2019-03-03 18:22:52 +01:00
---
# This variables file wires together the various components (roles) used by the playbook.
#
# Roles used by playbook are pretty minimal and kept independent of one another as much as possible.
# To deliver a turnkey fully-featured Matrix server, this playbook needs
# to connect them all together. It does so by overriding role variables.
#
# You can also override ANY variable (seen here or in any given role),
# by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).
2022-11-22 09:01:26 +02:00
########################################################################
# #
# Playbook #
# #
########################################################################
# Controls whether to install Docker or not
# Also see `devture_docker_sdk_for_python_installation_enabled`.
matrix_playbook_docker_installation_enabled: true
2024-04-20 08:17:06 +03:00
matrix_playbook_docker_installation_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options_auto | combine(matrix_playbook_docker_installation_daemon_options_custom, recursive=True) }}"
2024-04-20 08:14:17 +03:00
2024-04-20 08:17:06 +03:00
matrix_playbook_docker_installation_daemon_options_auto:
2024-04-20 08:14:17 +03:00
experimental: "{{ devture_systemd_docker_base_ipv6_enabled }}"
ip6tables: "{{ devture_systemd_docker_base_ipv6_enabled }}"
2024-04-20 08:17:06 +03:00
matrix_playbook_docker_installation_daemon_options_custom: {}
2024-04-20 08:14:17 +03:00
2023-02-06 10:34:51 +02:00
# Controls whether to attach Traefik labels to services.
2023-03-06 09:51:14 +02:00
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
# yet still use Traefik installed in another way.
2023-02-11 08:44:11 +02:00
matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
2023-02-06 10:34:51 +02:00
2024-01-14 10:23:55 +02:00
matrix_playbook_reverse_proxy_container_network: "{{ devture_traefik_container_network if devture_traefik_enabled else 'traefik' }}"
matrix_playbook_reverse_proxy_hostname: "{{ devture_traefik_identifier if devture_traefik_enabled else 'traefik' }}"
2023-02-06 10:34:51 +02:00
2024-01-14 09:23:36 +02:00
# A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [devture_traefik_config_entrypoint_web_port, devture_traefik_config_entrypoint_web_secure_port] }}"
2024-07-06 11:00:59 +03:00
# We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled.
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ devture_traefik_config_entrypoint_web_secure_http3_enabled }}"
2024-01-15 09:39:36 +02:00
# `devture_traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not.
# `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not,
# and affects how services configure their public URLs.
matrix_federation_traefik_entrypoint_tls: "{{ devture_traefik_config_entrypoint_web_secure_enabled }}"
2022-11-23 10:14:28 +02:00
########################################################################
# #
# /Playbook #
# #
########################################################################
2023-03-20 11:06:27 +02:00
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_default_owner: "{{ matrix_user_username }}"
aux_directory_default_group: "{{ matrix_user_groupname }}"
aux_file_default_owner: "{{ matrix_user_username }}"
aux_file_default_group: "{{ matrix_user_groupname }}"
########################################################################
# #
# /aux #
# #
########################################################################
2022-11-23 10:14:28 +02:00
########################################################################
# #
# base #
# #
########################################################################
2022-11-23 12:18:35 +02:00
matrix_homeserver_container_extra_arguments_auto: |
2022-11-23 10:14:28 +02:00
{{
(['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
+
2024-03-05 15:09:52 +01:00
(['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else [])
2024-03-24 18:25:19 +02:00
+
2024-08-17 19:00:16 +03:00
(['--mount type=bind,src=' + matrix_appservice_double_puppet_config_path + '/registration.yaml,dst=/matrix-appservice-double-puppet-registration.yaml,ro'] if matrix_appservice_double_puppet_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
+
(['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
+
(['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
+
Add support for WeChat bridging
This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241)
by Tobias Diez (https://github.com/tobiasdiez).
I've refactored some parts, made it more configurable, polished it up,
and it's integrated into the playbook now.
Both the WeChat bridge and WeChat agent appear to be working.
The WeChat bridge joins rooms and responds as expected.
That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092
This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2
Squashed commit of the following:
commit fdd37f02472a0b83d61b4fac80650442f90e7629
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 21:05:53 2024 +0300
Add documentation for WeChat bridge
commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:59:42 2024 +0300
Rename directory for matrix_wechat_agent_container_src_files_path
commit da200df82bbc9153d307095dd90e4769c400ea1e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:58:26 2024 +0300
Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key
commit 4022cb1355828ac16af7d9228cb1066962bb35f5
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:54:56 2024 +0300
Refactor install.yml for WeChat a bit (using blocks, etc.)
commit d07a39b4c4f6b93d04204e13e384086d5a242d52
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:52:35 2024 +0300
Rename WeChat Agent configuration file
This makes it more clear that it belongs to the agent.
Otherwise, `config.yaml` and `configure.yaml` make you wonder.
commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:49:06 2024 +0300
Move WeChat agent configuration to a template
commit a4047d94d8877b4095712dfc76ac3082a1edca28
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:47:17 2024 +0300
Mount WeChat config as readonly and instruct bridge to not update it
commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:46:33 2024 +0300
Sync WeChat config with upstream
Brings up-to-date with:
https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml
commit a46f5b9cbc8bf16042685a18c77d25a606bc8232
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:48:17 2024 +0300
Rename some files
commit 3877679040cffc4ca6cccfa21a7335f8f796f06e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:47:10 2024 +0300
Update WeChat logging config
This brings it up-to-date with what mautrix-go uses.
Otherwise, on startup we see:
> Migrating legacy log config
.. and it gets migrated to what we've done here.
commit e3e95ab234651867c7a975a08455549b31db4172
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:43:37 2024 +0300
Make sure matrix-wechat-agent runs as 1000:1000
It needs to write stuff to `/home/user/.vnc`.
`/home/user` is owned by `user:group` (`1000:1000`), so it cannot run
any other way.
Previously, if the `matrix` user was uid=1000 by chance, it would work,
but that's pure luck.
commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:57:09 2024 +0300
Pin wechat and wechat-agent versions
commit 40d40009f19ebceed4126146cbb510a2c95af671
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:53:58 2024 +0300
docker_image -> container_image for WeChat bridge
commit cc33aff592541913070d13288d17b04ed6243176
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:00:25 2024 +0300
docker_src -> container_src in WeChat bridge
commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 17:54:24 2024 +0300
matrix_go_wechat_ -> matrix_wechat_
The bridge is written in Go, but does not include Go anywhere in its
name. As such, it's mostly useless to use `matrix_go_wechat` as the
prefix.
commit d6662a69d1916d215d5184320c36d2ef73afd3e9
Author: Tobias Diez <code@tobiasdiez.de>
Date: Mon Mar 25 10:55:16 2024 +0800
Add wechat bridge
2024-06-03 21:06:19 +03:00
(['--mount type=bind,src=' + matrix_wechat_config_path + '/registration.yaml,dst=/matrix-wechat-registration.yaml,ro'] if matrix_wechat_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+
2023-01-02 20:07:04 -05:00
(['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
+
2024-02-19 10:13:36 +02:00
(['--mount type=bind,src=' + matrix_mautrix_meta_messenger_config_path + '/registration.yaml,dst=/matrix-mautrix-meta-messenger-registration.yaml,ro'] if matrix_mautrix_meta_messenger_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_meta_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-meta-instagram-registration.yaml,ro'] if matrix_mautrix_meta_instagram_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
+
2023-07-21 06:33:52 -05:00
(['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
+
2023-08-23 14:05:32 +02:00
(['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/androidsms-registration.yaml,dst=/matrix-mautrix-androidsms-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/imessage-registration.yaml,dst=/matrix-mautrix-imessage-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
+
(['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
}}
2022-11-23 12:18:35 +02:00
matrix_homeserver_app_service_config_files_auto: |
2022-11-23 10:14:28 +02:00
{{
(['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
+
2024-03-05 15:09:52 +01:00
(['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else [])
2024-03-24 18:25:19 +02:00
+
2024-08-17 19:00:16 +03:00
(['/matrix-appservice-double-puppet-registration.yaml'] if matrix_appservice_double_puppet_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
+
(['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
+
(['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
+
(['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
+
(['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
+
(['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
+
Add support for WeChat bridging
This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241)
by Tobias Diez (https://github.com/tobiasdiez).
I've refactored some parts, made it more configurable, polished it up,
and it's integrated into the playbook now.
Both the WeChat bridge and WeChat agent appear to be working.
The WeChat bridge joins rooms and responds as expected.
That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092
This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2
Squashed commit of the following:
commit fdd37f02472a0b83d61b4fac80650442f90e7629
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 21:05:53 2024 +0300
Add documentation for WeChat bridge
commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:59:42 2024 +0300
Rename directory for matrix_wechat_agent_container_src_files_path
commit da200df82bbc9153d307095dd90e4769c400ea1e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:58:26 2024 +0300
Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key
commit 4022cb1355828ac16af7d9228cb1066962bb35f5
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:54:56 2024 +0300
Refactor install.yml for WeChat a bit (using blocks, etc.)
commit d07a39b4c4f6b93d04204e13e384086d5a242d52
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:52:35 2024 +0300
Rename WeChat Agent configuration file
This makes it more clear that it belongs to the agent.
Otherwise, `config.yaml` and `configure.yaml` make you wonder.
commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:49:06 2024 +0300
Move WeChat agent configuration to a template
commit a4047d94d8877b4095712dfc76ac3082a1edca28
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:47:17 2024 +0300
Mount WeChat config as readonly and instruct bridge to not update it
commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:46:33 2024 +0300
Sync WeChat config with upstream
Brings up-to-date with:
https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml
commit a46f5b9cbc8bf16042685a18c77d25a606bc8232
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:48:17 2024 +0300
Rename some files
commit 3877679040cffc4ca6cccfa21a7335f8f796f06e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:47:10 2024 +0300
Update WeChat logging config
This brings it up-to-date with what mautrix-go uses.
Otherwise, on startup we see:
> Migrating legacy log config
.. and it gets migrated to what we've done here.
commit e3e95ab234651867c7a975a08455549b31db4172
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:43:37 2024 +0300
Make sure matrix-wechat-agent runs as 1000:1000
It needs to write stuff to `/home/user/.vnc`.
`/home/user` is owned by `user:group` (`1000:1000`), so it cannot run
any other way.
Previously, if the `matrix` user was uid=1000 by chance, it would work,
but that's pure luck.
commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:57:09 2024 +0300
Pin wechat and wechat-agent versions
commit 40d40009f19ebceed4126146cbb510a2c95af671
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:53:58 2024 +0300
docker_image -> container_image for WeChat bridge
commit cc33aff592541913070d13288d17b04ed6243176
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:00:25 2024 +0300
docker_src -> container_src in WeChat bridge
commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 17:54:24 2024 +0300
matrix_go_wechat_ -> matrix_wechat_
The bridge is written in Go, but does not include Go anywhere in its
name. As such, it's mostly useless to use `matrix_go_wechat` as the
prefix.
commit d6662a69d1916d215d5184320c36d2ef73afd3e9
Author: Tobias Diez <code@tobiasdiez.de>
Date: Mon Mar 25 10:55:16 2024 +0800
Add wechat bridge
2024-06-03 21:06:19 +03:00
(['/matrix-wechat-registration.yaml'] if matrix_wechat_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
+
(['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
+
(['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+
2023-01-02 20:07:04 -05:00
(['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
+
(['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
+
(['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else [])
+
(['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
+
(['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
+
2024-02-19 10:13:36 +02:00
(['/matrix-mautrix-meta-messenger-registration.yaml'] if matrix_mautrix_meta_messenger_enabled else [])
+
(['/matrix-mautrix-meta-instagram-registration.yaml'] if matrix_mautrix_meta_instagram_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
+
(['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
+
2023-07-21 06:33:52 -05:00
(['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
+
2023-08-23 14:05:32 +02:00
(['/matrix-mautrix-androidsms-registration.yaml'] if matrix_mautrix_wsproxy_enabled else [])
+
(['/matrix-mautrix-imessage-registration.yaml'] if matrix_mautrix_wsproxy_enabled else [])
+
2022-11-23 10:14:28 +02:00
(['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
+
(['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
+
(['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
+
(['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
+
(['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
+
(['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
+
(['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+
(['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
}}
2024-01-14 10:23:55 +02:00
matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}"
matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_reverse_proxy_hostname + ':' + matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port | string) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_url }}"
2024-01-15 22:29:23 +02:00
matrix_addons_homeserver_systemd_services_list: "{{ ([devture_traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}"
2024-01-02 15:56:56 +02:00
# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features.
matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit'] else '') }}"
2022-11-23 10:14:28 +02:00
########################################################################
# #
# /base #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
2022-11-22 21:36:49 +02:00
# This list is not exhaustive and final.
# Synapse workers are still injected into the list at runtime.
2023-06-18 08:54:55 +03:00
# Additional JVB workers (jitsi_jvb.yml -- roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
2022-11-23 08:43:46 +02:00
#
# Priority levels are like this:
2024-01-17 11:52:46 +02:00
# - Traefik starts first with a level of 250, so that:
# - it can get an early start on obtaining SSL certificates and routing to other services as soon as they start (later)
# - so that addon services (starting later) can communicte with the homeserver via Traefik's internal entrypoint
# (see `matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled`)
2022-11-23 08:43:46 +02:00
# - core services (the homeserver) get a level of ~1000
2024-01-17 11:52:46 +02:00
# - services that the homeserver depends on (database, Redis, ntfy, Coturn, etc.) get a lower level - between 500 and 1000
2024-01-23 15:55:24 +02:00
# - Coturn gets a higher level if `devture_systemd_service_manager_service_restart_mode == 'one-by-one'` to intentionally delay it, because:
# - starting services one by one means that the service manager role waits for each service to fully start before proceeding to the next one
# - if Coturn has a lower priority than the homeserver, it would be started before it
# - since Coturn is started before the homeserver, there's no container label telling Traefik to get a `matrix.DOMAIN` certificate
# - thus, Coturn would spin and wait for a certificate until it fails. We'd get a playbook failure due to it, but service manager will proceed to start all other services anyway.
# - only later, when the homeserver actually starts, would that certificate be fetched and dumped
2022-11-23 08:43:46 +02:00
# - reverse-proxying services get level 3000
# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
# - they can start before the reverse-proxy
# - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
# - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix
# - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
2022-11-23 10:14:28 +02:00
devture_systemd_service_manager_services_list_auto: |
2022-11-22 21:36:49 +02:00
{{
2023-02-13 10:53:11 +02:00
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
2022-11-23 08:43:46 +02:00
+
2024-07-06 21:48:41 +03:00
([{'name': 'matrix-alertmanager-receiver.service', 'priority': 2200, 'groups': ['matrix', 'alertmanager-receiver']}] if matrix_alertmanager_receiver_enabled else [])
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron', 'bot-buscarron']}] if matrix_bot_buscarron_enabled else [])
2022-11-23 08:43:46 +02:00
+
2024-09-12 15:19:40 +03:00
([{'name': 'matrix-bot-baibot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'baibot', 'bot-baibot']}] if matrix_bot_baibot_enabled else [])
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb']}] if matrix_bot_go_neb_enabled else [])
2022-11-23 08:43:46 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit', 'bot-honoroit']}] if matrix_bot_honoroit_enabled else [])
2022-11-23 08:43:46 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot', 'bot-matrix-registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
2022-11-23 08:43:46 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot', 'bot-matrix-reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot', 'bot-maubot']}] if matrix_bot_maubot_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir', 'bot-mjolnir']}] if matrix_bot_mjolnir_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else [])
2023-02-08 18:55:08 +01:00
+
2024-01-17 11:52:46 +02:00
([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle', 'bot-postmoogle']}] if matrix_bot_postmoogle_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-05-18 09:41:28 +03:00
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else [])
2023-01-02 18:16:38 +00:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-03-05 15:09:52 +01:00
([{'name': 'matrix-appservice-draupnir-for-all.service', 'priority': 4000, 'groups': ['matrix', 'bridges', 'draupnir-for-all', 'appservice-draupnir-for-all']}] if matrix_appservice_draupnir_for_all_enabled else [])
2024-03-24 18:25:19 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node']}] if matrix_appservice_kakaotalk_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-appservice-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-slack']}] if matrix_appservice_slack_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-webhooks']}] if matrix_appservice_webhooks_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
2022-11-22 21:36:49 +02:00
+
Add support for WeChat bridging
This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241)
by Tobias Diez (https://github.com/tobiasdiez).
I've refactored some parts, made it more configurable, polished it up,
and it's integrated into the playbook now.
Both the WeChat bridge and WeChat agent appear to be working.
The WeChat bridge joins rooms and responds as expected.
That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092
This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2
Squashed commit of the following:
commit fdd37f02472a0b83d61b4fac80650442f90e7629
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 21:05:53 2024 +0300
Add documentation for WeChat bridge
commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:59:42 2024 +0300
Rename directory for matrix_wechat_agent_container_src_files_path
commit da200df82bbc9153d307095dd90e4769c400ea1e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:58:26 2024 +0300
Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key
commit 4022cb1355828ac16af7d9228cb1066962bb35f5
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:54:56 2024 +0300
Refactor install.yml for WeChat a bit (using blocks, etc.)
commit d07a39b4c4f6b93d04204e13e384086d5a242d52
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:52:35 2024 +0300
Rename WeChat Agent configuration file
This makes it more clear that it belongs to the agent.
Otherwise, `config.yaml` and `configure.yaml` make you wonder.
commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:49:06 2024 +0300
Move WeChat agent configuration to a template
commit a4047d94d8877b4095712dfc76ac3082a1edca28
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:47:17 2024 +0300
Mount WeChat config as readonly and instruct bridge to not update it
commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:46:33 2024 +0300
Sync WeChat config with upstream
Brings up-to-date with:
https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml
commit a46f5b9cbc8bf16042685a18c77d25a606bc8232
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:48:17 2024 +0300
Rename some files
commit 3877679040cffc4ca6cccfa21a7335f8f796f06e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:47:10 2024 +0300
Update WeChat logging config
This brings it up-to-date with what mautrix-go uses.
Otherwise, on startup we see:
> Migrating legacy log config
.. and it gets migrated to what we've done here.
commit e3e95ab234651867c7a975a08455549b31db4172
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:43:37 2024 +0300
Make sure matrix-wechat-agent runs as 1000:1000
It needs to write stuff to `/home/user/.vnc`.
`/home/user` is owned by `user:group` (`1000:1000`), so it cannot run
any other way.
