messages to Matrix!) until a Matrix user speaks which makes a client
# # join the target IRC channel.
# # NBB: The bridge bot IRC client will still join the target IRC network so
# # it can service bridge-specific queries from the IRC-side e.g. so
# # real IRC clients have a way to change their Matrix display name.
# # See https://github.com/matrix-org/matrix-appservice-irc/issues/55
# enabled: true
# # The nickname to give the AS bot.
# nick: "MatrixBot"
# # The password to give to NickServ or IRC Server for this nick. Optional.
# # password: "helloworld"
# #
# # Join channels even if there are no Matrix users on the other side of
# # the bridge. Set to false to prevent the bot from joining channels which have no
# # real matrix users in them, even if there is a mapping for the channel.
# # Default: true
# joinChannelsIfNoUsers: true
# # Configuration for PMs / private 1:1 communications between users.
# privateMessages:
# # Enable the ability for PMs to be sent to/from IRC/Matrix.
# # Default: true.
# enabled: true
# # Prevent Matrix users from sending PMs to the following IRC nicks.
# # Optional. Default: [].
# # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
# # Should created Matrix PM rooms be federated? If false, only users on the
# # HS attached to this AS will be able to interact with this room.
# # Optional. Default: true.
# federate: true
# # Configuration for mappings not explicitly listed in the 'mappings'
# # section.
# dynamicChannels:
# # Enable the ability for Matrix users to join *any* channel on this IRC
# # network.
# # Default: false.
# enabled: true
# # Should the AS create a room alias for the new Matrix room? The form of
# # the alias can be modified via 'aliasTemplate'. Default: true.
# createAlias: true
# # Should the AS publish the new Matrix room to the public room list so
# # anyone can see it? Default: true.
# published: true
# # What should the join_rule be for the new Matrix room? If 'public',
# # anyone can join the room. If 'invite', only users with an invite can
# # join the room. Note that if an IRC channel has +k or +i set on it,
# # join_rules will be set to 'invite' until these modes are removed.
# # Default: "public".
# joinRule: public
# # This will set the m.room.related_groups state event in newly created rooms
# # with the given groupId. This means flares will show up on IRC users in those rooms.
# # This should be set to the same thing as namespaces.users.group_id in irc_registration.
# # This does not alter existing rooms.
# # Leaving this option empty will not set the event.
# groupId: +myircnetwork:localhost
# # Should created Matrix rooms be federated? If false, only users on the
# # HS attached to this AS will be able to interact with this room.
# # Default: true.
# federate: true
# # The room alias template to apply when creating new aliases. This only
# # applies if createAlias is 'true'. The following variables are exposed:
# # $SERVER => The IRC server address (e.g. "irc.example.com")
# # $CHANNEL => The IRC channel (e.g. "#python")
# # This MUST have $CHANNEL somewhere in it.
# # Default: '#irc_$SERVER_$CHANNEL'
# aliasTemplate: "#irc_$CHANNEL"
# # A list of user IDs which the AS bot will send invites to in response
# # to a !join. Only applies if joinRule is 'invite'. Default: []
# # whitelist:
# # - "@foo:example.com"
# # - "@bar:example.com"
# #
# # Prevent the given list of channels from being mapped under any
# # circumstances.
# # exclude: ["#foo", "#bar"]
# # Configuration for controlling how Matrix and IRC membership lists are
# # synced.
# membershipLists:
# # Enable the syncing of membership lists between IRC and Matrix. This
# # can have a significant effect on performance on startup as the lists are
# # synced. This must be enabled for anything else in this section to take
# # effect. Default: false.
