mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-07-31 03:55:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:032809a053ed38974114cee1e24af6daf2bbf92b
Branches Tags
mirror:master mirror:element-call-stack mirror:element-call-integration mirror:synapse-cache-tuning mirror:HarHarLinks/hookshot-encryption
...
compare: mirror:f657273cc84880057136517e7d086b2770e7d83c
Branches Tags
mirror:master mirror:element-call-stack mirror:element-call-integration mirror:synapse-cache-tuning mirror:HarHarLinks/hookshot-encryption

4 Commits
032809a053 ... f657273cc8

Author SHA1 Message Date
Aine
f657273cc8 add system-managed users to synapse-admin (#3546) 
* WIP: add system-managed users to synapse-admin

* add missing users
 2024-09-24 21:37:03 +03:00
Aine
338e6d91c3 synapse-admin v0.10.3-etke16: Upgrade to react-admin v5, restrict actions on specific users (#3543) 
* synapse-admin v0.10.3-etke15: Upgrade to react-admin v5

* v0.10.3-etke16

* fix linter

* add _auto and _custom vars

* Use 2 spaces before #noqa var-naming

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2024-09-24 16:58:17 +03:00
Slavi Pantaleev
e662eb1e32 Merge pull request #3545 from spantaleev/renovate/vectorim-element-web-1.x 
Update vectorim/element-web Docker tag to v1.11.78
 2024-09-24 16:54:53 +03:00
renovate[bot]
7cbef06c4f Update vectorim/element-web Docker tag to v1.11.78 2024-09-24 13:18:25 +00:00
4 changed files with 209 additions and 3 deletions
Expand all files Collapse all files

185
group_vars/matrix_servers
View File

@ -4791,6 +4791,191 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_synapse_admin_config_asManagedUsers_auto: |
{{
([
'^@'+(matrix_alertmanager_receiver_config_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_alertmanager_receiver_enabled else [])
+
([
'^@'+(matrix_appservice_draupnir_for_all_user_prefix | default('') | regex_escape) +'_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_draupnir_for_all_enabled else [])
+
([
'^@'+(matrix_bot_baibot_config_user_mxid_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_baibot_enabled else [])
+
([
'^@'+(matrix_bot_buscarron_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_buscarron_enabled else [])
+
([
'^@'+(matrix_bot_chatgpt_matrix_bot_username_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_chatgpt_enabled else [])
+
([
'^@'+(matrix_bot_honoroit_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_honoroit_enabled else [])
+
([
'^@'+(matrix_bot_matrix_registration_bot_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_matrix_registration_bot_enabled else [])
+
([
'^@'+(matrix_bot_matrix_reminder_bot_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_matrix_reminder_bot_enabled else [])
+
([
'^@'+(matrix_bot_maubot_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_maubot_enabled else [])
+
([
'^@'+(matrix_bot_postmoogle_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_postmoogle_enabled else [])
+
([
'^@_discord_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_discord_enabled else [])
+
([
'^@'+(matrix_appservice_slack_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_appservice_slack_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_slack_enabled else [])
+
([
'^@'+(matrix_appservice_webhooks_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_appservice_webhooks_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_webhooks_enabled else [])
+
([
'^@'+(matrix_beeper_linkedin_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@linkedin_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_beeper_linkedin_enabled else [])
+
([
'^@'+(matrix_go_skype_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@skype_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_go_skype_bridge_enabled else [])
+
([
'^@heisenbridge:'+(matrix_domain | regex_escape)+'$',
'^@hbirc_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_heisenbridge_enabled else [])
+
([
'^@hookshot:'+(matrix_domain | regex_escape)+'$',
'^@_github_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
'^@_gitlab_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
'^@_jira_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_hookshot_generic_userIdPrefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_hookshot_enabled else [])
+
([
'^@'+(matrix_mautrix_discord_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@discord_[0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_discord_enabled else [])
+
([
'^@'+(matrix_mautrix_facebook_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@facebook_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_facebook_enabled else [])
+
([
'^@'+(matrix_mautrix_gmessages_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@gmessages_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_gmessages_enabled else [])
+
([
'^@'+(matrix_mautrix_googlechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@googlechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_googlechat_enabled else [])
+
([
'^@'+(matrix_mautrix_hangouts_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@hangouts_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_hangouts_enabled else [])
+
([
'^@'+(matrix_mautrix_instagram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@instagram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_instagram_enabled else [])
+
([
'^@'+(matrix_mautrix_meta_instagram_appservice_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_meta_instagram_bridge_username_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_meta_instagram_enabled else [])
+
([
'^@'+(matrix_mautrix_meta_messenger_appservice_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_meta_messenger_bridge_username_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_meta_messenger_enabled else [])
+
([
'^@'+(matrix_mautrix_signal_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@signal_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_signal_enabled else [])
+
([
'^@'+(matrix_mautrix_slack_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@slack_[a-zA-Z0-9\-]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_slack_enabled else [])
+
([
'^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_telegram_enabled else [])
+
([
'^@'+(matrix_mautrix_twitter_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@twitter_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_twitter_enabled else [])
+
([
'^@'+(matrix_mautrix_whatsapp_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@whatsapp_[0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_whatsapp_enabled else [])
+
([
'^@'+(matrix_mautrix_imessage_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@imessage_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_wsproxy_enabled else [])
+
([
'^@_discordpuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_discord_enabled else [])
+
([
'^@_groupmepuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_groupme_enabled else [])
+
([
'^@_instagrampuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_instagram_enabled else [])
+
([
'^@_slackpuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_slack_enabled else [])
+
([
'^@_steampuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_steam_enabled else [])
+
([
'^@'+(matrix_mx_puppet_twitter_bot_localpart | default('') | regex_escape)+':'+ (matrix_domain | regex_escape)+'$',
'^@'+(matrix_mx_puppet_twitter_namespace_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_twitter_enabled else [])
+
([
'^@smsbot:'+(matrix_domain | regex_escape)+'$',
'^@sms_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_sms_bridge_enabled else [])
+
([
'^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_wechat_enabled else [])
}}
######################################################################
#
# /matrix-synapse-admin