Previously, if the `matrix` user was uid=1000 by chance, it would work,
but that's pure luck.
commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:57:09 2024 +0300
Pin wechat and wechat-agent versions
commit 40d40009f19ebceed4126146cbb510a2c95af671
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:53:58 2024 +0300
docker_image -> container_image for WeChat bridge
commit cc33aff592541913070d13288d17b04ed6243176
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:00:25 2024 +0300
docker_src -> container_src in WeChat bridge
commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 17:54:24 2024 +0300
matrix_go_wechat_ -> matrix_wechat_
The bridge is written in Go, but does not include Go anywhere in its
name. As such, it's mostly useless to use `matrix_go_wechat` as the
prefix.
commit d6662a69d1916d215d5184320c36d2ef73afd3e9
Author: Tobias Diez <code@tobiasdiez.de>
Date: Mon Mar 25 10:55:16 2024 +0800
Add wechat bridge
2024-06-03 21:06:19 +03:00
([{'name': 'matrix-wechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
+
([{'name': 'matrix-wechat-agent.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-01-02 15:56:56 +02:00
([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot']}] if matrix_hookshot_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-01-02 20:07:04 -05:00
([{'name': 'matrix-mautrix-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-slack']}] if matrix_mautrix_slack_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-hangouts']}] if matrix_mautrix_hangouts_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-12-18 16:38:52 +01:00
([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
2023-12-14 18:20:02 +01:00
+
2024-02-19 10:13:36 +02:00
([{'name': (matrix_mautrix_meta_messenger_identifier + '.service'), 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-meta', 'mautrix-meta-messenger']}] if matrix_mautrix_meta_messenger_enabled else [])
+
([{'name': (matrix_mautrix_meta_instagram_identifier + '.service'), 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-meta', 'mautrix-meta-instagram']}] if matrix_mautrix_meta_instagram_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-07-21 06:33:52 -05:00
([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-08-23 14:05:32 +02:00
([{'name': 'matrix-mautrix-wsproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy']}] if matrix_mautrix_wsproxy_enabled else [])
+
([{'name': 'matrix-mautrix-wsproxy-syncproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy-syncproxy']}] if matrix_mautrix_wsproxy_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-instagram']}] if matrix_mx_puppet_instagram_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-slack']}] if matrix_mx_puppet_slack_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-steam']}] if matrix_mx_puppet_steam_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-twitter']}] if matrix_mx_puppet_twitter_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-01-09 09:53:01 +02:00
([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else [])
+
2023-03-28 16:57:50 +03:00
([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny', 'client-cinny']}] if matrix_client_cinny_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-28 16:57:50 +03:00
([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element', 'client-element']}] if matrix_client_element_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-28 16:57:50 +03:00
([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-08-30 19:23:52 +03:00
([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else [])
+
2022-11-23 16:56:39 +02:00
([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-01-23 15:55:24 +02:00
([{'name': 'matrix-coturn.service', 'priority': (900 if devture_systemd_service_manager_service_restart_mode == 'clean-stop-start' else 1500), 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-02-20 22:34:16 +01:00
([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
2022-11-22 21:36:49 +02:00
+
2023-02-11 17:58:19 +01:00
([{'name': 'matrix-dimension.service', 'priority': 4000, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-dynamic-dns.service', 'priority': 5000, 'groups': ['matrix', 'dynamic-dns']}] if matrix_dynamic_dns_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-email2matrix.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'email2matrix']}] if matrix_email2matrix_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-02 22:50:13 +02:00
([{'name': (etherpad_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if etherpad_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-02-15 10:30:58 +02:00
([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-04-03 08:53:46 +03:00
([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if jitsi_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-04-03 08:53:46 +03:00
([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-04-03 08:53:46 +03:00
([{'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if jitsi_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-04-03 08:53:46 +03:00
([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-07-17 08:11:23 +03:00
([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else [])
2023-07-12 01:09:27 -05:00
+
2024-01-17 11:52:46 +02:00
([{'name': (exim_relay_identifier ~ '.service'), 'priority': 800, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-02-17 09:54:33 +02:00
([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-27 07:23:41 +02:00
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-30 11:18:39 +02:00
([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-21 07:38:12 +02:00
([{'name': (prometheus_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus']}] if prometheus_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-20 15:09:04 +02:00
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-20 15:09:04 +02:00
([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-postgres-exporter']}] if prometheus_postgres_exporter_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-20 15:09:04 +02:00
([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-nginxlog-exporter']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
2022-12-07 15:58:36 +01:00
+
2023-02-17 16:23:59 +02:00
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-03-26 09:25:18 +00:00
([{'name': (keydb_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'keydb']}] if keydb_enabled else [])
+
2024-03-24 18:25:19 +02:00
([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
+
2024-01-12 17:17:12 +02:00
([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-01-17 11:52:46 +02:00
([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
2023-03-07 11:57:56 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
2022-11-22 21:36:49 +02:00
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000, 'groups': ['matrix']}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
2022-11-22 21:36:49 +02:00
+
2023-03-12 10:18:16 +02:00
([{'name': 'matrix-synapse-auto-compressor.timer', 'priority': 5000, 'groups': ['matrix', 'synapse-auto-compressor']}] if matrix_synapse_auto_compressor_enabled else [])
+
2022-11-23 11:45:25 +02:00
([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
2022-11-22 21:36:49 +02:00
+
2024-07-25 12:19:08 -05:00
([{'name': (matrix_synapse_usage_exporter_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'synapse-usage-exporter']}] if matrix_synapse_usage_exporter_enabled else [])
+
2024-01-03 17:05:59 +02:00
([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'synapse-reverse-proxy-companion', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
2023-01-04 13:45:37 +01:00
+
([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
2023-02-10 14:37:08 +02:00
+
2024-01-09 09:54:00 +02:00
([{'name': (matrix_static_files_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-static-files']}] if matrix_static_files_enabled else [])
2024-01-03 13:05:59 +02:00
+
2024-01-17 11:52:46 +02:00
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
2023-03-06 09:08:04 +02:00
+
2024-01-17 11:52:46 +02:00
([{'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
2023-02-08 16:05:38 +02:00
+
2024-01-17 11:52:46 +02:00
([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else [])
2022-11-22 21:36:49 +02:00
}}
2022-11-22 09:01:26 +02:00
########################################################################
# #
2022-11-23 10:14:28 +02:00
# /com.devture.ansible.role.systemd_service_manager #
2022-11-22 09:01:26 +02:00
# #
########################################################################
2022-11-04 16:33:22 +02:00
########################################################################
# #
# com.devture.ansible.role.timesync #
# #
########################################################################
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
########################################################################
# #
# /com.devture.ansible.role.timesync #
# #
########################################################################
2022-11-04 14:58:28 +02:00
######################################################################
#
# com.devture.ansible.role.playbook_state_preserver
#
######################################################################
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}"
devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml"
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml"
######################################################################
#
# /com.devture.ansible.role.playbook_state_preserver
#
######################################################################
2024-03-24 19:15:43 +02:00
########################################################################
# #
# geerlingguy/ansible-role-docker #
# #
########################################################################
2024-04-20 08:17:06 +03:00
docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}"
2024-03-24 19:15:43 +02:00
########################################################################
# #
# /geerlingguy/ansible-role-docker #
# #
########################################################################
2019-03-03 18:22:52 +01:00
######################################################################
#
2019-05-16 09:07:40 +09:00
# matrix-base
#
######################################################################
2024-05-25 16:14:26 +03:00
matrix_identity_server_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
2019-05-16 09:07:40 +09:00
2024-01-02 15:56:56 +02:00
matrix_homeserver_systemd_services_list: |-
2021-12-23 17:48:34 +02:00
{{
2024-01-02 15:56:56 +02:00
(
([('matrix-' + matrix_homeserver_implementation + '.service')] if matrix_homeserver_implementation != 'synapse' else [])
+
([('matrix-' + matrix_homeserver_implementation + '.service')] if matrix_homeserver_implementation == 'synapse' and not matrix_synapse_reverse_proxy_companion_enabled else [])
+
(['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
) | unique
}}
matrix_homeserver_container_client_api_endpoint: |-
{{
{
2024-01-17 16:57:06 +02:00
'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled | default(false) else ('matrix-synapse:'+ matrix_synapse_container_client_api_port | default('8008') | string)),
'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
2021-12-23 17:48:34 +02:00
}[matrix_homeserver_implementation]
}}
2021-01-25 13:55:08 +02:00
2024-01-02 15:56:56 +02:00
matrix_homeserver_container_federation_api_endpoint: |-
2021-12-23 18:13:44 +02:00
{{
2024-01-02 15:56:56 +02:00
{
2024-01-17 16:57:06 +02:00
'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else ('matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | default('8008') | string)),
'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
2021-12-23 18:13:44 +02:00
}[matrix_homeserver_implementation]
}}
2022-01-08 09:11:22 +02:00
matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"
2019-05-16 09:07:40 +09:00
######################################################################
#
# /matrix-base
2019-03-03 18:22:52 +01:00
#
######################################################################
2024-07-06 21:48:41 +03:00
######################################################################
#
# matrix-alertmanager-receiver
#
######################################################################
# We don't enable this by default.
matrix_alertmanager_receiver_enabled: false
matrix_alertmanager_receiver_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_alertmanager_receiver_container_network: "{{ matrix_addons_container_network }}"
matrix_alertmanager_receiver_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_alertmanager_receiver_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_alertmanager_receiver_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_alertmanager_receiver_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_alertmanager_receiver_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
matrix_alertmanager_receiver_config_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_alertmanager_receiver_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_alertmanager_receiver_metrics_proxying_enabled: "{{ matrix_alertmanager_receiver_config_http_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_alertmanager_receiver_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_alertmanager_receiver_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-alertmanager-receiver"
######################################################################
#
# /matrix-alertmanager-receiver
#
######################################################################
2019-03-03 18:22:52 +01:00
######################################################################
#
2019-05-16 09:07:40 +09:00
# matrix-bridge-appservice-discord
2019-03-03 18:22:52 +01:00
#
######################################################################
2019-05-16 09:07:40 +09:00
# We don't enable bridges by default.
matrix_appservice_discord_enabled: false
2024-01-07 10:23:01 +02:00
matrix_appservice_discord_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else [])
}}
2023-02-19 11:20:58 +02:00
matrix_appservice_discord_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9005') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-03-03 18:22:52 +01:00
2024-01-07 10:23:01 +02:00
matrix_appservice_discord_container_network: "{{ matrix_addons_container_network }}"
2019-06-26 10:30:51 +03:00
2024-01-07 10:23:01 +02:00
matrix_appservice_discord_container_additional_networks_auto: |-
2019-05-21 11:13:52 +09:00
{{
2024-01-07 10:23:01 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname and matrix_appservice_discord_container_network != devture_postgres_container_network) else [])
) | unique
2019-05-21 11:13:52 +09:00
}}
2019-03-03 18:22:52 +01:00
2024-01-07 10:23:01 +02:00
# If the homeserver disables presence, it's likely better (less wasteful) to also disable presence on the bridge side.
matrix_appservice_discord_bridge_disablePresence: "{{ not matrix_synapse_presence_enabled }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}"
2019-06-26 10:30:51 +03:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}"
2019-06-26 10:30:51 +03:00
2020-12-14 00:52:25 +02:00
# We only make this use Postgres if our own Postgres server is enabled.
# It's only then (for now) that we can automatically create the necessary database and user for this service.
2022-11-27 07:23:41 +02:00
matrix_appservice_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_appservice_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
2020-12-14 00:52:25 +02:00
2019-03-03 18:22:52 +01:00
######################################################################
#
2019-05-16 09:07:40 +09:00
# /matrix-bridge-appservice-discord
2019-03-03 18:22:52 +01:00
#
######################################################################
2020-01-09 17:00:03 +01:00
######################################################################
#
# matrix-appservice-webhooks
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_webhooks_enabled: false
2024-01-07 12:48:30 +02:00
matrix_appservice_webhooks_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_appservice_webhooks_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
2021-10-01 16:37:37 +03:00
matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2023-02-19 11:20:58 +02:00
matrix_appservice_webhooks_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_webhooks_matrix_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-01-09 17:00:03 +01:00
2024-01-07 12:48:30 +02:00
matrix_appservice_webhooks_container_network: "{{ matrix_addons_container_network }}"
matrix_appservice_webhooks_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_appservice_webhooks_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_appservice_webhooks_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_appservice_webhooks_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_appservice_webhooks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_appservice_webhooks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}"
2020-01-09 17:00:03 +01:00
2024-01-07 17:04:23 +02:00
matrix_appservice_webhooks_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}"
2020-01-09 17:00:03 +01:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}"
2020-01-09 17:00:03 +01:00
######################################################################
#
# /matrix-appservice-webhooks
#
######################################################################
2019-06-10 10:52:48 -04:00
######################################################################
#
# matrix-appservice-slack
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_slack_enabled: false
2024-01-07 12:22:51 +02:00
matrix_appservice_slack_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_appservice_slack_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-10-06 16:39:07 +03:00
matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2021-01-14 01:29:11 +01:00
2023-02-19 11:20:58 +02:00
matrix_appservice_slack_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_slack_slack_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-07-27 14:22:34 -04:00
2024-01-07 12:22:51 +02:00
matrix_appservice_slack_container_network: "{{ matrix_addons_container_network }}"
matrix_appservice_slack_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname and matrix_appservice_slack_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_appservice_slack_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_appservice_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_appservice_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}"
2019-06-10 10:52:48 -04:00
2024-01-07 17:04:23 +02:00
matrix_appservice_slack_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}"
2019-06-10 10:52:48 -04:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}"
2019-06-10 10:52:48 -04:00
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_appservice_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
2022-11-27 09:16:18 +02:00
matrix_appservice_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
2024-01-13 17:11:57 +02:00
matrix_appservice_slack_database_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else '' }}"
2020-12-14 07:54:24 +01:00
2019-06-10 10:52:48 -04:00
######################################################################
#
# /matrix-bridge-appservice-slack
#
######################################################################
2019-05-16 09:07:40 +09:00
######################################################################
#
# matrix-bridge-appservice-irc
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_irc_enabled: false
2024-01-07 11:56:25 +02:00
matrix_appservice_irc_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-01-07 12:18:45 +02:00
matrix_appservice_irc_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2021-01-22 21:28:53 +01:00
2023-02-13 15:37:12 +02:00
matrix_appservice_irc_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9999') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-05-16 09:07:40 +09:00
2024-01-07 11:56:25 +02:00
matrix_appservice_irc_container_network: "{{ matrix_addons_container_network }}"
2019-06-19 09:30:59 +03:00
2024-01-07 11:56:25 +02:00
matrix_appservice_irc_container_additional_networks_auto: |-
2019-05-21 11:13:52 +09:00
{{
2024-01-07 11:56:25 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname and matrix_appservice_irc_container_network != devture_postgres_container_network) else [])
) | unique
2019-05-21 11:13:52 +09:00
}}
2019-03-03 18:22:52 +01:00
2024-01-07 11:56:25 +02:00
# The IRC bridge docs say that if homeserver presence is disabled, it's better to also disable
# IRC bridge presence, for performance reasons.
matrix_appservice_irc_homeserver_enablePresence: "{{ matrix_synapse_presence_enabled }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}"
2019-06-19 12:28:58 +03:00
2024-01-07 17:04:23 +02:00
matrix_appservice_irc_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
2019-06-19 12:28:58 +03:00
2022-11-27 07:23:41 +02:00
matrix_appservice_irc_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}"
2022-11-27 09:16:18 +02:00
matrix_appservice_irc_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
2024-01-13 17:10:02 +02:00
matrix_appservice_irc_database_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else '' }}"
2020-12-14 07:54:24 +01:00
2019-03-03 18:22:52 +01:00
######################################################################
#
2019-05-16 09:07:40 +09:00
# /matrix-bridge-appservice-irc
2019-03-03 18:22:52 +01:00
#
######################################################################
2022-07-25 14:34:21 +03:00
######################################################################
#
# matrix-bridge-appservice-kakaotalk
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_kakaotalk_enabled: false
2024-01-07 12:04:27 +02:00
matrix_appservice_kakaotalk_systemd_required_services_list_auto: |
2022-07-25 14:34:21 +03:00
{{
2024-01-07 12:04:27 +02:00
matrix_addons_homeserver_systemd_services_list
2022-07-25 14:34:21 +03:00
+
2024-01-07 12:04:27 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_appservice_kakaotalk_container_network: "{{ matrix_addons_container_network }}"
matrix_appservice_kakaotalk_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname and matrix_appservice_kakaotalk_container_network != devture_postgres_container_network) else [])
) | unique
2022-07-25 14:34:21 +03:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
2022-07-25 14:34:21 +03:00
2024-01-07 17:04:23 +02:00
matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
2022-07-25 14:34:21 +03:00
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-11-27 07:23:41 +02:00
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_appservice_kakaotalk_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
2022-07-25 14:34:21 +03:00
######################################################################
#
# /matrix-bridge-appservice-kakaotalk
#
######################################################################
2019-03-03 18:22:52 +01:00
2021-08-21 17:32:45 +02:00
######################################################################
#
2021-08-23 15:02:28 +03:00
# matrix-bridge-beeper-linkedin
2021-08-21 17:32:45 +02:00
#
######################################################################
# We don't enable bridges by default.
matrix_beeper_linkedin_enabled: false
2024-01-07 13:56:40 +02:00
matrix_beeper_linkedin_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else [])
}}
2021-12-23 13:03:31 +02:00
matrix_beeper_linkedin_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2024-01-07 13:56:40 +02:00
matrix_beeper_linkedin_container_network: "{{ matrix_addons_container_network }}"
matrix_beeper_linkedin_container_additional_networks_auto: |-
2021-08-21 17:32:45 +02:00
{{
2024-01-07 13:56:40 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname and matrix_beeper_linkedin_container_network != devture_postgres_container_network) else [])
) | unique
2021-08-21 17:32:45 +02:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}"
2021-08-21 17:32:45 +02:00
2024-01-07 17:04:23 +02:00
matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
2021-08-21 17:32:45 +02:00
2024-08-17 21:25:52 +03:00
matrix_beeper_linkedin_login_shared_secret: |-
{{
("as_token:" + matrix_appservice_double_puppet_registration_as_token)
if matrix_appservice_double_puppet_enabled
else (
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else ""
)
}}
2021-08-21 17:32:45 +02:00
2022-02-09 08:52:53 +01:00
matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
2021-08-21 17:32:45 +02:00
2022-11-27 09:16:18 +02:00
matrix_beeper_linkedin_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"
2021-08-21 17:32:45 +02:00
2021-08-23 15:02:28 +03:00
######################################################################
#
# /matrix-bridge-beeper-linkedin
#
######################################################################
2021-08-21 17:32:45 +02:00
2024-01-07 13:56:40 +02:00
2022-06-12 21:29:43 +00:00
######################################################################
#
# matrix-bridge-go-skype-bridge
#
######################################################################
# We don't enable bridges by default.
matrix_go_skype_bridge_enabled: false
2024-01-07 14:48:21 +02:00
matrix_go_skype_bridge_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-08-02 07:48:19 +03:00
matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2022-06-12 21:29:43 +00:00
2024-01-07 14:48:21 +02:00
matrix_go_skype_bridge_container_network: "{{ matrix_addons_container_network }}"
matrix_go_skype_bridge_container_additional_networks_auto: |-
2022-06-12 21:29:43 +00:00
{{
2024-01-07 14:48:21 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname and matrix_go_skype_bridge_container_network != devture_postgres_container_network) else [])
) | unique
2022-06-12 21:29:43 +00:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"
2022-06-12 21:29:43 +00:00
2024-01-07 17:04:23 +02:00
matrix_go_skype_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"
2022-06-12 21:29:43 +00:00
matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_go_skype_bridge_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
2022-06-12 21:29:43 +00:00
######################################################################
#
# /matrix-bridge-go-skype-bridge
#
######################################################################
2022-11-27 09:16:18 +02:00
######################################################################
#
# matrix-bridge-mautrix-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_discord_enabled: false
matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2024-01-05 06:13:12 +02:00
matrix_mautrix_discord_container_network: "{{ matrix_addons_container_network }}"
2024-01-02 17:22:23 +02:00
matrix_mautrix_discord_container_additional_networks_auto: |-
2022-11-27 09:16:18 +02:00
{{
2024-01-02 17:22:23 +02:00
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-02 17:22:23 +02:00
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname else [])
) | unique
}}
matrix_mautrix_discord_systemd_required_services_list_auto: |
{{
2024-01-05 06:13:12 +02:00
matrix_addons_homeserver_systemd_services_list
2022-11-27 09:16:18 +02:00
+
2024-01-02 17:22:23 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
2022-11-27 09:16:18 +02:00
}}
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
2024-01-05 06:13:12 +02:00
matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-08 18:16:02 +02:00
matrix_mautrix_discord_homeserver_public_address: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
2024-08-17 19:23:08 +03:00
matrix_mautrix_discord_bridge_login_shared_secret_map_auto: |-
{{
({
matrix_mautrix_discord_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else (
{matrix_mautrix_discord_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else {}
)
}}
2022-11-27 09:16:18 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-discord
#
######################################################################
2023-01-02 20:07:04 -05:00
######################################################################
#
# matrix-bridge-mautrix-slack
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_slack_enabled: false
2024-01-07 17:22:43 +02:00
matrix_mautrix_slack_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else [])
}}
2023-01-02 20:07:04 -05:00
matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2024-01-07 17:22:43 +02:00
matrix_mautrix_slack_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_slack_container_additional_networks_auto: |-
2023-01-02 20:07:04 -05:00
{{
2024-01-07 17:22:43 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_slack_container_network != devture_postgres_container_network) else [])
) | unique
2023-01-02 20:07:04 -05:00
}}
matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.as.tok', rounds=655555) | to_uuid }}"
2024-01-07 17:04:23 +02:00
matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2023-01-02 20:07:04 -05:00
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
2024-08-17 19:03:38 +03:00
matrix_mautrix_slack_double_puppet_secrets_auto: |-
{{
{
matrix_mautrix_slack_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
}
if matrix_appservice_double_puppet_enabled
else {}
}}
2023-01-02 20:07:04 -05:00
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}"
2024-08-17 16:43:35 +03:00
matrix_mautrix_slack_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_public_media_signing_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.pmed', rounds=655555) | to_uuid }}"
2023-01-02 20:07:04 -05:00
######################################################################
#
# /matrix-bridge-mautrix-slack
#
######################################################################
2019-05-15 09:34:31 +09:00
######################################################################
#
# matrix-bridge-mautrix-facebook
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_facebook_enabled: false
2024-01-07 08:58:06 +02:00
matrix_mautrix_facebook_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
2024-01-07 10:24:02 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else [])
2024-01-07 08:58:06 +02:00
}}
2020-04-19 13:31:36 +02:00
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2020-03-15 10:10:41 +02:00
2024-01-07 08:58:06 +02:00
matrix_mautrix_facebook_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9008') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2024-01-05 06:13:12 +02:00
matrix_mautrix_facebook_container_network: "{{ matrix_addons_container_network }}"
2024-01-02 15:56:56 +02:00
matrix_mautrix_facebook_container_additional_networks_auto: |-
2019-05-21 11:13:52 +09:00
{{
2024-01-02 15:56:56 +02:00
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-02 15:56:56 +02:00
+
2024-01-07 10:24:02 +02:00
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_facebook_container_network != devture_postgres_container_network) else [])
2024-01-02 15:56:56 +02:00
+
2024-01-07 10:24:02 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_facebook_container_labels_traefik_enabled) else [])
2024-01-02 15:56:56 +02:00
) | unique
}}
2024-01-03 09:24:40 +02:00
matrix_mautrix_facebook_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_facebook_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}"
2019-06-15 09:42:40 +03:00
2024-01-05 06:13:12 +02:00
matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-02 15:56:56 +02:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
2019-06-15 09:42:40 +03:00
2024-01-02 15:56:56 +02:00
matrix_mautrix_facebook_appservice_public_enabled: true
matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
2022-03-08 18:19:28 +01:00
2020-01-12 20:28:36 +02:00
matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-02-09 08:52:53 +01:00
matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
2020-12-01 11:55:18 +02:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_facebook_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2023-01-30 08:53:28 +02:00
2024-01-02 15:56:56 +02:00
matrix_mautrix_facebook_metrics_proxying_enabled: "{{ matrix_mautrix_facebook_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_facebook_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_facebook_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-facebook"
2021-01-20 10:12:51 +02:00
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
2022-11-27 07:23:41 +02:00
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_facebook_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2019-05-15 09:34:31 +09:00