# enabled: false
# # Syncing membership lists at startup can result in hundreds of members to
# # process all at once. This timer drip feeds membership entries at the
# # specified rate. Default: 10000. (10s)
# floodDelayMs: 10000
# global:
# ircToMatrix:
# # Get a snapshot of all real IRC users on a channel (via NAMES) and
# # join their virtual matrix clients to the room.
# initial: false
# # Make virtual matrix clients join and leave rooms as their real IRC
# # counterparts join/part channels. Default: false.
# incremental: false
# matrixToIrc:
# # Get a snapshot of all real Matrix users in the room and join all of
# # them to the mapped IRC channel on startup. Default: false.
# initial: false
# # Make virtual IRC clients join and leave channels as their real Matrix
# # counterparts join/leave rooms. Make sure your 'maxClients' value is
# # high enough! Default: false.
# incremental: false
# # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
# rooms:
# - room: "!fuasirouddJoxtwfge:localhost"
# matrixToIrc:
# initial: false
# incremental: false
# # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
# channels:
# - channel: "#foo"
# ircToMatrix:
# initial: false
# incremental: false
# mappings:
# # 1:many mappings from IRC channels to room IDs on this IRC server.
# # The matrix room must already exist. Your matrix client should expose
# # the room ID in a "settings" page for the room.
# "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
# # Configuration for virtual matrix users. The following variables are
# # exposed:
# # $NICK => The IRC nick
# # $SERVER => The IRC server address (e.g. "irc.example.com")
# matrixClients:
# # The user ID template to use when creating virtual matrix users. This
# # MUST have $NICK somewhere in it.
# # Optional. Default: "@$SERVER_$NICK".
# # Example: "@irc.example.com_Alice:example.com"
# userTemplate: "@irc_$NICK"
# # The display name to use for created matrix clients. This should have
# # $NICK somewhere in it if it is specified. Can also use $SERVER to
# # insert the IRC domain.
# # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
# displayName: "$NICK (IRC)"
# # Number of tries a client can attempt to join a room before the request
# # is discarded. You can also use -1 to never retry or 0 to never give up.
# # Optional. Default: -1
# joinAttempts: -1
# # Configuration for virtual IRC users. The following variables are exposed:
# # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
# # $USERID => The user ID
# # $DISPLAY => The display name of this user, with excluded characters
# # (e.g. space) removed. If the user has no display name, this
# # falls back to $LOCALPART.
# ircClients:
# # The template to apply to every IRC client nick. This MUST have either
# # $DISPLAY or $USERID or $LOCALPART somewhere in it.
# # Optional. Default: "M-$DISPLAY". Example: "M-Alice".
# nickTemplate: "$DISPLAY[m]"
# # True to allow virtual IRC clients to change their nick on this server
# # by issuing !nick <server> <nick> commands to the IRC AS bot.
# # This is completely freeform: it will NOT follow the nickTemplate.
# allowNickChanges: true
# # The max number of IRC clients that will connect. If the limit is
# # reached, the client that spoke the longest time ago will be
# # disconnected and replaced.
# # Optional. Default: 30.
# maxClients: 30
# # IPv6 configuration.
# ipv6:
# # Optional. Set to true to force IPv6 for outgoing connections.
# only: false
# # Optional. The IPv6 prefix to use for generating unique addresses for each
# # connected user. If not specified, all users will connect from the same
# # (default) address. This may require additional OS-specific work to allow
# # for the node process to bind to multiple different source addresses
# # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
# # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
# # prefix: "2001:0db8:85a3::" # modify appropriately
# #
# # The maximum amount of time in seconds that the client can exist
# # without sending another message before being disconnected. Use 0 to
# # not apply an idle timeout. This value is ignored if this IRC server is
# # mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
# idleTimeout: 10800
# # The number of millseconds to wait between consecutive reconnections if a
# # client gets disconnected. Setting to 0 will cause the scheduling to be
# # disabled, i.e. it will be scheduled immediately (with jitter.