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=vectorim/element-web
matrix_client_element_version: v1.11.77
matrix_client_element_version: v1.11.78
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"

22
roles/custom/matrix-synapse-admin/defaults/main.yml
View File

@ -14,7 +14,7 @@ matrix_synapse_admin_container_image_self_build: false
matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
# renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
matrix_synapse_admin_version: v0.10.3-etke14
matrix_synapse_admin_version: v0.10.3-etke16
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else 'ghcr.io/' }}"
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
@ -174,3 +174,23 @@ matrix_synapse_admin_configuration: "{{ matrix_synapse_admin_configuration_defau
# Controls the restrictBaseUrl configuration setting, which, if defined,
# restricts the homeserver(s), so that the user can no longer define a homeserver manually during login.
matrix_synapse_admin_config_restrictBaseUrl: "{{ [matrix_homeserver_url] }}" # noqa var-naming
# Controls the asManagedUsers configuration setting (managed by playbook), which, if defined,
# restricts modifications of the specified users (e.g., bridge-managed).
# You should use JS regex syntax to match the user IDs.
# Example for mautrix-telegram: ["^@telegram_[a-zA-Z0-9]+:example\\.com$"]
# WARNING: you want to use matrix_synapse_admin_config_asManagedUsers_custom instead of this variable.
matrix_synapse_admin_config_asManagedUsers_auto: [] # noqa var-naming
# Controls the asManagedUsers configuration setting (managed per host), which, if defined,
# restricts modifications of the specified users (e.g., bridge-managed).
# You should use JS regex syntax to match the user IDs.
# Example for mautrix-telegram: ["^@telegram_[a-zA-Z0-9]+:example\\.com$"]
matrix_synapse_admin_config_asManagedUsers_custom: [] # noqa var-naming
# Controls the asManagedUsers configuration setting, which, if defined,
# restricts modifications of the specified users (e.g., bridge-managed).
# You should use JS regex syntax to match the user IDs.
# Example for mautrix-telegram: ["^@telegram_[a-zA-Z0-9]+:example\\.com$"]
# WARNING: you want to use matrix_synapse_admin_config_asManagedUsers_custom instead of this variable.
matrix_synapse_admin_config_asManagedUsers: "{{ matrix_synapse_admin_config_asManagedUsers_auto + matrix_synapse_admin_config_asManagedUsers_custom }}" # noqa var-naming

3
roles/custom/matrix-synapse-admin/templates/config.json.j2
View File

@ -1,3 +1,4 @@
{
"restrictBaseUrl": {{ matrix_synapse_admin_config_restrictBaseUrl | to_json }}
"restrictBaseUrl": {{ matrix_synapse_admin_config_restrictBaseUrl | to_json }},
"asManagedUsers": {{ matrix_synapse_admin_config_asManagedUsers | to_json }}
}