######################################################################
#
# /matrix-bridge-mautrix-facebook
#
######################################################################
2019-07-28 16:52:30 +00:00
######################################################################
#
2022-11-27 09:16:18 +02:00
# matrix-bridge-mautrix-googlechat
2019-07-28 16:52:30 +00:00
#
######################################################################
# We don't enable bridges by default.
2022-11-27 09:16:18 +02:00
matrix_mautrix_googlechat_enabled: false
2019-07-28 16:52:30 +00:00
2024-01-07 15:22:22 +02:00
matrix_mautrix_googlechat_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-11-27 09:16:18 +02:00
matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2020-03-15 10:10:41 +02:00
2024-01-07 15:22:22 +02:00
matrix_mautrix_googlechat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9007') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_googlechat_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_googlechat_container_additional_networks_auto: |-
2019-07-28 16:52:30 +00:00
{{
2024-01-07 15:22:22 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_googlechat_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else [])
) | unique
2019-07-28 16:52:30 +00:00
}}
2024-01-07 15:22:22 +02:00
matrix_mautrix_googlechat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_googlechat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_googlechat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_googlechat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-14 21:22:08 +02:00
matrix_mautrix_googlechat_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-07 15:22:22 +02:00
matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
2019-07-28 16:52:30 +00:00
2024-01-07 17:04:23 +02:00
matrix_mautrix_googlechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
2019-07-28 16:52:30 +00:00
2024-08-17 21:22:24 +03:00
matrix_mautrix_googlechat_login_shared_secret: |-
{{
("as_token:" + matrix_appservice_double_puppet_registration_as_token)
if matrix_appservice_double_puppet_enabled
else (
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else ""
)
}}
2020-01-12 20:28:36 +02:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_googlechat_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2024-01-07 15:22:22 +02:00
matrix_mautrix_googlechat_metrics_proxying_enabled: "{{ matrix_mautrix_googlechat_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_googlechat_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_googlechat_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-googlechat"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
2022-11-27 09:16:18 +02:00
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_googlechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2019-07-28 16:52:30 +00:00
######################################################################
#
2022-11-27 09:16:18 +02:00
# /matrix-bridge-mautrix-googlechat
2019-07-28 16:52:30 +00:00
#
######################################################################
2021-10-12 11:45:04 +00:00
######################################################################
#
2022-11-27 09:16:18 +02:00
# matrix-bridge-mautrix-hangouts
2021-10-12 11:45:04 +00:00
#
######################################################################
# We don't enable bridges by default.
2022-11-27 09:16:18 +02:00
matrix_mautrix_hangouts_enabled: false
2021-10-12 11:45:04 +00:00
2024-01-07 15:37:04 +02:00
matrix_mautrix_hangouts_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-11-27 09:16:18 +02:00
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2021-10-12 11:45:04 +00:00
2024-01-07 15:37:04 +02:00
matrix_mautrix_hangouts_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9007') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_hangouts_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_hangouts_container_additional_networks_auto: |-
2021-10-12 11:45:04 +00:00
{{
2024-01-07 15:37:04 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_hangouts_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else [])
) | unique
2021-10-12 11:45:04 +00:00
}}
2024-01-07 15:37:04 +02:00
matrix_mautrix_hangouts_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_hangouts_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_hangouts_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_hangouts_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-14 21:22:08 +02:00
matrix_mautrix_hangouts_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-07 15:37:04 +02:00
matrix_mautrix_hangouts_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_hangouts_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
2021-10-12 11:45:04 +00:00
2024-01-07 15:37:04 +02:00
matrix_mautrix_hangouts_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
2021-10-12 11:45:04 +00:00
2022-11-27 09:16:18 +02:00
matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2021-10-12 11:45:04 +00:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_hangouts_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2024-01-07 15:37:04 +02:00
matrix_mautrix_hangouts_metrics_proxying_enabled: "{{ matrix_mautrix_hangouts_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_hangouts_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_hangouts_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-hangouts"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
2022-11-27 09:16:18 +02:00
matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_hangouts_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
2021-10-12 11:45:04 +00:00
######################################################################
#
2022-11-27 09:16:18 +02:00
# /matrix-bridge-mautrix-hangouts
2021-10-12 11:45:04 +00:00
#
######################################################################
2021-02-19 12:58:54 +01:00
######################################################################
#
# matrix-bridge-mautrix-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_instagram_enabled: false
2024-01-07 17:15:58 +02:00
matrix_mautrix_instagram_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else [])
}}
2021-02-19 12:58:54 +01:00
matrix_mautrix_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2024-01-05 06:13:12 +02:00
matrix_mautrix_instagram_container_network: "{{ matrix_addons_container_network }}"
2024-01-03 09:24:40 +02:00
matrix_mautrix_instagram_container_additional_networks_auto: |-
2021-02-19 12:58:54 +01:00
{{
2024-01-03 09:24:40 +02:00
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-03 09:24:40 +02:00
+
2024-01-07 17:15:58 +02:00
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_instagram_container_network != devture_postgres_container_network) else [])
2024-01-03 09:24:40 +02:00
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_instagram_container_labels_traefik_enabled else [])
) | unique
}}
matrix_mautrix_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}"
2021-02-19 12:58:54 +01:00
2024-01-05 06:13:12 +02:00
matrix_mautrix_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}"
2021-02-19 12:58:54 +01:00
matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2022-02-09 08:52:53 +01:00
matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
2021-02-19 12:58:54 +01:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_instagram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2023-01-30 08:53:28 +02:00
2024-01-03 09:24:40 +02:00
matrix_mautrix_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_instagram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-instagram"
2021-02-19 12:58:54 +01:00
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
2022-11-27 07:23:41 +02:00
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
2021-02-19 12:58:54 +01:00
######################################################################
#
# /matrix-bridge-mautrix-instagram
#
######################################################################
2020-10-24 12:15:03 +02:00
######################################################################
#
# matrix-bridge-mautrix-signal
#
######################################################################
2021-01-02 00:39:11 +01:00
# We don't enable bridges by default.
2020-10-24 12:15:03 +02:00
matrix_mautrix_signal_enabled: false
2024-01-07 17:15:58 +02:00
matrix_mautrix_signal_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
}}
2023-12-18 16:38:52 +01:00
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2024-01-07 17:15:58 +02:00
matrix_mautrix_signal_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_signal_container_additional_networks_auto: |-
2020-10-24 12:15:03 +02:00
{{
2024-01-07 17:15:58 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_signal_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_signal_container_labels_traefik_enabled else [])
) | unique
2020-10-24 12:15:03 +02:00
}}
2024-01-07 17:15:58 +02:00
matrix_mautrix_signal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_signal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_signal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_signal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2020-10-25 20:45:24 +01:00
2024-01-07 17:15:58 +02:00
matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2020-10-24 12:15:03 +02:00
2024-01-07 17:15:58 +02:00
matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2023-12-18 16:51:13 +01:00
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
2020-10-24 12:15:03 +02:00
2023-12-18 16:51:13 +01:00
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
2020-10-25 20:46:57 +01:00
2024-08-17 19:01:35 +03:00
matrix_mautrix_signal_double_puppet_secrets_auto: |-
{{
{
matrix_mautrix_signal_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
}
if matrix_appservice_double_puppet_enabled
else {}
}}
2019-07-28 16:52:30 +00:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2023-01-30 08:53:28 +02:00
2024-01-07 17:15:58 +02:00
matrix_mautrix_signal_metrics_proxying_enabled: "{{ matrix_mautrix_signal_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal"
2024-01-04 12:49:00 +02:00
2023-12-18 16:38:52 +01:00
matrix_mautrix_signal_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
2020-10-25 20:45:24 +01:00
2024-08-17 15:56:40 +03:00
matrix_mautrix_signal_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.prov', rounds=655555) | to_uuid }}"
2024-08-17 16:43:35 +03:00
matrix_mautrix_signal_public_media_signing_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.pmed', rounds=655555) | to_uuid }}"
2024-08-17 15:56:40 +03:00
2020-10-24 12:15:03 +02:00
######################################################################
#
# /matrix-bridge-mautrix-signal
#
######################################################################
2019-07-28 16:52:30 +00:00
2024-02-19 10:13:36 +02:00
######################################################################
#
# matrix-bridge-mautrix-meta-messenger
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_meta_messenger_enabled: false
matrix_mautrix_meta_messenger_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_mautrix_meta_messenger_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_meta_messenger_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_meta_messenger_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_meta_messenger_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_meta_messenger_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_mautrix_meta_messenger_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_meta_messenger_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_mautrix_meta_messenger_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.as', rounds=655555) | to_uuid }}"
matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}"
2024-09-17 08:34:44 +03:00
matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |-
2024-08-17 19:29:34 +03:00
{{
2024-09-17 08:34:44 +03:00
{
2024-08-17 19:29:34 +03:00
matrix_mautrix_meta_messenger_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
2024-09-17 08:34:44 +03:00
}
2024-08-17 19:29:34 +03:00
if matrix_appservice_double_puppet_enabled
2024-09-17 08:34:44 +03:00
else {}
2024-08-17 19:29:34 +03:00
}}
2024-02-19 10:13:36 +02:00
matrix_mautrix_meta_messenger_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_mautrix_meta_messenger_metrics_proxying_enabled: "{{ matrix_mautrix_meta_messenger_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite3-fk-wal' }}"
matrix_mautrix_meta_messenger_database_hostname: "{{ devture_postgres_connection_hostname if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}"
matrix_mautrix_meta_messenger_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}"
######################################################################
#
# /matrix-bridge-mautrix-meta-messenger
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-meta-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_meta_instagram_enabled: false
matrix_mautrix_meta_instagram_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_mautrix_meta_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_meta_instagram_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_meta_instagram_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_meta_instagram_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_meta_instagram_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_mautrix_meta_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_meta_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_mautrix_meta_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.as', rounds=655555) | to_uuid }}"
matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}"
2024-09-17 08:34:44 +03:00
matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |-
2024-08-17 19:29:34 +03:00
{{
2024-09-17 08:34:44 +03:00
{
2024-08-17 19:29:34 +03:00
matrix_mautrix_meta_instagram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
2024-09-17 08:34:44 +03:00
}
2024-08-17 19:29:34 +03:00
if matrix_appservice_double_puppet_enabled
2024-09-17 08:34:44 +03:00
else {}
2024-08-17 19:29:34 +03:00
}}
2024-02-19 10:13:36 +02:00
matrix_mautrix_meta_instagram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_mautrix_meta_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_meta_instagram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite3-fk-wal' }}"
matrix_mautrix_meta_instagram_database_hostname: "{{ devture_postgres_connection_hostname if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}"
matrix_mautrix_meta_instagram_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}"
######################################################################
#
# /matrix-bridge-mautrix-meta-instagram
#
######################################################################
2019-05-14 23:47:22 +09:00
######################################################################
#
# matrix-bridge-mautrix-telegram
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_telegram_enabled: false
2024-01-07 17:35:10 +02:00
matrix_mautrix_telegram_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_telegram_path_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else [])
}}
2021-01-13 22:40:47 +02:00
# Images are multi-arch (amd64 and arm64, but not arm32).
2022-01-07 12:18:45 +02:00
matrix_mautrix_telegram_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_telegram_lottieconverter_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_telegram_lottieconverter_container_image_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"
2021-01-13 16:51:45 +01:00
2024-01-07 17:35:10 +02:00
matrix_mautrix_telegram_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9006') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_telegram_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_telegram_container_additional_networks_auto: |-
2019-05-21 11:13:52 +09:00
{{
2024-01-07 17:35:10 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_telegram_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_telegram_container_labels_traefik_enabled) else [])
) | unique
2019-05-21 11:13:52 +09:00
}}
2019-05-14 23:47:22 +09:00
2024-01-07 17:35:10 +02:00
matrix_mautrix_telegram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_telegram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_telegram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}"
2019-06-15 09:43:43 +03:00
2024-01-20 12:58:14 +01:00
matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}"
2024-01-07 17:04:23 +02:00
matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
2019-06-15 09:43:43 +03:00
2024-08-17 21:08:28 +03:00
matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
{{
({
matrix_mautrix_telegram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else (
{matrix_mautrix_telegram_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else {}
)
}}
2019-05-14 23:47:22 +09:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_telegram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2019-05-26 20:50:52 +03:00
2024-01-07 17:35:10 +02:00
matrix_mautrix_telegram_metrics_proxying_enabled: "{{ matrix_mautrix_telegram_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram"
2020-01-12 20:28:36 +02:00
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_telegram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2019-05-14 23:47:22 +09:00
######################################################################
#
# /matrix-bridge-mautrix-telegram
#
######################################################################
2021-04-11 16:41:58 +10:00
######################################################################
#
# matrix-bridge-mautrix-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_twitter_enabled: false
2024-01-07 17:54:46 +02:00
matrix_mautrix_twitter_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else [])
}}
2021-04-11 16:41:58 +10:00
matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2024-01-07 17:54:46 +02:00
matrix_mautrix_twitter_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_twitter_container_additional_networks_auto: |-
2021-04-11 16:41:58 +10:00
{{
2024-01-07 17:54:46 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_twitter_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_twitter_container_labels_traefik_enabled else [])
) | unique
2021-04-11 16:41:58 +10:00
}}
2024-01-07 17:54:46 +02:00
matrix_mautrix_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_twitter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_twitter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}"
2021-04-11 16:41:58 +10:00
2024-01-07 17:04:23 +02:00
matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
2021-04-11 16:41:58 +10:00
2024-08-17 21:11:28 +03:00
matrix_mautrix_twitter_bridge_login_shared_secret_map_auto: |-
{{
({
matrix_mautrix_twitter_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else (
{matrix_mautrix_twitter_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else {}
)
}}
2021-04-11 16:41:58 +10:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2024-01-07 17:54:46 +02:00
matrix_mautrix_twitter_metrics_proxying_enabled: "{{ matrix_mautrix_twitter_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter"
2022-11-27 08:31:54 +02:00
matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
2022-11-27 07:23:41 +02:00
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if devture_postgres_enabled else '' }}"
2021-04-11 16:41:58 +10:00
######################################################################
#
# /matrix-bridge-mautrix-twitter
#
######################################################################
2023-07-21 06:33:52 -05:00
######################################################################
#
# matrix-bridge-mautrix-gmessages
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_gmessages_enabled: false
2024-01-07 15:08:20 +02:00
matrix_mautrix_gmessages_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else [])
}}
2023-07-21 06:33:52 -05:00
matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2024-01-07 15:08:20 +02:00
matrix_mautrix_gmessages_container_network: "{{ matrix_addons_container_network }}"
matrix_mautrix_gmessages_container_additional_networks_auto: |-
2023-07-21 06:33:52 -05:00
{{
2024-01-07 15:08:20 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_gmessages_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else [])
) | unique
2023-07-21 06:33:52 -05:00
}}
2024-01-07 15:08:20 +02:00
matrix_mautrix_gmessages_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_gmessages_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_gmessages_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2023-07-21 05:47:51 -08:00
matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.as.token', rounds=655555) | to_uuid }}"
2023-07-21 06:33:52 -05:00
2024-01-07 17:04:23 +02:00
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2023-07-21 05:47:51 -08:00
matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
2023-07-21 06:33:52 -05:00
2024-09-17 09:29:30 +03:00
matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
2024-08-17 21:22:35 +03:00
{{
2024-09-17 09:29:30 +03:00
{
matrix_mautrix_gmessages_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
}
2024-08-17 21:22:35 +03:00
if matrix_appservice_double_puppet_enabled
2024-09-17 09:29:30 +03:00
else {}
2024-08-17 21:22:35 +03:00
}}
2023-07-21 06:33:52 -05:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2023-07-21 06:33:52 -05:00
2024-01-07 15:08:20 +02:00
matrix_mautrix_gmessages_metrics_proxying_enabled: "{{ matrix_mautrix_gmessages_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages"
2024-01-04 12:49:00 +02:00
2023-07-21 06:33:52 -05:00
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-gmessages
#
######################################################################
2023-08-23 14:05:32 +02:00
######################################################################
#
# matrix-bridge-mautrix-wsproxy
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_wsproxy_enabled: false
2024-01-13 18:13:06 +02:00
matrix_mautrix_wsproxy_systemd_required_services_list_default: |
2023-08-23 14:05:32 +02:00
{{
2024-01-13 18:13:06 +02:00
matrix_addons_homeserver_systemd_services_list
2023-08-23 14:05:32 +02:00
+
2024-01-13 18:13:06 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == devture_postgres_connection_hostname) else [])
2023-08-23 14:05:32 +02:00
}}
matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
2024-01-07 17:04:23 +02:00
matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-13 18:13:06 +02:00
2023-08-23 14:05:32 +02:00
matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}"
2024-01-13 18:13:06 +02:00
matrix_mautrix_wsproxy_syncproxy_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_wsproxy_container_network: "{{ matrix_addons_container_network }}"
2023-08-23 14:05:32 +02:00
matrix_mautrix_wsproxy_container_additional_networks: |
{{
(
2024-01-13 18:13:06 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2023-08-23 14:05:32 +02:00
+
2024-01-13 18:13:06 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
2023-08-23 14:05:32 +02:00
+
2024-01-13 18:13:06 +02:00
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network) else [])
2023-08-23 14:05:32 +02:00
) | unique
}}
matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-13 18:13:06 +02:00
matrix_mautrix_wsproxy_syncproxy_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wsproxy.db', rounds=655555) | to_uuid }}"
2023-08-23 14:05:32 +02:00
######################################################################
#
# /matrix-bridge-mautrix-wsproxy
#
######################################################################
Add support for WeChat bridging
This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241)
by Tobias Diez (https://github.com/tobiasdiez).
I've refactored some parts, made it more configurable, polished it up,
and it's integrated into the playbook now.
Both the WeChat bridge and WeChat agent appear to be working.
The WeChat bridge joins rooms and responds as expected.
That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092
This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2
Squashed commit of the following:
commit fdd37f02472a0b83d61b4fac80650442f90e7629
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 21:05:53 2024 +0300
Add documentation for WeChat bridge
commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:59:42 2024 +0300
Rename directory for matrix_wechat_agent_container_src_files_path
commit da200df82bbc9153d307095dd90e4769c400ea1e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:58:26 2024 +0300
Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key
commit 4022cb1355828ac16af7d9228cb1066962bb35f5
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:54:56 2024 +0300
Refactor install.yml for WeChat a bit (using blocks, etc.)
commit d07a39b4c4f6b93d04204e13e384086d5a242d52
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:52:35 2024 +0300
Rename WeChat Agent configuration file
This makes it more clear that it belongs to the agent.
Otherwise, `config.yaml` and `configure.yaml` make you wonder.
commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:49:06 2024 +0300
Move WeChat agent configuration to a template
commit a4047d94d8877b4095712dfc76ac3082a1edca28
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:47:17 2024 +0300
Mount WeChat config as readonly and instruct bridge to not update it
commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:46:33 2024 +0300
Sync WeChat config with upstream
Brings up-to-date with:
https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml
commit a46f5b9cbc8bf16042685a18c77d25a606bc8232
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:48:17 2024 +0300
Rename some files
commit 3877679040cffc4ca6cccfa21a7335f8f796f06e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:47:10 2024 +0300
Update WeChat logging config
This brings it up-to-date with what mautrix-go uses.
Otherwise, on startup we see:
> Migrating legacy log config
.. and it gets migrated to what we've done here.
commit e3e95ab234651867c7a975a08455549b31db4172
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:43:37 2024 +0300
Make sure matrix-wechat-agent runs as 1000:1000
It needs to write stuff to `/home/user/.vnc`.
`/home/user` is owned by `user:group` (`1000:1000`), so it cannot run
any other way.