# # Otherwise, the scheduling interval will be used such that one client
# # reconnect for this server will be handled every reconnectIntervalMs ms using
# # a FIFO queue.
# # Default: 5000 (5 seconds)
# reconnectIntervalMs: 5000
# # The number of concurrent reconnects if a user has been disconnected unexpectedly
# # (e.g. a netsplit). You should set this to a reasonably high number so that
# # bridges are not waiting an eternity to reconnect all its clients if
# # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
# # setting above which is for connecting on restart of the bridge. Set to 0 to
# # immediately try to reconnect all users.
# # Default: 50
# concurrentReconnectLimit: 50
# # The number of lines to allow being sent by the IRC client that has received
# # a large block of text to send from matrix. If the number of lines that would
# # be sent is > lineLimit, the text will instead be uploaded to matrix and the
# # resulting URI is treated as a file. As such, a link will be sent to the IRC
# # side instead of potentially spamming IRC and getting the IRC client kicked.
# # Default: 3.
# lineLimit: 3
# # A list of user modes to set on every IRC client. For example, "RiG" would set
# # +R, +i and +G on every IRC connection when they have successfully connected.
# # User modes vary wildly depending on the IRC network you're connecting to,
# # so check before setting this value. Some modes may not work as intended
# # through the bridge e.g. caller ID as there is no way to /ACCEPT.
# # Default: "" (no user modes)
# # userModes: "R"
# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container). # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container).
# #
@ -27,6 +339,9 @@ matrix_appservice_irc_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-appservice-irc.service wants # List of systemd services that matrix-appservice-irc.service wants
matrix_appservice_irc_systemd_wanted_services_list: [] matrix_appservice_irc_systemd_wanted_services_list: []
matrix_appservice_irc_appservice_token: ''
matrix_appservice_irc_homeserver_token: ''
matrix_appservice_irc_configuration_yaml: | matrix_appservice_irc_configuration_yaml: |
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: True
homeserver: homeserver:
@ -61,6 +376,95 @@ matrix_appservice_irc_configuration_yaml: |
# Default: true # Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
ircService:
# The nedb database URI to connect to. This is the name of the directory to
# dump .db files to. This is relative to the project directory.
# Required.
databaseUri: "nedb:///data"
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# Config for Matrix -> IRC bridging
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
logfile: "debug.log"
# The file location to log errors to. This is relative to the project
# directory.
errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# $ npm install prom-client@6.3.0
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration for the provisioning API.
#
# GET /_matrix/provision/link
# GET /_matrix/provision/unlink
# GET /_matrix/provision/listlinks
#
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: false
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# Options here are generally only applicable to large-scale bridges and may have # Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file. # consequences greater than other options in this configuration file.
advanced: advanced:
@ -78,403 +482,22 @@ matrix_appservice_irc_configuration_extension_yaml: |
# #
# If you need something more special, you can take full control by # If you need something more special, you can take full control by
# completely redefining `matrix_appservice_irc_configuration_yaml`. # completely redefining `matrix_appservice_irc_configuration_yaml`.