Previously, if the `matrix` user was uid=1000 by chance, it would work,
but that's pure luck.
commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:57:09 2024 +0300
Pin wechat and wechat-agent versions
commit 40d40009f19ebceed4126146cbb510a2c95af671
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:53:58 2024 +0300
docker_image -> container_image for WeChat bridge
commit cc33aff592541913070d13288d17b04ed6243176
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:00:25 2024 +0300
docker_src -> container_src in WeChat bridge
commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 17:54:24 2024 +0300
matrix_go_wechat_ -> matrix_wechat_
The bridge is written in Go, but does not include Go anywhere in its
name. As such, it's mostly useless to use `matrix_go_wechat` as the
prefix.
commit d6662a69d1916d215d5184320c36d2ef73afd3e9
Author: Tobias Diez <code@tobiasdiez.de>
Date: Mon Mar 25 10:55:16 2024 +0800
Add wechat bridge
2024-06-03 21:06:19 +03:00
######################################################################
#
# matrix-bridge-wechat
#
######################################################################
# We don't enable bridges by default.
matrix_wechat_enabled: false
matrix_wechat_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_wechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_wechat_agent_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_wechat_container_network: "{{ matrix_addons_container_network }}"
matrix_wechat_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname and matrix_wechat_container_network != devture_postgres_container_network) else [])
) | unique
}}
matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.as.token', rounds=655555) | to_uuid }}"
matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}"
matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}"
# Postgres is the default, except if not using internal Postgres server
matrix_wechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_wechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_wechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gowechat.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-wechat
#
######################################################################
2019-05-14 23:47:22 +09:00
######################################################################
#
# matrix-bridge-mautrix-whatsapp
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_whatsapp_enabled: false
2021-10-12 10:02:07 +03:00
matrix_mautrix_whatsapp_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2024-01-05 06:13:12 +02:00
matrix_mautrix_whatsapp_container_network: "{{ matrix_addons_container_network }}"
2024-01-02 17:41:36 +02:00
matrix_mautrix_whatsapp_container_additional_networks_auto: |-
2019-05-21 11:13:52 +09:00
{{
2024-01-02 17:41:36 +02:00
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-02 17:41:36 +02:00
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_whatsapp_container_labels_traefik_enabled else [])
) | unique
}}
matrix_mautrix_whatsapp_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_whatsapp_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
{{
2024-01-05 06:13:12 +02:00
matrix_addons_homeserver_systemd_services_list
2021-03-24 13:59:46 +02:00
+
2024-01-02 17:41:36 +02:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname else [])
2019-05-21 11:13:52 +09:00
}}
2019-05-14 23:47:22 +09:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
2019-06-24 00:16:04 +02:00
2024-01-05 06:13:12 +02:00
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
2019-06-24 00:16:04 +02:00
2024-08-17 21:04:09 +03:00
matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto: |-
{{
({
matrix_mautrix_whatsapp_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else (
{matrix_mautrix_whatsapp_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else {}
)
}}
2020-01-12 20:28:36 +02:00
2024-01-23 16:43:23 +02:00
matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2023-01-30 08:53:28 +02:00
2024-01-02 17:41:36 +02:00
matrix_mautrix_whatsapp_metrics_proxying_enabled: "{{ matrix_mautrix_whatsapp_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2019-05-14 23:47:22 +09:00
######################################################################
#
# /matrix-bridge-mautrix-whatsapp
#
######################################################################
2020-05-22 13:50:59 +02:00
######################################################################
#
# matrix-sms-bridge
#
######################################################################
# We don't enable bridges by default.
matrix_sms_bridge_enabled: false
2024-01-08 18:10:16 +02:00
matrix_sms_bridge_systemd_required_services_list_auto: |
2020-05-22 13:50:59 +02:00
{{
2024-01-08 18:10:16 +02:00
matrix_addons_homeserver_systemd_services_list
2021-03-24 13:59:46 +02:00
+
2024-01-08 18:10:16 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_sms_bridge_container_network: "{{ matrix_addons_container_network }}"
matrix_sms_bridge_container_additional_networks_auto: |-
{{
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2020-05-22 13:50:59 +02:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}"
2020-05-22 13:50:59 +02:00
2024-01-08 18:10:16 +02:00
matrix_sms_bridge_homeserver_hostname: "{{ (matrix_homeserver_container_client_api_endpoint | split(':'))[0] }}"
matrix_sms_bridge_homeserver_port: "{{ (matrix_homeserver_container_client_api_endpoint | split(':'))[1] }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}"
2020-05-22 13:50:59 +02:00
######################################################################
#
# /matrix-sms-bridge
#
######################################################################
2019-03-03 18:22:52 +01:00
2021-05-12 15:24:39 +03:00
######################################################################
#
# matrix-bridge-heisenbridge
#
######################################################################
# We don't enable bridges by default.
matrix_heisenbridge_enabled: false
2024-08-10 06:22:59 +03:00
matrix_heisenbridge_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2024-01-07 14:53:22 +02:00
matrix_heisenbridge_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
2021-05-12 15:24:39 +03:00
2024-01-07 14:53:22 +02:00
matrix_heisenbridge_container_network: "{{ matrix_addons_container_network }}"
2021-05-12 15:24:39 +03:00
2024-01-07 14:53:22 +02:00
matrix_heisenbridge_container_additional_networks_auto: |-
2021-05-12 15:24:39 +03:00
{{
2024-08-10 06:22:59 +03:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
[matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_heisenbridge_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else []
) | unique
2021-05-12 15:24:39 +03:00
}}
2024-08-10 06:22:59 +03:00
matrix_heisenbridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-07 14:53:22 +02:00
matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"
matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"
matrix_heisenbridge_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2021-05-12 15:24:39 +03:00
######################################################################
#
# /matrix-bridge-heisenbridge
#
######################################################################
2022-01-03 21:22:42 +01:00
######################################################################
#
# matrix-bridge-hookshot
#
######################################################################
# We don't enable bridges by default.
matrix_hookshot_enabled: false
2022-10-31 12:47:10 +02:00
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2022-04-03 17:10:46 +07:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}"
2022-01-03 21:22:42 +01:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}"
2022-01-03 21:22:42 +01:00
2024-01-05 06:13:12 +02:00
matrix_hookshot_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-02 15:56:56 +02:00
2022-01-03 21:22:42 +01:00
matrix_hookshot_systemd_wanted_services_list: |
{{
2024-01-05 06:13:12 +02:00
matrix_addons_homeserver_systemd_services_list
2023-12-16 09:23:35 +02:00
+
2024-04-17 15:34:56 +03:00
([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
2024-03-26 09:25:18 +00:00
+
2024-04-17 15:34:56 +03:00
([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
2023-12-16 09:23:35 +02:00
}}
# Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
2023-12-16 09:52:02 +02:00
# We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
# because connectivity is still potentially troublesome and is to be investigated.
2024-04-17 15:34:56 +03:00
matrix_hookshot_cache_redis_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
2023-12-16 09:23:35 +02:00
2024-01-05 06:13:12 +02:00
matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"
2024-01-02 15:56:56 +02:00
2023-12-16 09:23:35 +02:00
matrix_hookshot_container_additional_networks_auto: |
{{
2024-01-02 15:56:56 +02:00
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-02 15:56:56 +02:00
+
2024-04-17 15:34:56 +03:00
([redis_container_network] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
2024-01-02 17:10:26 +02:00
+
2024-04-17 15:34:56 +03:00
([keydb_container_network] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
2024-03-26 09:25:18 +00:00
+
2024-01-02 17:10:26 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
) | unique
2022-01-03 21:22:42 +01:00
}}
2022-01-08 17:16:53 +01:00
matrix_hookshot_container_http_host_bind_ports_defaultmapping:
2023-02-10 15:50:35 +02:00
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}"
2022-01-08 17:16:53 +01:00
2023-02-10 15:50:35 +02:00
matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}"
2022-01-03 21:22:42 +01:00
2024-01-02 17:10:26 +02:00
matrix_hookshot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_hookshot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2022-01-30 17:43:08 +01:00
matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
2022-01-11 00:19:29 +01:00
2024-01-23 16:43:23 +02:00
matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2022-01-11 22:39:57 +01:00
2024-01-02 17:10:26 +02:00
matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_hookshot_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_hookshot_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/hookshot"
matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2024-01-02 15:56:56 +02:00
2024-05-25 16:14:26 +03:00
matrix_hookshot_public_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2024-01-02 17:10:26 +02:00
matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
2022-02-16 19:51:00 +01:00
2022-01-03 21:22:42 +01:00
######################################################################
#
# /matrix-bridge-hookshot
#
######################################################################
2020-03-16 20:33:11 -04:00
2020-04-12 10:17:30 -04:00
######################################################################
#
# matrix-bridge-mx-puppet-slack
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_slack_enabled: false
2024-01-08 17:34:38 +02:00
matrix_mx_puppet_slack_hostname: "{{ matrix_server_fqn_matrix }}"
2020-04-12 10:17:30 -04:00
2024-01-08 17:34:38 +02:00
matrix_mx_puppet_slack_systemd_required_services_list_auto: |
2020-04-12 10:17:30 -04:00
{{
2024-01-08 17:34:38 +02:00
matrix_addons_homeserver_systemd_services_list
2021-03-24 13:59:46 +02:00
+
2024-01-08 17:34:38 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else [])
2020-04-12 10:17:30 -04:00
}}
2024-01-08 17:34:38 +02:00
matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_mx_puppet_slack_container_network: "{{ matrix_addons_container_network }}"
matrix_mx_puppet_slack_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_slack_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mx_puppet_slack_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_mx_puppet_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mx_puppet_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mx_puppet_slack_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mx_puppet_slack_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}"
2020-04-12 10:17:30 -04:00
2024-01-07 17:04:23 +02:00
matrix_mx_puppet_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}"
2020-04-12 10:17:30 -04:00
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2024-01-08 17:34:38 +02:00
matrix_mx_puppet_slack_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2020-04-12 10:17:30 -04:00
######################################################################
#
# /matrix-bridge-mx-puppet-slack
#
######################################################################
2020-06-29 15:28:43 +03:00
######################################################################
#
# matrix-bridge-mx-puppet-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_twitter_enabled: false
2024-01-08 17:55:49 +02:00
matrix_mx_puppet_twitter_hostname: "{{ matrix_server_fqn_matrix }}"
2020-06-29 15:28:43 +03:00
2024-01-08 17:55:49 +02:00
matrix_mx_puppet_twitter_systemd_required_services_list_auto: |
2020-06-29 15:28:43 +03:00
{{
2024-01-08 17:55:49 +02:00
matrix_addons_homeserver_systemd_services_list
2021-03-24 13:59:46 +02:00
+
2024-01-08 17:55:49 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else [])
2020-06-29 15:28:43 +03:00
}}
2024-01-08 17:55:49 +02:00
matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_mx_puppet_twitter_appservice_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mx_puppet_twitter_container_network: "{{ matrix_addons_container_network }}"
matrix_mx_puppet_twitter_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_twitter_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mx_puppet_twitter_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_mx_puppet_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mx_puppet_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mx_puppet_twitter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_mx_puppet_twitter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}"
2020-06-29 15:28:43 +03:00
2024-01-07 17:04:23 +02:00
matrix_mx_puppet_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}"
2020-06-29 15:28:43 +03:00
matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2024-01-08 17:55:49 +02:00
matrix_mx_puppet_twitter_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"
2020-06-30 17:39:19 +03:00
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2020-06-29 15:28:43 +03:00
######################################################################
#
# /matrix-bridge-mx-puppet-twitter
#
######################################################################
2020-04-12 10:17:30 -04:00
2020-06-27 12:40:27 +02:00
######################################################################
#
# matrix-bridge-mx-puppet-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_instagram_enabled: false
2024-01-08 17:16:32 +02:00
matrix_mx_puppet_instagram_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-03-10 11:41:41 +02:00
matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-06-27 12:40:27 +02:00
2024-01-08 17:16:32 +02:00
matrix_mx_puppet_instagram_container_network: "{{ matrix_addons_container_network }}"
matrix_mx_puppet_instagram_container_additional_networks_auto: |-
2020-06-27 12:40:27 +02:00
{{
2024-01-08 17:16:32 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_instagram_container_network != devture_postgres_container_network) else [])
) | unique
2020-06-27 12:40:27 +02:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}"
2020-06-27 12:40:27 +02:00
2024-01-07 17:04:23 +02:00
matrix_mx_puppet_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}"
2020-06-27 12:40:27 +02:00
matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2024-01-08 17:16:32 +02:00
matrix_mx_puppet_instagram_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2020-06-27 12:40:27 +02:00
######################################################################
#
# /matrix-bridge-mx-puppet-instagram
#
######################################################################
2020-06-11 17:54:36 +02:00
######################################################################
#
# matrix-bridge-mx-puppet-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_discord_enabled: false
2024-01-08 17:03:48 +02:00
matrix_mx_puppet_discord_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-03-10 11:41:41 +02:00
matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-06-11 17:54:36 +02:00
2024-01-08 17:03:48 +02:00
matrix_mx_puppet_discord_container_network: "{{ matrix_addons_container_network }}"
matrix_mx_puppet_discord_container_additional_networks_auto: |-
2020-06-11 17:54:36 +02:00
{{
2024-01-08 17:03:48 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_discord_container_network != devture_postgres_container_network) else [])
) | unique
2020-06-11 17:54:36 +02:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}"
2020-06-11 17:54:36 +02:00
2024-01-07 17:04:23 +02:00
matrix_mx_puppet_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}"
2020-06-11 17:54:36 +02:00
matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2024-01-08 17:06:38 +02:00
matrix_mx_puppet_discord_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2020-06-11 17:54:36 +02:00
######################################################################
#
# /matrix-bridge-mx-puppet-discord
#
######################################################################
2020-07-01 13:46:58 +02:00
######################################################################
#
# matrix-bridge-mx-puppet-steam
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_steam_enabled: false
2024-01-08 17:45:19 +02:00
matrix_mx_puppet_steam_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-04-03 17:34:27 +07:00
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2020-07-01 13:46:58 +02:00
2024-01-08 17:45:19 +02:00
matrix_mx_puppet_steam_container_network: "{{ matrix_addons_container_network }}"
matrix_mx_puppet_steam_container_additional_networks_auto: |-
2020-07-01 13:46:58 +02:00
{{
2024-01-08 17:45:19 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_steam_container_network != devture_postgres_container_network) else [])
) | unique
2020-07-01 13:46:58 +02:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}"
2020-07-01 13:46:58 +02:00
2024-01-07 17:04:23 +02:00
matrix_mx_puppet_steam_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}"
2020-07-01 13:46:58 +02:00
matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2024-01-08 17:45:19 +02:00
matrix_mx_puppet_steam_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
2020-12-14 07:54:24 +01:00
2020-07-01 13:46:58 +02:00
######################################################################
#
# /matrix-bridge-mx-puppet-steam
#
######################################################################
2020-06-27 12:40:27 +02:00
2024-01-08 17:12:38 +02:00
2021-02-12 23:13:30 -05:00
######################################################################
#
# matrix-bridge-mx-puppet-groupme
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_groupme_enabled: false
2024-01-08 17:12:38 +02:00
matrix_mx_puppet_groupme_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else [])
}}
2022-03-10 11:41:41 +02:00
matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2021-02-12 23:13:30 -05:00
2024-01-08 17:12:38 +02:00
matrix_mx_puppet_groupme_container_network: "{{ matrix_addons_container_network }}"
matrix_mx_puppet_groupme_container_additional_networks_auto: |-
2021-02-12 23:13:30 -05:00
{{
2024-01-08 17:12:38 +02:00
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_groupme_container_network != devture_postgres_container_network) else [])
) | unique
2021-02-12 23:13:30 -05:00
}}
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}"
2021-02-12 23:13:30 -05:00
2024-01-07 17:04:23 +02:00
matrix_mx_puppet_groupme_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}"
2021-02-12 23:13:30 -05:00
matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
2024-01-08 17:12:38 +02:00
matrix_mx_puppet_groupme_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}"
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
2021-02-12 23:13:30 -05:00
######################################################################
#
# /matrix-bridge-mx-puppet-groupme
#
######################################################################
2020-07-20 14:13:08 +03:00
2024-01-08 17:12:38 +02:00
2020-07-20 14:13:08 +03:00
######################################################################
#
# matrix-bot-matrix-reminder-bot
#
######################################################################
# We don't enable bots by default.
matrix_bot_matrix_reminder_bot_enabled: false
2024-01-02 15:56:56 +02:00
matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: |
2020-12-14 17:22:31 +02:00
{{
2024-01-05 06:13:12 +02:00
matrix_addons_homeserver_systemd_services_list
2021-03-24 13:59:46 +02:00
+
2024-01-02 15:56:56 +02:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else [])
2020-12-14 17:22:31 +02:00
}}
2024-01-13 10:22:06 +02:00
matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2020-12-14 15:02:11 +02:00
2024-01-05 06:13:12 +02:00
matrix_bot_matrix_reminder_bot_container_network: "{{ matrix_addons_container_network }}"
2024-01-13 10:25:35 +02:00
2024-01-02 15:56:56 +02:00
matrix_bot_matrix_reminder_bot_container_additional_networks_auto: |-
{{
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-02 15:56:56 +02:00
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else [])
) | unique
}}
2024-01-05 06:13:12 +02:00
matrix_bot_matrix_reminder_bot_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-02 15:56:56 +02:00
2024-01-07 09:35:18 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
2024-01-13 10:22:06 +02:00
matrix_bot_matrix_reminder_bot_allowlist_enabled: true
matrix_bot_matrix_reminder_bot_allowlist_regexes_auto:
- "@[a-z0-9-_.]+:{{ matrix_domain }}"
2020-12-14 15:02:11 +02:00
2020-07-20 14:13:08 +03:00
######################################################################
#
# /matrix-bot-matrix-reminder-bot
#
######################################################################
2022-04-21 10:07:47 +02:00
######################################################################
#
# matrix-bot-matrix-registration-bot
#
######################################################################
# We don't enable bots by default.
matrix_bot_matrix_registration_bot_enabled: false
2024-01-07 09:33:37 +02:00
matrix_bot_matrix_registration_bot_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
2022-04-21 10:07:47 +02:00
matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2024-01-07 09:33:37 +02:00
matrix_bot_matrix_registration_bot_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_matrix_registration_bot_container_additional_networks_auto: |-
2022-04-21 10:07:47 +02:00
{{
2024-01-07 09:33:37 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2022-04-21 10:07:47 +02:00
}}
2024-01-07 17:04:23 +02:00
matrix_bot_matrix_registration_bot_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2022-04-21 10:07:47 +02:00
######################################################################
#
# /matrix-bot-matrix-registration-bot
#
######################################################################
2022-06-23 20:24:52 +02:00
######################################################################
#
2022-06-24 18:06:06 +02:00
# matrix-bot-maubot
2022-06-23 20:24:52 +02:00
#
######################################################################
# We don't enable bots by default.
2022-06-23 21:57:52 +02:00
matrix_bot_maubot_enabled: false
2022-06-23 20:24:52 +02:00
2024-01-07 10:16:42 +02:00
matrix_bot_maubot_systemd_required_services_list_auto: |
2022-06-23 20:24:52 +02:00
{{
2024-01-07 10:16:42 +02:00
matrix_addons_homeserver_systemd_services_list
2022-07-09 11:44:11 +02:00
+
2024-01-07 10:16:42 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else [])
2022-06-23 20:24:52 +02:00
}}
2024-01-14 21:33:09 +02:00
matrix_bot_maubot_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-13 18:04:21 +02:00
matrix_bot_maubot_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_bot_maubot_homeserver_secret: |-
2022-06-24 18:19:23 +02:00
{{
{
2024-01-17 16:57:06 +02:00
'synapse': matrix_synapse_registration_shared_secret | default(''),
'dendrite': matrix_dendrite_client_api_registration_shared_secret | default(''),
2022-06-24 18:19:23 +02:00
}[matrix_homeserver_implementation]
}}
2024-01-07 10:16:42 +02:00
matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_bot_maubot_container_management_interface_http_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_bot_maubot_server_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_bot_maubot_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_maubot_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname and matrix_bot_maubot_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_maubot_container_labels_traefik_enabled else [])
) | unique
}}
matrix_bot_maubot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_bot_maubot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_maubot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_maubot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_bot_maubot_container_labels_management_hostname: "{{ matrix_server_fqn_matrix }}"
2022-08-05 19:02:01 +02:00
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 08:31:54 +02:00
matrix_bot_maubot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
2022-06-23 20:24:52 +02:00
######################################################################
#
2022-06-24 18:06:06 +02:00
# /matrix-bot-maubot
2022-06-23 20:24:52 +02:00
#
######################################################################
2022-04-21 10:07:47 +02:00
2022-01-06 20:30:10 +02:00
######################################################################
#
# matrix-bot-honoroit
#
######################################################################
# We don't enable bots by default.
matrix_bot_honoroit_enabled: false
2023-05-18 10:10:47 +03:00
2023-03-23 19:09:34 +02:00
matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
2023-05-19 19:32:34 +03:00
2023-05-18 10:10:47 +03:00
matrix_bot_honoroit_path_prefix: /honoroit
2022-01-06 20:30:10 +02:00
2024-01-07 09:30:08 +02:00
matrix_bot_honoroit_systemd_required_services_list_auto: |
2022-01-06 20:30:10 +02:00
{{
2024-01-07 09:30:08 +02:00
matrix_addons_homeserver_systemd_services_list
2022-01-06 20:30:10 +02:00
+
2024-01-07 09:30:08 +02:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname else [])
2022-01-06 20:30:10 +02:00
}}
2024-01-07 09:30:08 +02:00
matrix_bot_honoroit_container_network: "{{ matrix_addons_container_network }}"
2022-01-06 20:30:10 +02:00
2023-03-23 19:06:16 +02:00
matrix_bot_honoroit_container_additional_networks: |
{{
(
2024-01-07 09:30:08 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2023-03-23 19:06:16 +02:00
+
2024-01-07 09:30:08 +02:00
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname and matrix_bot_honoroit_container_network != devture_postgres_container_network) else [])
2023-03-23 19:06:16 +02:00
+
2024-01-07 12:27:24 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_honoroit_container_labels_traefik_enabled else [])
2023-03-23 19:06:16 +02:00
) | unique
}}
matrix_bot_honoroit_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-07 09:30:08 +02:00
# For consistency with other things hosted at the matrix FQN, we adjust the metrics endpoint
# so that metrics would be served at something like `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`).
matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ matrix_metrics_exposure_path_prefix }}/honoroit"
2024-01-07 17:04:23 +02:00
matrix_bot_honoroit_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-07 09:30:08 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_honoroit_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2022-01-06 20:30:10 +02:00
######################################################################
#
# /matrix-bot-honoroit
#
######################################################################
2022-04-23 16:19:24 +03:00
######################################################################
#
# matrix-bot-buscarron
#
######################################################################
# We don't enable bots by default.
matrix_bot_buscarron_enabled: false
2024-01-07 08:58:21 +02:00
matrix_bot_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
2022-11-27 09:16:18 +02:00
2024-01-07 08:58:21 +02:00
matrix_bot_buscarron_systemd_required_services_list_auto: |
2022-04-23 16:19:24 +03:00
{{
2024-01-07 08:58:21 +02:00
matrix_addons_homeserver_systemd_services_list
2022-04-23 16:19:24 +03:00
+
2024-01-07 08:58:21 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else [])
2022-04-23 16:19:24 +03:00
}}
2024-01-07 08:58:21 +02:00
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2023-02-25 15:50:48 +02:00
2024-01-07 08:58:21 +02:00
matrix_bot_buscarron_container_network: "{{ matrix_addons_container_network }}"
2023-02-25 15:50:48 +02:00
2024-01-07 08:58:21 +02:00
matrix_bot_buscarron_container_additional_networks_auto: |-
2023-02-25 15:50:48 +02:00
{{
(
2024-01-07 08:58:21 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2023-02-25 15:50:48 +02:00
+
2024-01-07 08:58:21 +02:00
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname and matrix_bot_buscarron_container_network != devture_postgres_container_network) else [])
2023-02-27 17:07:44 +02:00
+
2024-01-07 08:58:21 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_buscarron_container_labels_traefik_enabled else [])
2023-02-25 15:50:48 +02:00
) | unique
}}
matrix_bot_buscarron_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-25 15:02:30 +02:00
2024-01-07 14:59:53 +02:00
matrix_bot_buscarron_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-07 08:58:21 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
2022-04-23 16:19:24 +03:00
######################################################################
#
# /matrix-bot-buscarron
#
######################################################################
2024-09-12 15:19:40 +03:00
######################################################################
#
# matrix-bot-baibot
#
######################################################################
# We don't enable bots by default.
matrix_bot_baibot_enabled: false
matrix_bot_baibot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_bot_baibot_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
matrix_bot_baibot_config_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_bot_baibot_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_baibot_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
) | unique
}}
######################################################################
#
# /matrix-bot-baibot
#
######################################################################
2022-08-22 20:10:35 +03:00
######################################################################
#
# matrix-bot-postmoogle
#
######################################################################
# We don't enable bots by default.
matrix_bot_postmoogle_enabled: false
2022-11-27 09:16:18 +02:00
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2023-02-08 16:45:03 +02:00
matrix_bot_postmoogle_ssl_path: |-
{{
{
2024-01-18 15:25:44 +02:00
'playbook-managed-traefik': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''),
'other-traefik-container': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''),
2023-02-08 16:45:03 +02:00
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_playbook_bot_postmoogle_traefik_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/{{ domain }}/certificate.crt {% endfor %}"
matrix_playbook_bot_postmoogle_traefik_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/{{ domain }}/privatekey.key {% endfor %}"
matrix_bot_postmoogle_tls_cert: |-
{{
{
2024-01-18 15:25:44 +02:00
'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''),
'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''),
2023-02-08 16:45:03 +02:00
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_bot_postmoogle_tls_key: |-
{{
{
2024-01-18 15:25:44 +02:00
'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''),
'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''),
2023-02-08 16:45:03 +02:00
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_bot_postmoogle_domains %}{{ devture_traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}"
2022-08-22 20:10:35 +03:00
2024-01-02 15:56:56 +02:00
matrix_bot_postmoogle_systemd_required_services_list_auto: |
2022-08-22 20:10:35 +03:00
{{
2024-01-05 06:13:12 +02:00
matrix_addons_homeserver_systemd_services_list
2022-08-22 20:10:35 +03:00
+
2024-01-02 15:56:56 +02:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_postmoogle_database_hostname == matrix_bot_postmoogle_database_hostname else [])
2023-02-08 16:45:03 +02:00
+
2023-03-01 09:29:14 +02:00
(matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled else [])
2022-08-22 20:10:35 +03:00
}}
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_bot_postmoogle_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_bot_postmoogle_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
2022-08-23 10:25:32 +00:00
2024-01-05 06:13:12 +02:00
matrix_bot_postmoogle_homeserver: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-02 15:56:56 +02:00
2024-01-05 06:13:12 +02:00
matrix_bot_postmoogle_container_network: "{{ matrix_addons_container_network }}"
2024-01-02 15:56:56 +02:00
matrix_bot_postmoogle_container_additional_networks_auto: |-
{{
(
2024-01-05 06:13:12 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2024-01-02 15:56:56 +02:00
+
([devture_postgres_container_network] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else [])
) | unique
}}
2022-08-22 20:10:35 +03:00
######################################################################
#
# /matrix-bot-postmoogle
#
######################################################################
2020-07-20 14:13:08 +03:00
2023-01-10 17:20:33 +02:00
######################################################################
#
# matrix-bot-chatgpt
#
######################################################################
# We don't enable bots by default.
matrix_bot_chatgpt_enabled: false
2023-01-10 17:20:50 +02:00
matrix_bot_chatgpt_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2024-01-05 06:13:12 +02:00
matrix_bot_chatgpt_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_chatgpt_container_additional_networks_auto: "{{ [] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network] }}"
2024-01-02 15:56:56 +02:00
2024-01-05 06:13:12 +02:00
matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2024-01-02 15:56:56 +02:00
2024-01-05 06:13:12 +02:00
matrix_bot_chatgpt_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
2024-01-02 15:56:56 +02:00
2023-01-10 17:20:33 +02:00
######################################################################
#
# /matrix-bot-chatgpt
#
######################################################################
2021-03-11 19:23:01 +01:00
######################################################################
#
# matrix-bot-go-neb
#
######################################################################
# We don't enable bots by default.
matrix_bot_go_neb_enabled: false
2023-03-03 10:38:38 +02:00
matrix_bot_go_neb_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
2024-01-07 09:23:24 +02:00
matrix_bot_go_neb_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
matrix_bot_go_neb_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '4050') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_bot_go_neb_container_network: "{{ matrix_addons_container_network }}"
2023-03-03 10:38:38 +02:00
matrix_bot_go_neb_container_additional_networks: |
{{
(
2024-01-07 09:23:24 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2023-03-03 10:38:38 +02:00
+
2024-01-07 09:23:24 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_go_neb_container_labels_traefik_enabled else [])
2023-03-03 10:38:38 +02:00
) | unique
}}
matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-03-11 19:23:01 +01:00
######################################################################
#
# /matrix-bot-go-neb
#
######################################################################
2021-03-23 22:46:08 -05:00
######################################################################
#
# matrix-bot-mjolnir
#
######################################################################
# We don't enable bots by default.
matrix_bot_mjolnir_enabled: false
2024-01-07 09:20:24 +02:00
matrix_bot_mjolnir_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
2024-03-24 21:55:21 +01:00
+
(['matrix-pantalaimon.service'] if matrix_bot_mjolnir_pantalaimon_use else [])
2024-01-07 09:20:24 +02:00
}}
2022-03-10 11:41:41 +02:00
matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2021-07-02 00:10:59 -05:00
2024-01-07 09:20:24 +02:00
matrix_bot_mjolnir_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_mjolnir_container_additional_networks_auto: |-
2021-03-23 22:46:08 -05:00
{{
2024-01-07 09:20:24 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2021-03-23 22:46:08 -05:00
}}
2024-03-24 21:55:21 +01:00
matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2021-03-23 22:46:08 -05:00
######################################################################
#
# /matrix-bot-mjolnir
#
######################################################################
2024-03-05 15:09:52 +01:00
2023-02-08 18:55:08 +01:00
######################################################################
#
# matrix-bot-draupnir
#
######################################################################
# We don't enable bots by default.
matrix_bot_draupnir_enabled: false
2024-08-08 05:41:45 +02:00
matrix_bot_draupnir_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8769') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2024-01-07 09:04:27 +02:00
matrix_bot_draupnir_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
2024-03-24 18:25:19 +02:00
+
(['matrix-pantalaimon.service'] if matrix_bot_draupnir_pantalaimon_use else [])
2024-01-07 09:04:27 +02:00
}}
2023-08-21 15:10:57 +02:00
matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2023-02-08 18:55:08 +01:00
2024-01-07 09:04:27 +02:00
matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}"
matrix_bot_draupnir_container_additional_networks_auto: |-
2023-02-08 18:55:08 +01:00
{{
2024-07-21 08:23:42 +03:00
(
2024-08-08 05:41:45 +02:00
([] if matrix_addons_homeserver_container_network == '' else
[matrix_addons_homeserver_container_network])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if
(matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_draupnir_container_labels_traefik_enabled) else [])
2024-07-21 08:23:42 +03:00
+
([matrix_pantalaimon_container_network] if (matrix_bot_draupnir_pantalaimon_use and matrix_pantalaimon_container_network != matrix_bot_draupnir_container_network) else [])
) | unique
2023-02-08 18:55:08 +01:00
}}
2024-03-24 18:25:19 +02:00
matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2024-08-08 05:41:45 +02:00
matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-08 18:55:08 +01:00
######################################################################
#
# /matrix-bot-draupnir
#
######################################################################
2023-02-13 10:53:11 +02:00
2024-03-05 15:09:52 +01:00
######################################################################
#
# matrix-appservice-draupnir-for-all
#
######################################################################
# We don't enable bots by default.
matrix_appservice_draupnir_for_all_enabled: false
matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_appservice_draupnir_for_all_container_network: "{{ matrix_addons_container_network }}"
matrix_appservice_draupnir_for_all_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != devture_postgres_container_network) else [])
) | unique
}}
matrix_appservice_draupnir_for_all_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_draupnir_for_all_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.hs.token', rounds=655555) | to_uuid }}"
matrix_appservice_draupnir_for_all_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.d4a.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-appservice-draupnir-for-all
#
######################################################################
2024-08-17 19:00:16 +03:00
######################################################################
#
# matrix-appservice-double-puppet
#
######################################################################
matrix_appservice_double_puppet_enabled: false
matrix_appservice_double_puppet_registration_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.doub.pup', rounds=655555) | to_uuid }}"
matrix_appservice_double_puppet_registration_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hs.doub.pup', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-appservice-double-puppet
#
######################################################################
2024-03-24 18:25:19 +02:00
######################################################################
#
# matrix-pantalaimon
#
######################################################################
matrix_pantalaimon_enabled: false
matrix_pantalaimon_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
matrix_pantalaimon_container_network: "{{ matrix_homeserver_container_network }}"
matrix_pantalaimon_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_pantalaimon_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
######################################################################
#
# /matrix-pantalaimon
#
######################################################################
2022-04-05 11:37:27 +00:00
######################################################################
#
2023-02-13 10:53:11 +02:00
# etke/backup_borg
2022-04-05 11:37:27 +00:00
#
######################################################################
2023-02-13 10:53:11 +02:00
backup_borg_enabled: false
backup_borg_identifier: matrix-backup-borg
2023-02-13 10:44:42 +00:00
backup_borg_retention_prefix: matrix-
backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
2023-02-13 10:53:11 +02:00
2023-02-13 11:44:19 +02:00
backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
2023-02-13 11:01:54 +02:00
backup_borg_username: "{{ matrix_user_username }}"
2023-02-13 10:53:11 +02:00
backup_borg_uid: "{{ matrix_user_uid }}"
backup_borg_gid: "{{ matrix_user_gid }}"
2022-11-27 07:23:41 +02:00
2023-02-13 10:53:11 +02:00
backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}"
2022-11-27 07:23:41 +02:00
2023-11-19 16:00:34 +02:00
backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/postgres' if devture_postgres_enabled else '' }}"
2023-02-13 12:25:05 +02:00
2023-02-13 10:53:11 +02:00
backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
2022-11-27 07:23:41 +02:00
2023-02-13 10:53:11 +02:00
backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}"
backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
backup_borg_location_source_directories:
2022-04-05 11:37:27 +00:00
- "{{ matrix_base_data_path }}"
2022-11-27 07:23:41 +02:00
2023-02-13 10:53:11 +02:00
backup_borg_location_exclude_patterns: |
2022-04-05 11:37:27 +00:00
{{
2022-04-14 18:06:54 +03:00
([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else [])
+
2022-11-27 07:23:41 +02:00
([devture_postgres_data_path] if devture_postgres_enabled else [])
2022-04-14 18:06:54 +03:00
}}
2022-11-27 07:23:41 +02:00
2023-02-13 10:53:11 +02:00
backup_borg_systemd_required_services_list: |
2022-04-14 18:06:54 +03:00
{{
2024-06-05 23:12:34 +08:00
[devture_systemd_docker_base_docker_service_name]
2022-04-14 18:06:54 +03:00
+
2022-11-27 07:23:41 +02:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2022-04-05 11:37:27 +00:00
}}
######################################################################
#
2023-02-13 10:53:11 +02:00
# /etke/backup_borg
2022-04-05 11:37:27 +00:00
#
######################################################################
2023-02-13 10:53:11 +02:00
2022-09-09 13:37:52 +02:00
######################################################################
#
# matrix-cactus-comments
#
######################################################################
matrix_cactus_comments_enabled: false
2024-01-08 19:57:18 +02:00
matrix_cactus_comments_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
2022-09-09 13:37:52 +02:00
2024-01-08 19:58:41 +02:00
matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2024-01-08 19:57:18 +02:00
matrix_cactus_comments_container_network: "{{ matrix_addons_container_network }}"
matrix_cactus_comments_container_additional_networks_auto: |-
2022-09-09 13:37:52 +02:00
{{
2024-01-08 19:57:18 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2022-09-09 13:37:52 +02:00
}}
2024-01-08 19:57:18 +02:00
matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}"
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}"
2024-01-07 17:04:23 +02:00
2024-01-08 19:57:18 +02:00
matrix_cactus_comments_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2022-09-09 13:37:52 +02:00
######################################################################
#
# /matrix-cactus-comments
#
######################################################################
2021-03-23 22:46:08 -05:00
2024-01-09 09:53:01 +02:00
######################################################################
#
# matrix-cactus-comments-client
#
######################################################################
matrix_cactus_comments_client_enabled: "{{ matrix_cactus_comments_enabled }}"
matrix_cactus_comments_client_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_cactus_comments_client_container_network: "{{ matrix_addons_container_network }}"
matrix_cactus_comments_client_container_additional_networks_auto: |-
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_cactus_comments_client_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_cactus_comments_client_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_cactus_comments_client_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /matrix-cactus-comments-client
#
######################################################################
2019-03-03 18:22:52 +01:00
######################################################################
#
# matrix-corporal
#
######################################################################
matrix_corporal_enabled: false
2024-01-13 15:28:21 +02:00
matrix_corporal_systemd_required_services_list_auto: |
{{
(['matrix-' + matrix_homeserver_implementation + '.service'])
}}
2022-01-31 16:52:49 +02:00
matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
2020-12-04 01:48:08 +02:00
2023-02-13 15:37:12 +02:00
matrix_corporal_container_http_gateway_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '41080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_corporal_container_http_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '41081') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-03-03 18:22:52 +01:00
2024-01-13 15:28:21 +02:00
matrix_corporal_container_network: matrix-corporal
2023-12-23 10:36:20 +02:00
matrix_corporal_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
2024-01-13 15:28:21 +02:00
([matrix_homeserver_container_network] if matrix_corporal_container_network != matrix_homeserver_container_network else [])
2023-12-23 10:36:20 +02:00
) | unique
}}
2024-01-13 15:28:21 +02:00
matrix_corporal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2019-03-03 18:22:52 +01:00
2024-05-25 16:14:26 +03:00
matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2021-01-25 13:55:08 +02:00
matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}"
2019-03-03 18:22:52 +01:00
matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
2021-01-16 23:47:14 +02:00
# This is only useful if there's REST auth provider to make use of it.
matrix_corporal_http_gateway_internal_rest_auth_enabled: "{{ matrix_synapse_ext_password_provider_rest_auth_enabled }}"
2019-03-03 18:22:52 +01:00
matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}"
######################################################################
#
# /matrix-corporal
#
######################################################################
2023-02-20 22:34:16 +01:00
######################################################################
#
2023-02-25 12:09:23 +02:00
# matrix-rageshake
2023-02-20 22:34:16 +01:00
#
######################################################################
# We don't enable rageshake by default.
matrix_rageshake_enabled: false
2023-02-25 12:32:19 +02:00
matrix_rageshake_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2023-02-20 22:34:16 +01:00
2023-02-25 13:15:34 +02:00
matrix_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}"
2024-01-13 17:29:14 +02:00
matrix_rageshake_container_network: matrix-rageshake
2023-02-25 13:15:34 +02:00
matrix_rageshake_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9110') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_rageshake_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-25 13:15:34 +02:00
2023-02-25 12:09:23 +02:00
######################################################################
#
# /matrix-rageshake
#
######################################################################
2019-03-03 18:22:52 +01:00
######################################################################
#
# matrix-coturn
#
######################################################################
matrix_coturn_enabled: true
2019-03-18 17:36:00 +02:00
2022-06-22 10:10:41 +02:00
matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
2020-03-15 10:10:41 +02:00
2023-10-10 11:10:21 +03:00
# We make the assumption that `ansible_host` points to an external IP address, which may not always be the case.
# Users are free to set `matrix_coturn_turn_external_ip_address` to an empty string
# to allow auto-detection (via an EchoIP service) to happen at runtime.
2022-04-11 11:50:41 +01:00
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
2019-03-03 18:22:52 +01:00
2024-02-18 09:52:00 +02:00
matrix_coturn_turn_static_auth_secret: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid) if matrix_coturn_authentication_method == 'auth-secret' else '' }}"
matrix_coturn_lt_cred_mech_username: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.user', rounds=655555) | to_uuid) if matrix_coturn_authentication_method == 'lt-cred-mech' else '' }}"
matrix_coturn_lt_cred_mech_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.pass', rounds=655555) | to_uuid) if matrix_coturn_authentication_method == 'lt-cred-mech' else '' }}"
2021-12-23 17:39:56 +02:00
2024-01-14 18:42:14 +02:00
matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_enabled }}"
2023-02-08 16:06:46 +02:00
matrix_coturn_tls_cert_path: |-
{{
{
2024-01-18 15:25:44 +02:00
'playbook-managed-traefik': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''),
'other-traefik-container': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''),
2023-02-08 16:12:19 +02:00
'none': '',
2023-02-08 16:06:46 +02:00
}[matrix_playbook_reverse_proxy_type]
}}
matrix_coturn_tls_key_path: |-
{{
{
2024-01-18 15:25:44 +02:00
'playbook-managed-traefik': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''),
'other-traefik-container': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''),
2023-02-08 16:12:19 +02:00
'none': '',
2023-02-08 16:06:46 +02:00
}[matrix_playbook_reverse_proxy_type]
}}
2020-11-26 10:08:52 +02:00
matrix_coturn_container_additional_volumes: |
{{
2023-02-08 16:06:46 +02:00
(
[
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'),
'dst': '/certificate.crt',
'options': 'ro',
},
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'),
'dst': '/privatekey.key',
'options': 'ro',
},
2024-01-18 15:25:44 +02:00
] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else []
2023-02-08 16:06:46 +02:00
)
}}
matrix_coturn_systemd_required_services_list: |
{{
2024-06-05 23:12:34 +08:00
[devture_systemd_docker_base_docker_service_name]
2023-02-08 16:06:46 +02:00
+
2023-03-01 09:29:14 +02:00
([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
2020-11-26 10:08:52 +02:00
}}
2019-03-19 10:24:39 +02:00
2019-03-03 18:22:52 +01:00
######################################################################
#
# /matrix-coturn
#
######################################################################
2019-03-08 15:00:53 +02:00
######################################################################
#
# matrix-dimension
#
######################################################################
matrix_dimension_enabled: false
2021-11-28 04:31:06 +00:00
matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2023-02-26 23:06:36 +02:00
matrix_dimension_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
2024-01-13 17:56:53 +02:00
matrix_dimension_container_network: "{{ matrix_addons_container_network }}"