#
# Example configuration extension follows:
#
# ircService:
# databaseUri: "nedb:///data" # does not typically need modification
# passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# matrixHandler:
# eventCacheSize: 4096
# servers:
# # The address of the server to connect to.
# irc.example.com:
# # A human-readable short name. This is used to label IRC status rooms
# # where matrix users control their connections.
# # E.g. 'ExampleNet IRC Bridge status'.
# # It is also used in the Third Party Lookup API as the instance `desc`
# # property, where each server is an instance.
# name: "ExampleNet"
#
# additionalAddresses: [ "irc2.example.com" ]
# #
# # [DEPRECATED] Use `name`, above, instead.
# # A human-readable description string
# # description: "Example.com IRC network"
#
# # An ID for uniquely identifying this server amongst other servers being bridged.
# # networkId: "example"
#
# # URL to an icon used as the network icon whenever this network appear in
# # a network list. (Like in the riot room directory, for instance.)
# # icon: https://example.com/images/hash.png
#
# # The port to connect to. Optional.
# port: 6697
# # Whether to use SSL or not. Default: false.
# ssl: true
# # Whether or not IRC server is using a self-signed cert or not providing CA Chain
# sslselfsign: false
# # Should the connection attempt to identify via SASL (if a server or user password is given)
# # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
# sasl: false
# # Whether to allow expired certs when connecting to the IRC server.
# # Usually this should be off. Default: false.
# allowExpiredCerts: false
# # A specific CA to trust instead of the default CAs. Optional.
# #ca: |
# # -----BEGIN CERTIFICATE-----
# # ...
# # -----END CERTIFICATE-----
#
# #
# # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# # password: 'pa$$w0rd'
# #
# # Whether or not to send connection/error notices to real Matrix users. Default: true.
# sendConnectionMessages: true
#
# quitDebounce:
# # Whether parts due to net-splits are debounced for delayMs, to allow
# # time for the netsplit to resolve itself. A netsplit is detected as being
# # a QUIT rate higher than quitsPerSecond. Default: false.
# enabled: false
# # The maximum number of quits per second acceptable above which a netsplit is
# # considered ongoing. Default: 5.
# quitsPerSecond: 5
# # The time window in which to wait before bridging a QUIT to Matrix that occurred during
# # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
# # is not sent many requests to leave rooms all at once if a netsplit occurs and many
# # people to not rejoin.
# # If the user with the same IRC nick as the one who sent the quit rejoins a channel
# # they are considered back online and the quit is not bridged, so long as the rejoin
# # occurs before the randomly-jittered timeout is not reached.
# # Default: 3600000, = 1h
# delayMinMs: 3600000 # 1h
# # Default: 7200000, = 2h
# delayMaxMs: 7200000 # 2h
#
# # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
# # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
# # been given multiple modes, the one that maps to the highest power level will be used.
# modePowerMap:
# o: 50
#
# botConfig:
# # Enable the presence of the bot in IRC channels. The bot serves as the entity
# # which maps from IRC -> Matrix. You can disable the bot entirely which
# # means IRC -> Matrix chat will be shared by active "M-Nick" connections
# # in the room. If there are no users in the room (or if there are users
# # but their connections are not on IRC) then nothing will be bridged to
# # Matrix. If you're concerned about the bot being treated as a "logger"
# # entity, then you may want to disable the bot. If you want IRC->Matrix
# # but don't want to have TCP connections to IRC unless a Matrix user speaks
# # (because your client connection limit is low), then you may want to keep
# # the bot enabled. Default: true.
# # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
# # on, else there will be no users and no bot in a channel (meaning no
# # messages to Matrix!) until a Matrix user speaks which makes a client
# # join the target IRC channel.
# # NBB: The bridge bot IRC client will still join the target IRC network so
# # it can service bridge-specific queries from the IRC-side e.g. so
# # real IRC clients have a way to change their Matrix display name.
# # See https://github.com/matrix-org/matrix-appservice-irc/issues/55
# enabled: true
# # The nickname to give the AS bot.
# nick: "MatrixBot"
# # The password to give to NickServ or IRC Server for this nick. Optional.
# # password: "helloworld"
# #
# # Join channels even if there are no Matrix users on the other side of
# # the bridge. Set to false to prevent the bot from joining channels which have no
# # real matrix users in them, even if there is a mapping for the channel.
# # Default: true
# joinChannelsIfNoUsers: true
#
# # Configuration for PMs / private 1:1 communications between users.
# privateMessages:
# # Enable the ability for PMs to be sent to/from IRC/Matrix.
# # Default: true.
# enabled: true
# # Prevent Matrix users from sending PMs to the following IRC nicks.