2023-02-26 23:06:36 +02:00
2024-01-13 17:56:53 +02:00
# Dimension is connected both to `matrix_addons_homeserver_container_network` and `matrix_homeserver_container_network`,
2024-01-14 10:53:14 +02:00
# because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially
# going to different places.
2023-02-26 23:06:36 +02:00
matrix_dimension_container_additional_networks: |
{{
(
2024-01-13 17:56:53 +02:00
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
2023-02-26 23:06:36 +02:00
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_dimension_container_network else [])
+
2024-01-13 17:56:53 +02:00
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_dimension_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_dimension_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
2023-02-26 23:06:36 +02:00
) | unique
}}
2023-02-13 15:37:12 +02:00
matrix_dimension_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8184') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-03-08 15:00:53 +02:00
2023-02-26 23:06:36 +02:00
matrix_dimension_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_dimension_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_dimension_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-26 23:06:36 +02:00
2024-01-13 17:56:53 +02:00
matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}"
2021-12-23 18:13:44 +02:00
matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}"
2024-05-25 16:14:26 +03:00
matrix_dimension_homeserver_mediaUrl: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}"
2021-11-15 12:07:54 +02:00
2024-01-13 17:56:53 +02:00
# Dimension depends both on `matrix_addons_homeserver_systemd_services_list` and on the homeserver service,
2024-01-14 10:53:14 +02:00
# because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially
# going to different places.
2024-01-13 17:56:53 +02:00
matrix_dimension_systemd_required_services_list_auto: |
2020-12-14 17:22:31 +02:00
{{
2024-01-13 17:56:53 +02:00
(
matrix_addons_homeserver_systemd_services_list
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else [])
) | unique
2020-12-14 17:22:31 +02:00
}}
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_dimension_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_dimension_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
2020-04-22 19:01:56 +02:00
2019-03-08 15:00:53 +02:00
######################################################################
#
# /matrix-dimension
#
######################################################################
2021-01-21 00:06:35 +01:00
######################################################################
#
2023-03-02 22:50:13 +02:00
# etke/etherpad
2021-01-21 00:06:35 +01:00
#
######################################################################
2023-03-02 22:50:13 +02:00
etherpad_enabled: false
2019-03-08 15:00:53 +02:00
2023-03-02 22:50:13 +02:00
etherpad_identifier: matrix-etherpad
2021-02-15 10:46:23 +01:00
2023-03-02 22:50:13 +02:00
etherpad_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2022-11-04 11:36:10 +02:00
2023-03-02 22:50:13 +02:00
etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
2023-04-03 08:53:46 +03:00
etherpad_framing_enabled: "{{ matrix_dimension_enabled or jitsi_enabled }}"
2023-03-02 22:50:13 +02:00
2023-03-03 09:47:05 +02:00
etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
2023-03-02 22:50:13 +02:00
etherpad_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
etherpad_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9001') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2024-01-14 18:42:14 +02:00
etherpad_container_network: "{{ matrix_addons_container_network }}"
2023-03-02 22:50:13 +02:00
etherpad_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != etherpad_container_network else [])
) | unique
}}
etherpad_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
etherpad_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
etherpad_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
etherpad_systemd_required_services_list: |
2021-01-21 00:06:35 +01:00
{{
2024-06-05 23:12:34 +08:00
[devture_systemd_docker_base_docker_service_name]
2021-01-21 00:06:35 +01:00
+
2022-11-27 07:23:41 +02:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
2021-01-21 00:06:35 +01:00
}}
2023-03-02 22:50:13 +02:00
etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
etherpad_database_name: matrix_etherpad
etherpad_database_username: matrix_etherpad
etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
2021-01-21 00:06:35 +01:00
######################################################################
#
2023-03-02 22:50:13 +02:00
# /etke/etherpad
2021-01-21 00:06:35 +01:00
#
######################################################################
2020-11-07 17:34:16 -08:00
######################################################################
#
# matrix-dynamic-dns
#
######################################################################
2020-11-10 23:30:38 +02:00
matrix_dynamic_dns_enabled: false
2020-11-07 17:34:16 -08:00
2024-01-13 17:17:03 +02:00
matrix_dynamic_dns_container_network: matrix-dynamic-dns
2020-11-07 17:34:16 -08:00
######################################################################
#
# /matrix-dynamic-dns
#
######################################################################
2019-08-05 13:06:49 +03:00
######################################################################
#
# matrix-email2matrix
#
######################################################################
matrix_email2matrix_enabled: false
2024-01-13 17:05:58 +02:00
matrix_email2matrix_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
2022-02-05 11:14:20 +02:00
matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
2021-08-04 15:03:45 +03:00
2024-01-13 17:05:58 +02:00
matrix_email2matrix_container_network: "{{ matrix_addons_container_network }}"
matrix_email2matrix_container_additional_networks_auto: |-
{{
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
}}
2019-08-05 13:06:49 +03:00
######################################################################
#
# /matrix-email2matrix
#
######################################################################
2020-03-23 17:19:15 +02:00
######################################################################
#
2023-04-03 08:53:46 +03:00
# jitsi
2020-03-23 17:19:15 +02:00
#
######################################################################
2023-04-03 08:53:46 +03:00
jitsi_enabled: false
jitsi_architecture: "{{ matrix_architecture }}"
jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
jitsi_identifier: matrix-jitsi
jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
jitsi_uid: "{{ matrix_user_uid }}"
jitsi_gid: "{{ matrix_user_gid }}"
2020-03-23 17:19:15 +02:00
2023-10-31 08:32:08 +02:00
jitsi_user_username: "{{ matrix_user_username }}"
2023-04-03 08:53:46 +03:00
jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_web_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
jitsi_jvb_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-03-23 17:19:15 +02:00
2023-04-03 08:53:46 +03:00
jitsi_prosody_container_additional_networks_auto: |
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
}}
2020-11-27 17:57:07 +02:00
2023-04-03 08:53:46 +03:00
jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-05-23 14:06:18 +02:00
2023-04-03 08:53:46 +03:00
jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
2020-03-23 17:19:15 +02:00
2023-04-03 08:53:46 +03:00
jitsi_web_stun_servers: |
2020-03-24 09:35:21 +02:00
{{
[
2020-04-09 19:09:04 +03:00
'stun:' + matrix_server_fqn_matrix + ':5349',
2020-04-09 09:16:10 +03:00
'stun:' + matrix_server_fqn_matrix + ':3478',
2020-03-24 09:35:21 +02:00
]
if matrix_coturn_enabled
2020-04-09 09:16:10 +03:00
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
2020-03-24 09:35:21 +02:00
}}
2020-03-23 17:19:15 +02:00
2023-04-03 08:53:46 +03:00
# The Jitsi instance installed by this playbook is meant for embedding into Matrix clients, so framing is allowed.
jitsi_web_framing_enabled: true
2024-02-18 09:52:00 +02:00
# Jitsi (Prosody) only seems to support authenticating with Coturn using `auth-secret`, not `lt-cred-mech`.
# See: https://prosody.im/doc/coturn
jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
2023-04-03 08:53:46 +03:00
jitsi_turn_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
jitsi_turns_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
2024-09-04 08:54:57 +03:00
jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port.split(':')[-1] if matrix_coturn_enabled else '' }}"
jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port.split(':')[-1] if matrix_coturn_enabled else '' }}"
2023-04-03 08:53:46 +03:00
2021-01-21 00:06:59 +01:00
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
2023-04-03 08:53:46 +03:00
# unless explicitly disabled by setting `jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `jitsi_etherpad_enabled` to true,
2023-03-02 22:50:13 +02:00
# while also setting `etherpad_enabled` to false.
2023-04-03 08:53:46 +03:00
jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
2021-01-21 00:06:59 +01:00
2023-01-04 13:45:37 +01:00
# Allow verification using JWT and matrix-UVS
2023-10-26 22:34:08 +03:00
jitsi_prosody_auth_matrix_uvs_sync_power_levels: "{{ matrix_user_verification_service_enabled }}"
2023-04-03 08:53:46 +03:00
jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"
2024-01-14 18:42:14 +02:00
jitsi_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2023-01-04 13:45:37 +01:00
2023-04-03 08:53:46 +03:00
# Gravatar is enabled by default upstream, but there's no need to leak data there needlessly
# when embedding Jitsi in Matrix rooms.
jitsi_disable_gravatar: true
2023-01-04 13:45:37 +01:00
2020-03-23 17:19:15 +02:00
######################################################################
#
2023-04-03 08:53:46 +03:00
# /jitsi
2020-03-23 17:19:15 +02:00
#
######################################################################
2023-04-03 08:53:46 +03:00
2022-09-04 08:53:26 +02:00
######################################################################
#
# matrix-ldap-registration-proxy
#
######################################################################
# This is only for users with a specific LDAP setup
matrix_ldap_registration_proxy_enabled: false
2024-01-09 11:26:46 +02:00
matrix_ldap_registration_proxy_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_ldap_registration_proxy_matrix_server_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_ldap_registration_proxy_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
matrix_ldap_registration_proxy_container_network: "{{ matrix_addons_container_network }}"
matrix_ldap_registration_proxy_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_ldap_registration_proxy_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_ldap_registration_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2022-09-04 08:53:26 +02:00
######################################################################
#
# /matrix-ldap-registration-proxy
#
######################################################################
2020-03-23 17:19:15 +02:00
2019-03-03 18:22:52 +01:00
2024-01-05 17:54:50 +02:00
########################################################################
# #
# exim-relay #
# #
########################################################################
2019-03-03 18:22:52 +01:00
2024-01-05 17:54:50 +02:00
# We set up an Exim email relay by default.
# This is so that the homeserver and various other services can send emails through it.
# To completely disable this service, use: `exim_relay_enabled: false`
exim_relay_identifier: "matrix-exim-relay"
exim_relay_base_path: "{{ matrix_base_data_path }}/exim-relay"
exim_relay_uid: "{{ matrix_user_uid }}"
exim_relay_gid: "{{ matrix_user_gid }}"
exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"
2024-04-16 10:20:25 +03:00
exim_relay_sender_address: "matrix@{{ exim_relay_hostname }}"
2024-01-05 17:54:50 +02:00
########################################################################
# #
# /exim-relay #
# #
########################################################################
2020-06-08 09:52:34 +03:00
2019-03-03 18:22:52 +01:00
######################################################################
#
2020-01-08 22:31:44 +01:00
# matrix-ma1sd
2019-03-03 18:22:52 +01:00
#
######################################################################
2022-03-17 17:58:59 +02:00
# We no longer install the ma1sd identity server by default.
#
# The main reason we used to install ma1sd by default in the past was to
# prevent Element from talking to the `matrix.org` / `vector.im` identity servers,
# by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead,
# thus preventing contact list leaks.
#
# Since Element no longer defaults to using a public identity server if another one is not provided,
# we can stop installing ma1sd.
matrix_ma1sd_enabled: false
2019-03-03 18:22:52 +01:00
2024-01-09 15:27:13 +02:00
matrix_ma1sd_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_ma1sd_hostname: "{{ matrix_server_fqn_matrix }}"
2021-07-28 11:08:50 +03:00
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2020-03-15 10:10:41 +02:00
2023-02-13 15:37:12 +02:00
matrix_ma1sd_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_ma1sd_container_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-03-03 18:22:52 +01:00
2024-01-09 18:51:25 +02:00
matrix_ma1sd_container_network: "{{ matrix_homeserver_container_network }}"
2024-01-09 15:27:13 +02:00
matrix_ma1sd_container_additional_networks_auto: |
{{
(
2024-01-09 18:51:25 +02:00
([matrix_homeserver_container_network] if (matrix_ma1sd_container_network != matrix_homeserver_container_network) else [])
2024-01-09 15:27:13 +02:00
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname and matrix_ma1sd_container_network != devture_postgres_container_network) else [])
+
([exim_relay_container_network] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier and matrix_ma1sd_container_network != exim_relay_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_ma1sd_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_ma1sd_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_ma1sd_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_ma1sd_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-11-16 21:03:21 +02:00
2019-03-03 18:22:52 +01:00
# We enable Synapse integration via its Postgres database by default.
# When using another Identity store, you might wish to disable this and define
2020-01-08 22:31:44 +01:00
# your own configuration in `matrix_ma1sd_configuration_extension_yaml`.
matrix_ma1sd_synapsesql_enabled: true
matrix_ma1sd_synapsesql_type: postgresql
matrix_ma1sd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user | urlencode() }}&password={{ matrix_synapse_database_password | urlencode() }}
2019-03-03 18:22:52 +01:00
2020-01-08 22:31:44 +01:00
matrix_ma1sd_dns_overwrite_enabled: true
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
2024-01-09 15:27:13 +02:00
matrix_ma1sd_dns_overwrite_homeserver_client_value: "{{ matrix_addons_homeserver_client_api_url }}"
2019-03-03 18:22:52 +01:00
2024-01-05 17:59:27 +02:00
# By default, we send mail through the exim relay service.
2024-01-05 17:54:50 +02:00
matrix_ma1sd_threepid_medium_email_identity_from: "{{ exim_relay_sender_address }}"
2024-01-05 17:59:27 +02:00
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "{{ exim_relay_identifier }}"
2020-01-08 22:31:44 +01:00
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0
2019-03-03 18:22:52 +01:00
2024-01-14 18:42:14 +02:00
matrix_ma1sd_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2019-03-22 09:39:17 +02:00
2024-01-05 18:10:24 +02:00
matrix_ma1sd_systemd_required_services_list_auto: |
2020-12-14 17:22:31 +02:00
{{
2024-01-09 15:27:13 +02:00
matrix_addons_homeserver_systemd_services_list
+
2024-01-05 18:10:24 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-14 17:22:31 +02:00
}}
2024-01-05 18:10:24 +02:00
matrix_ma1sd_systemd_wanted_services_list_auto: |
2019-03-03 18:22:52 +01:00
{{
2024-01-05 18:10:24 +02:00
([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier) else [])
2019-03-03 18:22:52 +01:00
}}
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_ma1sd_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_ma1sd_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
2020-12-14 17:16:25 +02:00
2019-03-03 18:22:52 +01:00
######################################################################
#
2020-01-08 22:31:44 +01:00
# /matrix-ma1sd
2019-03-03 18:22:52 +01:00
#
######################################################################
2023-07-12 01:09:27 -05:00
######################################################################
#
# matrix-media-repo
#
######################################################################
matrix_media_repo_enabled: false
2024-01-09 16:02:31 +02:00
2024-01-09 18:52:38 +02:00
matrix_media_repo_container_network: "{{ matrix_homeserver_container_network }}"
2023-07-12 01:09:27 -05:00
2023-12-20 13:38:46 -06:00
matrix_media_repo_container_additional_networks: |
{{
(
2024-01-09 18:52:38 +02:00
([matrix_homeserver_container_network] if (matrix_media_repo_container_network != matrix_homeserver_container_network) else [])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_media_repo_container_network) else [])
2023-12-20 13:38:46 -06:00
+
2024-01-09 18:52:38 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_media_repo_container_labels_traefik_enabled) else [])
2023-12-20 13:38:46 -06:00
) | unique
}}
2023-07-12 01:09:27 -05:00
2023-12-20 13:38:46 -06:00
matrix_media_repo_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
2023-07-12 01:09:27 -05:00
matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_media_repo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-14 11:57:51 +02:00
matrix_media_repo_container_labels_traefik_internal_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
2024-07-11 07:03:14 +03:00
matrix_media_repo_container_labels_traefik_internal_matrix_client_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_media_repo_container_labels_traefik_internal_matrix_client_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
2024-07-22 17:38:34 -05:00
matrix_media_repo_metrics_proxying_enabled: "{{ matrix_media_repo_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_media_repo_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_media_repo_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-media-repo"
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2023-07-12 01:09:27 -05:00
matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_media_repo_database_username: matrix_media_repo
matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}"
matrix_media_repo_database_name: matrix_media_repo
2024-01-09 18:52:38 +02:00
matrix_media_repo_systemd_required_services_list_auto: |
2023-07-12 01:09:27 -05:00
{{
2024-01-09 18:52:38 +02:00
matrix_addons_homeserver_systemd_services_list
2023-07-12 01:09:27 -05:00
+
2023-07-17 08:07:49 +03:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname else [])
2023-07-12 01:09:27 -05:00
}}
2024-08-09 13:43:26 -05:00
matrix_media_repo_generate_signing_key: "{{ matrix_homeserver_implementation == 'synapse' or matrix_homeserver_implementation == 'dendrite'}}"
matrix_media_repo_homeserver_signing_key: "{{ matrix_media_repo_synapse_signing_key if matrix_homeserver_implementation == 'synapse' else (matrix_media_repo_dendrite_signing_key if matrix_homeserver_implementation == 'dendrite' else '') }}"
matrix_media_repo_synapse_signing_key: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key"
matrix_media_repo_dendrite_signing_key: "{{ matrix_dendrite_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.pem"
2024-01-09 16:07:23 +02:00
# Auto configured server setup by the playbook
matrix_media_repo_homeservers_auto:
- # Keep the dash from this line.
# This should match the server_name of your homeserver, and the Host header
# provided to the media repo.
name: "{{ matrix_domain }}"
# The base URL to where the homeserver can actually be reached by MMR.
2024-01-09 18:52:38 +02:00
csApi: "{{ matrix_homeserver_container_url }}"
2024-01-09 16:07:23 +02:00
# The number of consecutive failures in calling this homeserver before the
# media repository will start backing off. This defaults to 10 if not given.
backoffAt: 10
# The admin API interface supported by the homeserver. MMR uses a subset of the admin API
# during certain operations, like attempting to purge media from a room or validating server
# admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set
# to "matrix", most functionality requiring the admin API will not work.
adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}"
2024-07-23 11:29:19 -05:00
# The signing key to use for authorizing outbound federation requests. If not specified,
# requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/
# for details.
2024-08-09 13:43:26 -05:00
signingKeyPath: "{{ '/config/' + matrix_media_repo_identifier + '.signing.key' if matrix_media_repo_generate_signing_key else '' }}"
2024-07-23 11:29:19 -05:00
2024-01-14 11:54:02 +02:00
matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"
2023-07-12 01:09:27 -05:00
######################################################################
#
# /matrix-media-repo
#
######################################################################
2022-11-20 16:43:30 +02:00
2022-11-30 10:59:25 +02:00
2022-11-27 07:23:41 +02:00
########################################################################
# #
# com.devture.ansible.role.postgres #
# #
########################################################################
# To completely disable installing Postgres, use `devture_postgres_enabled: false`.
devture_postgres_identifier: matrix-postgres
devture_postgres_architecture: "{{ matrix_architecture }}"
devture_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
2019-03-03 18:22:52 +01:00
2022-11-27 07:23:41 +02:00
devture_postgres_uid: "{{ matrix_user_uid }}"
devture_postgres_gid: "{{ matrix_user_gid }}"
2021-01-22 13:52:55 +02:00
2022-11-27 07:23:41 +02:00
devture_postgres_connection_username: matrix
devture_postgres_db_name: matrix
2019-03-03 18:22:52 +01:00
2023-09-16 11:41:07 +03:00
devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}"
2022-11-27 07:23:41 +02:00
2023-10-18 08:24:52 +03:00
devture_postgres_max_connections: "{{ 500 if matrix_synapse_workers_enabled else 200 }}"
2022-11-30 09:42:06 +02:00
devture_postgres_managed_databases_auto: |
2020-11-29 15:20:22 +01:00
{{
2021-01-22 12:23:00 +02:00
([{
'name': matrix_synapse_database_database,
'username': matrix_synapse_database_user,
'password': matrix_synapse_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
2021-01-22 12:23:00 +02:00
+
2021-01-24 17:41:11 +11:00
([{
2023-03-14 08:52:15 +02:00
'name': matrix_dendrite_federation_api_database,
2021-01-24 17:41:11 +11:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
2023-03-14 08:52:15 +02:00
'name': matrix_dendrite_key_server_database,
2021-01-24 17:41:11 +11:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
2023-03-14 08:52:15 +02:00
'name': matrix_dendrite_media_api_database,
2021-01-24 17:41:11 +11:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_room_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
2023-03-14 08:52:15 +02:00
'name': matrix_dendrite_sync_api_database,
2021-01-24 17:41:11 +11:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
2023-03-14 08:52:15 +02:00
'name': matrix_dendrite_user_api_database,
2021-01-24 17:41:11 +11:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
2023-03-18 03:22:30 -04:00
},{
'name': matrix_dendrite_relay_api_database,
2023-03-18 03:43:12 -04:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
2021-01-24 17:41:11 +11:00
},{
2023-03-14 08:52:15 +02:00
'name': matrix_dendrite_push_server_database,
2021-01-24 17:41:11 +11:00
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
2021-10-27 15:06:29 +03:00
},{
'name': matrix_dendrite_mscs_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
2021-01-24 17:41:11 +11:00
+
2023-03-07 11:57:56 +02:00
([{
'name': matrix_sliding_sync_database_name,
'username': matrix_sliding_sync_database_username,
'password': matrix_sliding_sync_database_password,
}] if (matrix_sliding_sync_enabled) else [])
+
2020-12-14 17:16:25 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_ma1sd_database_name,
2020-12-14 17:16:25 +02:00
'username': matrix_ma1sd_database_username,
'password': matrix_ma1sd_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-14 17:16:25 +02:00
+
2020-12-14 15:02:11 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_bot_matrix_reminder_bot_database_name,
2020-12-14 15:02:11 +02:00
'username': matrix_bot_matrix_reminder_bot_database_username,
'password': matrix_bot_matrix_reminder_bot_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-14 15:02:11 +02:00
+
2022-01-06 20:30:10 +02:00
([{
'name': matrix_bot_honoroit_database_name,
'username': matrix_bot_honoroit_database_username,
'password': matrix_bot_honoroit_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname) else [])
2022-01-06 20:30:10 +02:00
+
2022-08-22 20:10:35 +03:00
([{
'name': matrix_bot_postmoogle_database_name,
'username': matrix_bot_postmoogle_database_username,
'password': matrix_bot_postmoogle_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_connection_hostname) else [])
2022-08-22 20:10:35 +03:00
+
2022-07-09 11:55:49 +02:00
([{
'name': matrix_bot_maubot_database_name,
'username': matrix_bot_maubot_database_username,
'password': matrix_bot_maubot_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else [])
2022-01-06 20:30:10 +02:00
+
2022-04-23 16:19:24 +03:00
([{
'name': matrix_bot_buscarron_database_name,
'username': matrix_bot_buscarron_database_username,
'password': matrix_bot_buscarron_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else [])
2022-04-23 16:19:24 +03:00
+
2020-12-14 18:58:37 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_registration_database_name,
2020-12-14 18:58:37 +02:00
'username': matrix_registration_database_username,
'password': matrix_registration_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-14 18:58:37 +02:00
+
2020-11-29 15:20:22 +01:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_appservice_discord_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_appservice_discord_database_username,
'password': matrix_appservice_discord_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
2024-03-05 15:09:52 +01:00
([{
'name': matrix_appservice_draupnir_for_all_database_name,
'username': matrix_appservice_draupnir_for_all_database_username,
'password': matrix_appservice_draupnir_for_all_database_password,
}] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else [])
2024-03-24 18:25:19 +02:00
+
2020-12-22 17:16:56 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_appservice_slack_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_appservice_slack_database_username,
'password': matrix_appservice_slack_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2020-12-22 17:10:02 +02:00
'name': matrix_appservice_irc_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_appservice_irc_database_username,
'password': matrix_appservice_irc_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
2022-07-25 14:34:21 +03:00
([{
'name': matrix_appservice_kakaotalk_database_name,
'username': matrix_appservice_kakaotalk_database_username,
'password': matrix_appservice_kakaotalk_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else [])
2022-07-25 14:34:21 +03:00
+
2021-08-21 17:32:45 +02:00
([{
'name': matrix_beeper_linkedin_database_name,
'username': matrix_beeper_linkedin_database_username,
'password': matrix_beeper_linkedin_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else [])
2021-08-21 17:32:45 +02:00
+
2022-06-12 21:29:43 +00:00
([{
'name': matrix_go_skype_bridge_database_name,
'username': matrix_go_skype_bridge_database_username,
'password': matrix_go_skype_bridge_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else [])
2022-06-12 21:29:43 +00:00
+
Add support for WeChat bridging
This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241)
by Tobias Diez (https://github.com/tobiasdiez).
I've refactored some parts, made it more configurable, polished it up,
and it's integrated into the playbook now.
Both the WeChat bridge and WeChat agent appear to be working.
The WeChat bridge joins rooms and responds as expected.
That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092
This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2
Squashed commit of the following:
commit fdd37f02472a0b83d61b4fac80650442f90e7629
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 21:05:53 2024 +0300
Add documentation for WeChat bridge
commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:59:42 2024 +0300
Rename directory for matrix_wechat_agent_container_src_files_path
commit da200df82bbc9153d307095dd90e4769c400ea1e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:58:26 2024 +0300
Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key
commit 4022cb1355828ac16af7d9228cb1066962bb35f5
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:54:56 2024 +0300
Refactor install.yml for WeChat a bit (using blocks, etc.)
commit d07a39b4c4f6b93d04204e13e384086d5a242d52
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:52:35 2024 +0300
Rename WeChat Agent configuration file
This makes it more clear that it belongs to the agent.
Otherwise, `config.yaml` and `configure.yaml` make you wonder.
commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:49:06 2024 +0300
Move WeChat agent configuration to a template
commit a4047d94d8877b4095712dfc76ac3082a1edca28
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:47:17 2024 +0300
Mount WeChat config as readonly and instruct bridge to not update it
commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 20:46:33 2024 +0300
Sync WeChat config with upstream
Brings up-to-date with:
https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml
commit a46f5b9cbc8bf16042685a18c77d25a606bc8232
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:48:17 2024 +0300
Rename some files
commit 3877679040cffc4ca6cccfa21a7335f8f796f06e
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:47:10 2024 +0300
Update WeChat logging config
This brings it up-to-date with what mautrix-go uses.
Otherwise, on startup we see:
> Migrating legacy log config
.. and it gets migrated to what we've done here.
commit e3e95ab234651867c7a975a08455549b31db4172
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 19:43:37 2024 +0300
Make sure matrix-wechat-agent runs as 1000:1000
It needs to write stuff to `/home/user/.vnc`.
`/home/user` is owned by `user:group` (`1000:1000`), so it cannot run
any other way.
Previously, if the `matrix` user was uid=1000 by chance, it would work,
but that's pure luck.
commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:57:09 2024 +0300
Pin wechat and wechat-agent versions
commit 40d40009f19ebceed4126146cbb510a2c95af671
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:53:58 2024 +0300
docker_image -> container_image for WeChat bridge
commit cc33aff592541913070d13288d17b04ed6243176
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 18:00:25 2024 +0300
docker_src -> container_src in WeChat bridge
commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797
Author: Slavi Pantaleev <slavi@devture.com>
Date: Mon Jun 3 17:54:24 2024 +0300
matrix_go_wechat_ -> matrix_wechat_
The bridge is written in Go, but does not include Go anywhere in its
name. As such, it's mostly useless to use `matrix_go_wechat` as the
prefix.
commit d6662a69d1916d215d5184320c36d2ef73afd3e9
Author: Tobias Diez <code@tobiasdiez.de>
Date: Mon Mar 25 10:55:16 2024 +0800
Add wechat bridge
2024-06-03 21:06:19 +03:00
([{
'name': matrix_wechat_database_name,
'username': matrix_wechat_database_username,
'password': matrix_wechat_database_password,
}] if (matrix_wechat_enabled and matrix_wechat_database_engine == 'postgres' and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else [])
+
2020-12-22 17:16:56 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mautrix_facebook_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mautrix_facebook_database_username,
'password': matrix_mautrix_facebook_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mautrix_hangouts_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mautrix_hangouts_database_username,
'password': matrix_mautrix_hangouts_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
2021-10-12 11:45:04 +00:00
([{
'name': matrix_mautrix_googlechat_database_name,
'username': matrix_mautrix_googlechat_database_username,
'password': matrix_mautrix_googlechat_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else [])
2021-10-12 11:45:04 +00:00
+
2021-02-19 12:58:54 +01:00
([{
'name': matrix_mautrix_instagram_database_name,
'username': matrix_mautrix_instagram_database_username,
'password': matrix_mautrix_instagram_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else [])
2021-02-24 08:17:53 +02:00
+
2021-01-02 00:39:11 +01:00
([{
2021-01-03 07:46:55 +02:00
'name': matrix_mautrix_signal_database_name,
'username': matrix_mautrix_signal_database_username,
'password': matrix_mautrix_signal_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
2021-01-02 00:39:11 +01:00
+
2024-02-19 10:13:36 +02:00
([{
'name': matrix_mautrix_meta_messenger_database_name,
'username': matrix_mautrix_meta_messenger_database_username,
'password': matrix_mautrix_meta_messenger_database_password,
}] if (matrix_mautrix_meta_messenger_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres' and matrix_mautrix_meta_messenger_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_mautrix_meta_instagram_database_name,
'username': matrix_mautrix_meta_instagram_database_username,
'password': matrix_mautrix_meta_instagram_database_password,
}] if (matrix_mautrix_meta_instagram_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres' and matrix_mautrix_meta_instagram_database_hostname == devture_postgres_connection_hostname) else [])
+
2023-08-23 14:05:32 +02:00
([{
'name': matrix_mautrix_wsproxy_syncproxy_database_name,
'username': matrix_mautrix_wsproxy_syncproxy_database_username,
'password': matrix_mautrix_wsproxy_syncproxy_database_password,
}] if (matrix_mautrix_wsproxy_enabled and matrix_mautrix_wsproxy_syncproxy_database_engine == 'postgres' and matrix_mautrix_wsproxy_syncproxy_database_hostname == 'matrix-postgres') else [])
+
2020-12-22 17:16:56 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mautrix_telegram_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mautrix_telegram_database_username,
'password': matrix_mautrix_telegram_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
2021-04-11 16:41:58 +10:00
([{
'name': matrix_mautrix_twitter_database_name,
'username': matrix_mautrix_twitter_database_username,
'password': matrix_mautrix_twitter_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else [])
2021-04-11 16:41:58 +10:00
+
2023-07-21 06:33:52 -05:00
([{
'name': matrix_mautrix_gmessages_database_name,
'username': matrix_mautrix_gmessages_database_username,
'password': matrix_mautrix_gmessages_database_password,
}] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else [])
+
2020-12-22 17:16:56 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mautrix_whatsapp_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mautrix_whatsapp_database_username,
'password': matrix_mautrix_whatsapp_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2022-07-22 18:55:44 +04:00
'name': matrix_mautrix_discord_database_name,
'username': matrix_mautrix_discord_database_username,
'password': matrix_mautrix_discord_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
2022-11-02 18:11:32 -04:00
([{
'name': matrix_mautrix_slack_database_name,
'username': matrix_mautrix_slack_database_username,
'password': matrix_mautrix_slack_database_password,
2023-01-02 20:07:04 -05:00
}] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else [])
2022-11-02 18:11:32 -04:00
+
2020-12-22 17:16:56 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mx_puppet_slack_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mx_puppet_slack_database_username,
'password': matrix_mx_puppet_slack_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mx_puppet_twitter_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mx_puppet_twitter_database_username,
'password': matrix_mx_puppet_twitter_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mx_puppet_instagram_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mx_puppet_instagram_database_username,
'password': matrix_mx_puppet_instagram_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mx_puppet_discord_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mx_puppet_discord_database_username,
'password': matrix_mx_puppet_discord_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
([{
2020-12-22 17:10:02 +02:00
'name': matrix_mx_puppet_steam_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_mx_puppet_steam_database_username,
'password': matrix_mx_puppet_steam_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else [])
2020-12-22 17:16:56 +02:00
+
2021-02-13 00:50:00 -05:00
([{
'name': matrix_mx_puppet_groupme_database_name,
'username': matrix_mx_puppet_groupme_database_username,
'password': matrix_mx_puppet_groupme_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else [])
2021-02-13 00:50:00 -05:00
+
2020-12-14 21:01:47 +02:00
([{
2020-12-22 17:10:02 +02:00
'name': matrix_dimension_database_name,
2020-12-14 13:02:47 +02:00
'username': matrix_dimension_database_username,
'password': matrix_dimension_database_password,
2022-11-27 08:31:54 +02:00
}] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else [])
2021-01-21 00:06:35 +01:00
+
([{
2023-03-02 22:50:13 +02:00
'name': etherpad_database_name,
'username': etherpad_database_username,
'password': etherpad_database_password,
}] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == devture_postgres_connection_hostname) else [])
2021-03-20 13:31:34 +02:00
+
2021-05-27 20:13:29 +01:00
([{
2023-02-05 10:32:09 +02:00
'name': prometheus_postgres_exporter_database_name,
'username': prometheus_postgres_exporter_database_username,
'password': prometheus_postgres_exporter_database_password,
}] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else [])
2023-07-12 01:09:27 -05:00
+
([{
'name': matrix_media_repo_database_name,
'username': matrix_media_repo_database_username,
'password': matrix_media_repo_database_password,
}] if (matrix_media_repo_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname) else [])
2021-07-02 17:00:10 +03:00
2020-12-14 11:17:12 +02:00
}}
2020-11-29 15:20:22 +01:00
2022-11-27 07:23:41 +02:00
########################################################################
# #
# /com.devture.ansible.role.postgres #
# #
########################################################################
2019-03-03 18:22:52 +01:00
2022-11-30 10:59:25 +02:00
########################################################################
# #
# com.devture.ansible.role.postgres_backup #
# #
########################################################################
devture_postgres_backup_enabled: false
devture_postgres_backup_identifier: matrix-postgres-backup
devture_postgres_backup_architecture: "{{ matrix_architecture }}"
devture_postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup"
2024-01-13 17:42:01 +02:00
devture_postgres_backup_systemd_required_services_list_auto: |
2022-11-30 11:22:00 +02:00
{{
2024-01-13 17:42:01 +02:00
([(devture_postgres_identifier + '.service')] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else [])
2022-11-30 11:22:00 +02:00
}}
2024-01-13 20:11:43 +02:00
devture_postgres_backup_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else devture_postgres_backup_identifier) }}"
2024-01-13 20:10:41 +02:00
2024-01-13 17:42:01 +02:00
devture_postgres_backup_container_additional_networks_auto: |-
{{
([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname and devture_postgres_backup_container_network != devture_postgres_container_network) else [])
}}
2022-11-30 10:59:25 +02:00
devture_postgres_backup_uid: "{{ matrix_user_uid }}"
devture_postgres_backup_gid: "{{ matrix_user_gid }}"
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
2023-11-19 14:08:03 +02:00
devture_postgres_backup_postgres_role_include_name: galaxy/postgres
2022-11-30 10:59:25 +02:00
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
########################################################################
# #
# /com.devture.ansible.role.postgres_backup #
# #
########################################################################
2021-03-20 13:31:34 +02:00
######################################################################
#
# matrix-sygnal
#
######################################################################
# Most people don't need their own push-server, because they also need their own app to utilize it from.
matrix_sygnal_enabled: false
2024-01-23 16:43:23 +02:00
matrix_sygnal_metrics_prometheus_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2021-03-20 13:31:34 +02:00
2023-02-26 11:03:42 +02:00
matrix_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
2024-01-14 18:42:14 +02:00
matrix_sygnal_container_network: "{{ matrix_homeserver_container_network }}"
2023-02-26 11:03:42 +02:00
matrix_sygnal_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
2023-02-13 15:37:12 +02:00
matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '6000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2021-03-20 13:31:34 +02:00
2023-02-26 11:03:42 +02:00
matrix_sygnal_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_sygnal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sygnal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-26 11:03:42 +02:00
2021-03-20 13:31:34 +02:00
######################################################################
#
# /matrix-sygnal
#
######################################################################
2022-06-21 14:31:21 +01:00
######################################################################
#
2023-02-17 09:54:33 +02:00
# etke/ntfy
2022-06-21 14:31:21 +01:00
#
######################################################################
2023-02-17 09:54:33 +02:00
ntfy_enabled: false
2022-06-21 14:31:21 +01:00
2023-02-17 09:54:33 +02:00
ntfy_identifier: matrix-ntfy
ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
ntfy_uid: "{{ matrix_user_uid }}"
ntfy_gid: "{{ matrix_user_gid }}"
ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
ntfy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
ntfy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-17 09:54:33 +02:00
ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
{{
[matrix_server_fqn_matrix]
}}
2022-07-05 21:11:15 +01:00
2022-06-21 14:31:21 +01:00
######################################################################
#
2023-02-17 09:54:33 +02:00
# /etky/ntfy
2022-06-21 14:31:21 +01:00
#
######################################################################
2020-09-10 13:39:00 +02:00
######################################################################
#
2023-02-17 16:23:59 +02:00
# etke/redis
2020-09-10 13:39:00 +02:00
#
######################################################################
2024-03-26 09:25:18 +00:00
redis_enabled: "{{ not keydb_enabled and (matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled)) }}"
2023-02-17 16:23:59 +02:00
redis_identifier: matrix-redis
redis_uid: "{{ matrix_user_uid }}"
redis_gid: "{{ matrix_user_gid }}"
redis_base_path: "{{ matrix_base_data_path }}/redis"
2020-09-10 13:39:00 +02:00
######################################################################
#
2024-03-26 09:25:18 +00:00
# /etke/redis
#
######################################################################
######################################################################
#
# keydb
#
######################################################################
keydb_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}"
keydb_identifier: matrix-keydb
keydb_uid: "{{ matrix_user_uid }}"
keydb_gid: "{{ matrix_user_gid }}"
keydb_base_path: "{{ matrix_base_data_path }}/keydb"
2024-03-26 12:15:46 +02:00
keydb_arch: |-
{{
({
'amd64': 'x86_64',
'arm32': 'arm32',
'arm64': 'arm64',
})[matrix_architecture]