# # Optional. Default: [].
# # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
#
# # Should created Matrix PM rooms be federated? If false, only users on the
# # HS attached to this AS will be able to interact with this room.
# # Optional. Default: true.
# federate: true
#
# # Configuration for mappings not explicitly listed in the 'mappings'
# # section.
# dynamicChannels:
# # Enable the ability for Matrix users to join *any* channel on this IRC
# # network.
# # Default: false.
# enabled: true
# # Should the AS create a room alias for the new Matrix room? The form of
# # the alias can be modified via 'aliasTemplate'. Default: true.
# createAlias: true
# # Should the AS publish the new Matrix room to the public room list so
# # anyone can see it? Default: true.
# published: true
# # What should the join_rule be for the new Matrix room? If 'public',
# # anyone can join the room. If 'invite', only users with an invite can
# # join the room. Note that if an IRC channel has +k or +i set on it,
# # join_rules will be set to 'invite' until these modes are removed.
# # Default: "public".
# joinRule: public
# # This will set the m.room.related_groups state event in newly created rooms
# # with the given groupId. This means flares will show up on IRC users in those rooms.
# # This should be set to the same thing as namespaces.users.group_id in irc_registration.
# # This does not alter existing rooms.
# # Leaving this option empty will not set the event.
# groupId: +myircnetwork:localhost
# # Should created Matrix rooms be federated? If false, only users on the
# # HS attached to this AS will be able to interact with this room.
# # Default: true.
# federate: true
# # The room alias template to apply when creating new aliases. This only
# # applies if createAlias is 'true'. The following variables are exposed:
# # $SERVER => The IRC server address (e.g. "irc.example.com")
# # $CHANNEL => The IRC channel (e.g. "#python")
# # This MUST have $CHANNEL somewhere in it.
# # Default: '#irc_$SERVER_$CHANNEL'
# aliasTemplate: "#irc_$CHANNEL"
# # A list of user IDs which the AS bot will send invites to in response
# # to a !join. Only applies if joinRule is 'invite'. Default: []
# # whitelist:
# # - "@foo:example.com"
# # - "@bar:example.com"
# #
# # Prevent the given list of channels from being mapped under any
# # circumstances.
# # exclude: ["#foo", "#bar"]
#
# # Configuration for controlling how Matrix and IRC membership lists are
# # synced.
# membershipLists:
# # Enable the syncing of membership lists between IRC and Matrix. This
# # can have a significant effect on performance on startup as the lists are
# # synced. This must be enabled for anything else in this section to take
# # effect. Default: false.
# enabled: false
#
# # Syncing membership lists at startup can result in hundreds of members to
# # process all at once. This timer drip feeds membership entries at the
# # specified rate. Default: 10000. (10s)
# floodDelayMs: 10000
#
# global:
# ircToMatrix:
# # Get a snapshot of all real IRC users on a channel (via NAMES) and
# # join their virtual matrix clients to the room.
# initial: false
# # Make virtual matrix clients join and leave rooms as their real IRC
# # counterparts join/part channels. Default: false.
# incremental: false
#
# matrixToIrc:
# # Get a snapshot of all real Matrix users in the room and join all of
# # them to the mapped IRC channel on startup. Default: false.
# initial: false
# # Make virtual IRC clients join and leave channels as their real Matrix
# # counterparts join/leave rooms. Make sure your 'maxClients' value is
# # high enough! Default: false.
# incremental: false
#
# # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
# rooms:
# - room: "!fuasirouddJoxtwfge:localhost"
# matrixToIrc:
# initial: false
# incremental: false
#
# # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
# channels:
# - channel: "#foo"
# ircToMatrix:
# initial: false
# incremental: false
#
# mappings:
# # 1:many mappings from IRC channels to room IDs on this IRC server.
# # The matrix room must already exist. Your matrix client should expose
# # the room ID in a "settings" page for the room.
# "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
#
# # Configuration for virtual matrix users. The following variables are
# # exposed:
# # $NICK => The IRC nick
# # $SERVER => The IRC server address (e.g. "irc.example.com")
# matrixClients:
# # The user ID template to use when creating virtual matrix users. This
# # MUST have $NICK somewhere in it.
# # Optional. Default: "@$SERVER_$NICK".
# # Example: "@irc.example.com_Alice:example.com"
# userTemplate: "@irc_$NICK"
# # The display name to use for created matrix clients. This should have
# # $NICK somewhere in it if it is specified. Can also use $SERVER to
# # insert the IRC domain.
# # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
# displayName: "$NICK (IRC)"
# # Number of tries a client can attempt to join a room before the request
# # is discarded. You can also use -1 to never retry or 0 to never give up.
# # Optional. Default: -1
# joinAttempts: -1
#
# # Configuration for virtual IRC users. The following variables are exposed:
# # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
# # $USERID => The user ID
# # $DISPLAY => The display name of this user, with excluded characters
# # (e.g. space) removed. If the user has no display name, this
# # falls back to $LOCALPART.
# ircClients:
# # The template to apply to every IRC client nick. This MUST have either
# # $DISPLAY or $USERID or $LOCALPART somewhere in it.
# # Optional. Default: "M-$DISPLAY". Example: "M-Alice".
# nickTemplate: "$DISPLAY[m]"
# # True to allow virtual IRC clients to change their nick on this server
# # by issuing !nick <server> <nick> commands to the IRC AS bot.
# # This is completely freeform: it will NOT follow the nickTemplate.
# allowNickChanges: true
# # The max number of IRC clients that will connect. If the limit is
# # reached, the client that spoke the longest time ago will be
# # disconnected and replaced.
# # Optional. Default: 30.
# maxClients: 30
# # IPv6 configuration.
# ipv6:
# # Optional. Set to true to force IPv6 for outgoing connections.
# only: false
# # Optional. The IPv6 prefix to use for generating unique addresses for each
# # connected user. If not specified, all users will connect from the same
# # (default) address. This may require additional OS-specific work to allow
# # for the node process to bind to multiple different source addresses
# # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
# # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
# # prefix: "2001:0db8:85a3::" # modify appropriately
# #
# # The maximum amount of time in seconds that the client can exist
# # without sending another message before being disconnected. Use 0 to
# # not apply an idle timeout. This value is ignored if this IRC server is
# # mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
# idleTimeout: 10800
# # The number of millseconds to wait between consecutive reconnections if a
# # client gets disconnected. Setting to 0 will cause the scheduling to be
# # disabled, i.e. it will be scheduled immediately (with jitter.
# # Otherwise, the scheduling interval will be used such that one client
# # reconnect for this server will be handled every reconnectIntervalMs ms using
# # a FIFO queue.
# # Default: 5000 (5 seconds)
# reconnectIntervalMs: 5000
# # The number of concurrent reconnects if a user has been disconnected unexpectedly
# # (e.g. a netsplit). You should set this to a reasonably high number so that
# # bridges are not waiting an eternity to reconnect all its clients if
# # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
# # setting above which is for connecting on restart of the bridge. Set to 0 to
# # immediately try to reconnect all users.
# # Default: 50
# concurrentReconnectLimit: 50
# # The number of lines to allow being sent by the IRC client that has received
# # a large block of text to send from matrix. If the number of lines that would
# # be sent is > lineLimit, the text will instead be uploaded to matrix and the
# # resulting URI is treated as a file. As such, a link will be sent to the IRC
# # side instead of potentially spamming IRC and getting the IRC client kicked.
# # Default: 3.
# lineLimit: 3
# # A list of user modes to set on every IRC client. For example, "RiG" would set
# # +R, +i and +G on every IRC connection when they have successfully connected.
# # User modes vary wildly depending on the IRC network you're connecting to,
# # so check before setting this value. Some modes may not work as intended
# # through the bridge e.g. caller ID as there is no way to /ACCEPT.
# # Default: "" (no user modes)
# # userModes: "R"
#
# # Configuration for an ident server. If you are running a public bridge it is
# # advised you setup an ident server so IRC mods can ban specific matrix users
# # rather than the application service itself.
# ident:
# # True to listen for Ident requests and respond with the
# # matrix user's user_id (converted to ASCII, respecting RFC 1413).
# # Default: false.
# enabled: false
# # The port to listen on for incoming ident requests.
# # Ports below 1024 require root to listen on, and you may not want this to
# # run as root. Instead, you can get something like an Apache to yank up
# # incoming requests to 113 to a high numbered port. Set the port to listen
# # on instead of 113 here.
# # Default: 113.
# port: 1113
# # The address to listen on for incoming ident requests.
# # Default: 0.0.0.0
# address: "::"
#
# # Configuration for logging. Optional. Default: console debug level logging
# # only.
# logging:
# # Level to log on console/logfile. One of error|warn|info|debug
# level: "debug"
# # The file location to log to. This is relative to the project directory.
# logfile: "debug.log"
# # The file location to log errors to. This is relative to the project
# # directory.
# errfile: "errors.log"
# # Whether to log to the console or not.
# toConsole: true
# # The max number of files to keep. Files will be overwritten eventually due
# # to rotations.
# maxFiles: 5
#
# # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# # $ npm install prom-client@6.3.0
# # Metrics will then be available via GET /metrics on the bridge listening port (-p).
# metrics:
# # Whether to actually enable the metric endpoint. Default: false
# enabled: true
# # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
# remoteUserAgeBuckets:
# - "1h"
# - "1d"
# - "1w"
#
# # Configuration options for the debug HTTP API. To access this API, you must
# # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
# #
# # The debug API exposes the following endpoints:
# #
# # GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
# #
# # POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
# # Format: new line delimited commands as per IRC protocol.
# #
# debugApi:
# # True to enable the HTTP API endpoint. Default: false.
# enabled: false
# # The port to host the HTTP API.
# port: 11100
#
# # Configuration for the provisioning API.
# #
# # GET /_matrix/provision/link
# # GET /_matrix/provision/unlink
# # GET /_matrix/provision/listlinks
# #
# provisioning:
# # True to enable the provisioning HTTP endpoint. Default: false.
# enabled: false
# # The number of seconds to wait before giving up on getting a response from
# # an IRC channel operator. If the channel operator does not respond within the
# # allotted time period, the provisioning request will fail.
# # Default: 300 seconds (5 mins)
# requestTimeoutSeconds: 300
#
# # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# # the database.
# #
matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}" matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}"
matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}"
# The original registration.yaml file generated by AppService IRC is merged with this config override,
# to produce the final registration.yaml file ultimately used by both the bridge and the homeserver.
#
# We do this to ensure consistency:
# - always having an up-to-date registration.yaml file (synced with the configuration file)
# - always having the same AS/HS token and appservice id in the registration.yaml file
#
# Learn more about this in `setup_install.yml`
matrix_appservice_irc_registration_override_yaml: |
id: appservice-irc
as_token: "{{ matrix_appservice_irc_appservice_token }}"
hs_token: "{{ matrix_appservice_irc_homeserver_token }}"
matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml|from_yaml }}"

View File

@ -1,3 +1,11 @@
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)"
- set_fact: - set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}" matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}"
when: matrix_appservice_irc_enabled|bool when: matrix_appservice_irc_enabled|bool
@ -7,7 +15,7 @@
matrix_synapse_container_extra_arguments: > matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }} {{ matrix_synapse_container_extra_arguments|default([]) }}
+ +
{{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} {{ ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: > matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }} {{ matrix_synapse_app_service_config_files|default([]) }}

View File

@ -1,13 +1,5 @@
--- ---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Appservice IRC image is pulled - name: Ensure Appservice IRC image is pulled
docker_image: docker_image:
name: "{{ matrix_appservice_irc_docker_image }}" name: "{{ matrix_appservice_irc_docker_image }}"
@ -15,31 +7,122 @@
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
- name: Ensure Appservice IRC base directory exists - name: Ensure Appservice IRC paths exist
file: file:
path: "{{ matrix_appservice_irc_base_path }}" path: "{{ item }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_appservice_irc_base_path }}"
- "{{ matrix_appservice_irc_config_path }}"
- "{{ matrix_appservice_irc_data_path }}"
- name: Check if an old passkey file already exists
stat:
path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
register: matrix_appservice_irc_stat_passkey
- name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
service:
name: matrix-appservice-irc
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem"
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- name: (Data relocation) Move AppService database files to ./data directory
command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}"
with_items:
- rooms.db
- users.db
failed_when: false
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- name: Ensure Matrix Appservice IRC config installed - name: Ensure Matrix Appservice IRC config installed
copy: copy:
content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}" content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}"
dest: "{{ matrix_appservice_irc_base_path }}/config.yaml" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
- name: Check if matrix-appservice-irc passkey exists - name: Check if Appservice IRC passkey exists
stat: stat:
path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
register: irc_passkey_file register: irc_passkey_file
- name: Generate matrix-appservice-irc passkey if it doesn't exist - name: Generate Appservice IRC passkey if it doesn't exist
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
when: "not irc_passkey_file.stat.exists" when: "not irc_passkey_file.stat.exists"
# Ideally, we'd like to generate the final registration.yaml file by ourselves.
#
# However, the IRC bridge supports multiple servers, which leads to multiple
# users/aliases/rooms rules in the registration file.
#
# Generating a proper file by ourselves is complicated and may lead to deviation
# from what the bridge is doing.
#
# Instead, we do another hacky thing - asking the bridge to generate a template,
# and then we parse it and fix it up with our own AS/HS token.
# We need to do this, because:
# - we'd like to have an up-to-date registration file
# - we can achieve this by asking the bridge to rebuild it each time
# - however, the bridge insists on regenerating all tokens each time
# - .. which is not friendly for integrating with the homeserver
#
# So we have a hybrid approach. We ask the bridge to always generate
# an up-to-date file, and we fix it up with some static values later on,
# to produce a final registration.yaml file, as we desire.
- name: Generate Appservice IRC registration-template.yaml
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_irc_config_path }}:/config:z
-v {{ matrix_appservice_irc_data_path }}:/data:z
{{ matrix_appservice_irc_docker_image }}
node app.js
-r
-f /config/registration-template.yaml
-u "http://matrix-appservice-irc:9999"
-c /config/config.yaml
-l irc_bot
changed_when: false
- name: Read Appservice IRC registration-template.yaml
slurp:
src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
register: matrix_appservice_irc_registration_template_slurp
- name: Remove unnecessary Appservice IRC registration-template.yaml
file:
path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
state: absent
changed_when: false
- name: Parse registration-template.yaml
set_fact:
matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}"
- name: Combine registration-template.yaml and own registration override config
set_fact:
matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}"
- name: Ensure Appservice IRC registration.yaml installed
copy:
content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}"
dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure matrix-appservice-irc.service installed - name: Ensure matrix-appservice-irc.service installed
template: template:
src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
@ -51,31 +134,3 @@
service: service:
daemon_reload: yes daemon_reload: yes
when: "matrix_appservice_irc_systemd_service_result.changed" when: "matrix_appservice_irc_systemd_service_result.changed"
- name: Check if a matrix-appservice-irc registration file exists
stat:
path: "{{ matrix_appservice_irc_base_path }}/registration.yaml"
register: appservice_irc_registration_file
- name: Generate matrix-appservice-irc registration.yaml if it doesn't exist
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
-v {{ matrix_appservice_irc_base_path }}:/data:z
{{ matrix_appservice_irc_docker_image }}
node app.js
-r
-f /data/registration.yaml
-u "http://matrix-appservice-irc:9999"
-c /data/config.yaml
-l irc_bot
when: "not appservice_irc_registration_file.stat.exists"
- name: Ensure IRC configuration directory permissions are correct
file:
path: "{{ matrix_appservice_irc_base_path }}"
state: directory
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
recurse: true

View File

@ -1,5 +1,14 @@
--- ---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_appservice_irc_appservice_token"
- "matrix_appservice_irc_homeserver_token"
# Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to
# let the playbook run without errors. # let the playbook run without errors.
# #
@ -10,9 +19,11 @@
- name: Fail if no additional configuration provided - name: Fail if no additional configuration provided
fail: fail:
msg: >- msg: >-
Your Appservice IRC configuration is incomplete (lacking an `ircService` key). Your Appservice IRC configuration is incomplete (lacking an `ircService.servers` configuration).
You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`. You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers`
when: "matrix_appservice_irc_configuration.ircService|default(none) is none" or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`.
Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility.
when: "matrix_appservice_irc_configuration.ircService.servers|length == 0"
- name: (Deprecation) Catch and report renamed appservice-irc variables - name: (Deprecation) Catch and report renamed appservice-irc variables
fail: fail:

View File

@ -25,12 +25,13 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
{% if matrix_appservice_irc_container_http_host_bind_port %} {% if matrix_appservice_irc_container_http_host_bind_port %}
-p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \ -p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \
{% endif %} {% endif %}
-v {{ matrix_appservice_irc_base_path }}:/data:z \ -v {{ matrix_appservice_irc_config_path }}:/config:z \
-v {{ matrix_appservice_irc_data_path }}:/data:z \
{% for arg in matrix_appservice_irc_container_extra_arguments %} {% for arg in matrix_appservice_irc_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}
{{ matrix_appservice_irc_docker_image }} \ {{ matrix_appservice_irc_docker_image }} \
-c /data/config.yaml -f /data/registration.yaml -p 9999 -c /config/config.yaml -f /config/registration.yaml -p 9999
ExecStop=-/usr/bin/docker kill matrix-appservice-irc ExecStop=-/usr/bin/docker kill matrix-appservice-irc
ExecStop=-/usr/bin/docker rm matrix-appservice-irc ExecStop=-/usr/bin/docker rm matrix-appservice-irc