}}
2024-03-26 09:25:18 +00:00
######################################################################
#
# keydb
2020-09-10 13:39:00 +02:00
#
######################################################################
2019-03-03 18:22:52 +01:00
######################################################################
#
2020-07-17 11:31:20 +03:00
# matrix-client-element
2019-03-03 18:22:52 +01:00
#
######################################################################
2020-07-17 11:31:20 +03:00
# By default, this playbook installs the Element web UI on the `matrix_server_fqn_element` domain.
2019-03-03 18:22:52 +01:00
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
2020-07-17 11:31:20 +03:00
matrix_client_element_enabled: true
2019-03-03 18:22:52 +01:00
2024-05-25 16:14:26 +03:00
matrix_client_element_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2022-08-03 23:30:00 +02:00
matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2020-03-15 10:10:41 +02:00
2023-02-13 15:37:12 +02:00
matrix_client_element_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-03-03 18:22:52 +01:00
2024-01-05 07:17:11 +02:00
matrix_client_element_container_network: "{{ matrix_addons_container_network }}"
2023-02-13 18:33:06 +02:00
2024-01-05 07:17:11 +02:00
matrix_client_element_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_element_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
2023-02-13 18:33:06 +02:00
matrix_client_element_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_element_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2023-02-15 10:30:58 +02:00
matrix_client_element_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_client_element_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-13 18:33:06 +02:00
2020-07-17 11:31:20 +03:00
matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
2019-03-03 18:22:52 +01:00
2019-03-08 15:24:59 +02:00
# Use Dimension if enabled, otherwise fall back to Scalar
2020-07-17 11:31:20 +03:00
matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
2019-03-08 15:24:59 +02:00
2024-01-14 18:42:14 +02:00
matrix_client_element_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2019-03-22 09:39:17 +02:00
2020-07-17 11:31:20 +03:00
matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
2019-04-25 01:05:28 +02:00
2024-05-29 16:04:42 +05:00
matrix_client_element_enable_presence_by_hs_url: |-
2019-04-27 17:09:21 -05:00
{{
none
2021-04-22 14:22:07 +03:00
if matrix_synapse_presence_enabled
2020-07-17 11:31:20 +03:00
else {matrix_client_element_default_hs_url: false}
2019-04-27 17:09:21 -05:00
}}
2023-08-10 15:57:29 +03:00
matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
2020-03-23 17:19:15 +02:00
2019-03-03 18:22:52 +01:00
######################################################################
#
2020-07-17 11:31:20 +03:00
# /matrix-client-element
2019-03-03 18:22:52 +01:00
#
######################################################################
2021-05-15 04:23:36 -05:00
######################################################################
#
# matrix-client-hydrogen
#
######################################################################
matrix_client_hydrogen_enabled: false
2024-08-08 06:45:34 +03:00
matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2022-12-11 21:25:43 +11:00
2023-02-13 15:37:12 +02:00
matrix_client_hydrogen_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8768') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2021-05-15 04:23:36 -05:00
2024-01-05 07:17:11 +02:00
matrix_client_hydrogen_container_network: "{{ matrix_addons_container_network }}"
2023-02-14 09:58:35 +02:00
2024-01-05 07:17:11 +02:00
matrix_client_hydrogen_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_hydrogen_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
2023-02-14 09:58:35 +02:00
matrix_client_hydrogen_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2023-02-15 10:30:58 +02:00
matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-14 09:58:35 +02:00
2024-05-25 16:14:26 +03:00
matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2021-05-15 04:23:36 -05:00
matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}"
2024-01-14 18:42:14 +02:00
matrix_client_hydrogen_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2021-05-15 04:23:36 -05:00
######################################################################
#
# /matrix-client-hydrogen
#
######################################################################
2022-01-05 18:33:21 +02:00
######################################################################
#
# matrix-client-cinny
#
######################################################################
matrix_client_cinny_enabled: false
2022-08-08 03:20:13 +00:00
matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2022-01-06 09:11:28 +02:00
2023-02-13 15:37:12 +02:00
matrix_client_cinny_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2022-01-05 18:33:21 +02:00
2024-01-05 07:17:11 +02:00
matrix_client_cinny_container_network: "{{ matrix_addons_container_network }}"
2023-02-14 11:29:53 +02:00
2024-01-05 07:17:11 +02:00
matrix_client_cinny_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_cinny_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
2023-02-14 11:29:53 +02:00
matrix_client_cinny_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2023-02-15 10:30:58 +02:00
matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-14 11:29:53 +02:00
2024-05-25 16:14:26 +03:00
matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2022-01-05 18:33:21 +02:00
matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}"
2024-01-14 18:42:14 +02:00
matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2022-01-05 18:33:21 +02:00
######################################################################
#
# /matrix-client-cinny
#
######################################################################
2023-08-30 19:23:52 +03:00
######################################################################
#
# matrix-client-schildichat
#
######################################################################
2023-09-01 12:02:57 +03:00
matrix_client_schildichat_enabled: false
2023-08-30 19:23:52 +03:00
2024-05-25 16:14:26 +03:00
matrix_client_schildichat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2023-08-30 19:23:52 +03:00
matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2024-01-05 07:17:11 +02:00
matrix_client_schildichat_container_network: "{{ matrix_addons_container_network }}"
2023-08-30 19:23:52 +03:00
2024-01-05 07:17:11 +02:00
matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_schildichat_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
2023-08-30 19:23:52 +03:00
matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}"
# Use Dimension if enabled, otherwise fall back to Scalar
matrix_client_schildichat_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
matrix_client_schildichat_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
matrix_client_schildichat_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
matrix_client_schildichat_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
2024-01-14 18:42:14 +02:00
matrix_client_schildichat_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2023-08-30 19:23:52 +03:00
matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"
2024-05-29 16:04:42 +05:00
matrix_client_schildichat_enable_presence_by_hs_url: |-
2023-08-30 19:23:52 +03:00
{{
none
if matrix_synapse_presence_enabled
else {matrix_client_schildichat_default_hs_url: false}
}}
matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
######################################################################
#
# /matrix-client-schildichat
#
######################################################################
2019-03-03 18:22:52 +01:00
######################################################################
#
# matrix-synapse
#
######################################################################
2021-12-23 16:28:34 +02:00
matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"
2023-02-17 17:16:50 +02:00
matrix_synapse_username: "{{ matrix_user_username }}"
matrix_synapse_uid: "{{ matrix_user_uid }}"
matrix_synapse_gid: "{{ matrix_user_gid }}"
2024-01-14 11:51:30 +02:00
matrix_synapse_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"
2021-02-19 09:09:13 +02:00
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2020-03-15 10:10:41 +02:00
2024-01-09 15:27:13 +02:00
matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url: "{{ ('http://matrix-ma1sd:' + matrix_ma1sd_container_port| string) }}"
2022-08-30 18:50:44 +03:00
# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
2024-01-09 15:27:13 +02:00
matrix_synapse_account_threepid_delegates_msisdn: "{{ matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url if matrix_ma1sd_enabled else '' }}"
2020-04-03 10:08:37 +03:00
2019-05-25 07:41:04 +09:00
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
2020-06-09 08:29:03 +03:00
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
2019-05-25 07:41:04 +09:00
#
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
2023-02-13 15:37:12 +02:00
matrix_synapse_container_metrics_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9100') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"
2019-12-05 00:07:15 -06:00
#
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
2023-02-13 15:37:12 +02:00
matrix_synapse_container_manhole_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9000') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"
2023-02-17 16:23:59 +02:00
2024-01-05 16:46:30 +02:00
matrix_synapse_container_network: "{{ matrix_homeserver_container_network }}"
2024-01-26 12:55:01 +02:00
matrix_synapse_container_additional_networks_auto: |
2023-02-17 16:23:59 +02:00
{{
2024-01-04 19:00:23 +02:00
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
+
([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
2024-01-05 18:10:24 +02:00
+
2024-03-26 09:25:18 +00:00
([keydb_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else [])
+
2024-01-05 18:10:24 +02:00
([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
2024-01-09 15:27:13 +02:00
+
([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
2024-01-05 18:10:24 +02:00
) | unique
2023-02-17 16:23:59 +02:00
}}
2024-01-12 12:15:40 +02:00
matrix_synapse_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
2024-01-04 19:00:23 +02:00
matrix_synapse_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-12 12:15:40 +02:00
matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_workers_enabled }}"
2024-01-14 10:23:55 +02:00
matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"
matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
2024-01-11 11:30:42 +02:00
2024-01-26 16:04:55 +02:00
matrix_synapse_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
2024-01-15 09:39:36 +02:00
matrix_synapse_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_synapse_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
matrix_synapse_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming
2024-01-04 19:00:23 +02:00
2024-01-14 10:23:55 +02:00
matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_synapse_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
2024-01-12 09:52:08 +02:00
2021-01-25 08:25:43 +02:00
# For exposing the Synapse worker (and metrics) ports to the local host.
2023-02-10 15:50:35 +02:00
matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}"
2019-03-03 18:22:52 +01:00
2022-11-27 08:31:54 +02:00
matrix_synapse_database_host: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"
2022-01-07 16:00:42 +02:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"
2019-03-03 18:22:52 +01:00
2024-01-04 19:00:23 +02:00
# We do not enable TLS in Synapse by default, since it's handled by Traefik.
2019-03-03 18:22:52 +01:00
matrix_synapse_tls_federation_listener_enabled: false
matrix_synapse_tls_certificate_path: ~
matrix_synapse_tls_private_key_path: ~
2023-01-04 13:45:37 +01:00
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"
2020-04-22 19:01:56 +02:00
2024-01-23 16:43:23 +02:00
matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2021-02-12 13:47:53 +02:00
2024-01-12 09:52:08 +02:00
matrix_synapse_metrics_proxying_enabled: "{{ matrix_synapse_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_synapse_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_synapse_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/synapse"
2024-01-05 17:54:50 +02:00
matrix_synapse_email_enabled: "{{ exim_relay_enabled }}"
matrix_synapse_email_smtp_host: "{{ exim_relay_identifier }}"
2019-03-03 18:22:52 +01:00
matrix_synapse_email_smtp_port: 8025
matrix_synapse_email_smtp_require_transport_security: false
2024-01-05 17:54:50 +02:00
matrix_synapse_email_notif_from: "Matrix <{{ exim_relay_sender_address }}>"
2019-03-03 18:22:52 +01:00
matrix_synapse_turn_uris: |
{{
2024-01-26 13:07:09 +02:00
([
2019-03-19 10:24:39 +02:00
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
2024-01-26 13:07:09 +02:00
] if matrix_coturn_enabled and matrix_coturn_tls_enabled else [])
2021-07-02 17:00:10 +03:00
+
2024-01-26 13:07:09 +02:00
([
2019-03-19 10:24:39 +02:00
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
2024-01-26 13:07:09 +02:00
] if matrix_coturn_enabled else [])
2019-03-03 18:22:52 +01:00
}}
2024-02-18 09:52:00 +02:00
matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_synapse_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_synapse_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
2019-03-03 18:22:52 +01:00
2024-01-14 18:42:14 +02:00
matrix_synapse_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2019-03-22 09:39:17 +02:00
2024-01-04 19:00:23 +02:00
matrix_synapse_systemd_required_services_list_auto: |
2019-03-03 18:22:52 +01:00
{{
2024-01-04 19:00:23 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == devture_postgres_connection_hostname) else [])
2019-03-03 18:22:52 +01:00
+
2023-02-17 16:23:59 +02:00
([redis_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
+
2024-03-26 09:25:18 +00:00
([keydb_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else [])
+
2022-10-11 00:43:22 +01:00
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
2019-03-03 18:22:52 +01:00
}}
2024-01-04 19:00:23 +02:00
matrix_synapse_systemd_wanted_services_list_auto: |
2019-03-03 18:22:52 +01:00
{{
(['matrix-coturn.service'] if matrix_coturn_enabled else [])
+
2024-01-05 17:54:50 +02:00
([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
2019-03-03 18:22:52 +01:00
}}
2020-10-28 07:13:19 +01:00
# Synapse workers (used for parallel load-scaling) need Redis for IPC.
2024-03-26 09:25:18 +00:00
matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled }}"
2024-03-26 12:37:02 +02:00
matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '') }}"
matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else (keydb_connection_password if keydb_enabled else '') }}"
2020-09-10 13:39:00 +02:00
2022-11-22 21:36:49 +02:00
matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
2022-08-24 11:08:12 +05:30
2023-07-12 01:09:27 -05:00
# Disable creation of media repository Synapse worker when using media-repo
matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
2024-07-25 12:19:08 -05:00
# Enable Synapse statistics reporting when using synapse-usage-exporter
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "http://{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}/report-usage-stats/push"
2019-03-03 18:22:52 +01:00
######################################################################
#
# /matrix-synapse
#
######################################################################
2020-07-22 08:10:26 +03:00
2023-03-12 09:48:46 +02:00
######################################################################
#
# matrix-synapse-auto-compressor
#
######################################################################
2023-03-12 09:55:32 +02:00
# Not enabled by default, for now
2023-03-12 09:48:46 +02:00
matrix_synapse_auto_compressor_enabled: false
2024-08-15 11:36:48 +03:00
matrix_synapse_auto_compressor_uid: "{{ matrix_user_uid }}"
matrix_synapse_auto_compressor_gid: "{{ matrix_user_gid }}"
matrix_synapse_auto_compressor_postgres_image: "{{ devture_postgres_container_image_to_use }}"
2023-03-12 09:55:32 +02:00
matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
2024-01-13 20:00:49 +02:00
matrix_synapse_auto_compressor_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == devture_postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"
2023-03-12 10:01:51 +02:00
2023-03-12 09:55:32 +02:00
matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_hostname: "{{ matrix_synapse_database_host if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_port: "{{ matrix_synapse_database_port if matrix_synapse_enabled else '5432' }}"
matrix_synapse_auto_compressor_database_name: "{{ matrix_synapse_database_database if matrix_synapse_enabled else '' }}"
2024-01-13 20:00:49 +02:00
matrix_synapse_auto_compressor_systemd_required_services_list_auto: |
2023-03-12 09:55:32 +02:00
{{
2024-01-13 20:00:49 +02:00
([devture_postgres_identifier ~ '.service'] if (matrix_synapse_auto_compressor_container_network == devture_postgres_container_network) else [])
2023-03-12 09:55:32 +02:00
}}
2023-03-12 09:48:46 +02:00
######################################################################
#
# /matrix-synapse-auto-compressor
#
######################################################################
2022-11-20 16:43:30 +02:00
######################################################################
#
# matrix-synapse-reverse-proxy-companion
#
######################################################################
2024-01-05 07:00:50 +02:00
matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled and matrix_synapse_workers_enabled }}"
2022-11-20 16:43:30 +02:00
2024-01-03 17:05:59 +02:00
matrix_synapse_reverse_proxy_companion_container_network: "{{ matrix_synapse_container_network }}"
2024-01-26 12:55:01 +02:00
matrix_synapse_reverse_proxy_companion_container_additional_networks_auto: |
2024-01-03 17:05:59 +02:00
{{
(
2024-01-04 19:00:23 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
2024-01-03 17:05:59 +02:00
+
2024-01-13 16:51:09 +02:00
([matrix_prometheus_nginxlog_exporter_container_network] if (matrix_prometheus_nginxlog_exporter_enabled and matrix_prometheus_nginxlog_exporter_container_network != matrix_synapse_reverse_proxy_companion_container_network) else [])
+
2024-01-03 17:05:59 +02:00
([] if matrix_homeserver_container_network in ['', matrix_synapse_reverse_proxy_companion_container_network] else [matrix_homeserver_container_network])
) | unique
}}
2022-11-20 16:43:30 +02:00
matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
2023-02-13 15:37:12 +02:00
matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8008') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8048') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2022-11-20 16:43:30 +02:00
2024-01-03 17:05:59 +02:00
matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-04 10:53:43 +02:00
matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-03 17:05:59 +02:00
2024-01-14 10:29:38 +02:00
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"
2024-01-04 11:37:17 +02:00
2024-01-15 09:39:36 +02:00
matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}"
matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls: "{{ matrix_synapse_container_labels_public_federation_api_traefik_tls }}"
2024-01-03 17:05:59 +02:00
2024-01-14 12:31:05 +02:00
matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled: "{{ matrix_synapse_container_labels_internal_client_api_enabled }}"
matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_internal_client_api_traefik_entrypoints }}"
2024-01-14 10:48:26 +02:00
2022-11-20 16:43:30 +02:00
matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
2024-01-16 09:17:24 -06:00
matrix_synapse_reverse_proxy_companion_synapse_room_worker_client_server_locations: "{{ matrix_synapse_workers_room_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_room_worker_federation_locations: "{{ matrix_synapse_workers_room_worker_federation_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_sync_worker_client_server_locations: "{{ matrix_synapse_workers_sync_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_client_reader_client_server_locations: "{{ matrix_synapse_workers_client_reader_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_federation_reader_federation_locations: "{{ matrix_synapse_workers_federation_reader_federation_endpoints }}"
2022-11-20 16:43:30 +02:00
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
2022-12-07 15:58:36 +01:00
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
2024-01-13 16:50:44 +02:00
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_identifier | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
2024-01-03 17:05:59 +02:00
2022-11-20 16:43:30 +02:00
######################################################################
#
# /matrix-synapse-reverse-proxy-companion
#
######################################################################
2020-07-22 08:10:26 +03:00
######################################################################
#
# matrix-synapse-admin
#
######################################################################
matrix_synapse_admin_enabled: false
2023-02-13 15:37:12 +02:00
matrix_synapse_admin_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8766') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-07-22 08:10:26 +03:00
2022-06-22 10:10:41 +02:00
matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
2020-09-28 09:06:39 +03:00
2024-01-14 18:42:14 +02:00
matrix_synapse_admin_container_network: "{{ matrix_addons_container_network }}"
2023-02-13 16:08:51 +02:00
2023-02-13 15:08:42 +02:00
matrix_synapse_admin_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_synapse_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2023-02-15 10:30:58 +02:00
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-13 15:08:42 +02:00
2024-09-24 21:37:03 +03:00
matrix_synapse_admin_config_asManagedUsers_auto: |
{{
([
'^@'+(matrix_alertmanager_receiver_config_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_alertmanager_receiver_enabled else [])
+
([
'^@'+(matrix_appservice_draupnir_for_all_user_prefix | default('') | regex_escape) +'_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_draupnir_for_all_enabled else [])
+
([
'^@'+(matrix_bot_baibot_config_user_mxid_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_baibot_enabled else [])
+
([
'^@'+(matrix_bot_buscarron_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_buscarron_enabled else [])
+
([
'^@'+(matrix_bot_chatgpt_matrix_bot_username_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_chatgpt_enabled else [])
+
([
'^@'+(matrix_bot_honoroit_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_honoroit_enabled else [])
+
([
'^@'+(matrix_bot_matrix_registration_bot_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_matrix_registration_bot_enabled else [])
+
([
'^@'+(matrix_bot_matrix_reminder_bot_matrix_user_id_localpart | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_matrix_reminder_bot_enabled else [])
+
([
'^@'+(matrix_bot_maubot_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_maubot_enabled else [])
+
([
'^@'+(matrix_bot_postmoogle_login | default('') | regex_escape) +':'+(matrix_domain | regex_escape)+'$',
] if matrix_bot_postmoogle_enabled else [])
+
([
'^@_discord_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_discord_enabled else [])
+
([
'^@'+(matrix_appservice_slack_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_appservice_slack_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_slack_enabled else [])
+
([
'^@'+(matrix_appservice_webhooks_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_appservice_webhooks_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_appservice_webhooks_enabled else [])
+
([
'^@'+(matrix_beeper_linkedin_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@linkedin_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_beeper_linkedin_enabled else [])
+
([
'^@'+(matrix_go_skype_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@skype_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_go_skype_bridge_enabled else [])
+
([
'^@heisenbridge:'+(matrix_domain | regex_escape)+'$',
'^@hbirc_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_heisenbridge_enabled else [])
+
([
'^@hookshot:'+(matrix_domain | regex_escape)+'$',
'^@_github_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
'^@_gitlab_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
'^@_jira_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_hookshot_generic_userIdPrefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_hookshot_enabled else [])
+
([
'^@'+(matrix_mautrix_discord_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@discord_[0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_discord_enabled else [])
+
([
'^@'+(matrix_mautrix_facebook_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@facebook_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_facebook_enabled else [])
+
([
'^@'+(matrix_mautrix_gmessages_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@gmessages_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_gmessages_enabled else [])
+
([
'^@'+(matrix_mautrix_googlechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@googlechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_googlechat_enabled else [])
+
([
'^@'+(matrix_mautrix_hangouts_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@hangouts_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_hangouts_enabled else [])
+
([
'^@'+(matrix_mautrix_instagram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@instagram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_instagram_enabled else [])
+
([
'^@'+(matrix_mautrix_meta_instagram_appservice_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_meta_instagram_bridge_username_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_meta_instagram_enabled else [])
+
([
'^@'+(matrix_mautrix_meta_messenger_appservice_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_meta_messenger_bridge_username_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_meta_messenger_enabled else [])
+
([
'^@'+(matrix_mautrix_signal_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@signal_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_signal_enabled else [])
+
([
'^@'+(matrix_mautrix_slack_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@slack_[a-zA-Z0-9\-]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_slack_enabled else [])
+
([
'^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_telegram_enabled else [])
+
([
'^@'+(matrix_mautrix_twitter_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@twitter_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_twitter_enabled else [])
+
([
'^@'+(matrix_mautrix_whatsapp_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@whatsapp_[0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_whatsapp_enabled else [])
+
([
'^@'+(matrix_mautrix_imessage_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@imessage_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_wsproxy_enabled else [])
+
([
'^@_discordpuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_discord_enabled else [])
+
([
'^@_groupmepuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_groupme_enabled else [])
+
([
'^@_instagrampuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_instagram_enabled else [])
+
([
'^@_slackpuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_slack_enabled else [])
+
([
'^@_steampuppet_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_steam_enabled else [])
+
([
'^@'+(matrix_mx_puppet_twitter_bot_localpart | default('') | regex_escape)+':'+ (matrix_domain | regex_escape)+'$',
'^@'+(matrix_mx_puppet_twitter_namespace_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mx_puppet_twitter_enabled else [])
+
([
'^@smsbot:'+(matrix_domain | regex_escape)+'$',
'^@sms_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_sms_bridge_enabled else [])
+
([
'^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_wechat_enabled else [])
}}
2020-07-22 08:10:26 +03:00
######################################################################
#
# /matrix-synapse-admin
#
######################################################################
2020-09-01 13:46:05 +03:00
2024-07-25 12:19:08 -05:00
######################################################################
#
# matrix-synapse-usage-exporter
#
######################################################################
matrix_synapse_usage_exporter_enabled: false
matrix_synapse_usage_exporter_container_network: "{{ matrix_monitoring_container_network }}"
matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /matrix-synapse-usage-exporter
#
######################################################################
2023-03-21 07:38:12 +02:00
2021-01-29 06:17:45 +01:00
######################################################################
#
2023-01-21 11:07:04 +02:00
# etke/prometheus_node_exporter
2021-01-29 06:17:45 +01:00
#
######################################################################
2023-01-21 11:07:04 +02:00
prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: matrix-prometheus-node-exporter
prometheus_node_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-node-exporter"
prometheus_node_exporter_uid: "{{ matrix_user_uid }}"
prometheus_node_exporter_gid: "{{ matrix_user_gid }}"
2024-01-12 17:41:48 +02:00
prometheus_node_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
2023-01-21 11:07:04 +02:00
2024-01-13 17:43:23 +02:00
prometheus_node_exporter_container_network: "{{ matrix_monitoring_container_network }}"
2023-01-21 11:07:04 +02:00
2023-02-06 10:34:51 +02:00
prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
2024-01-12 17:58:11 +02:00
prometheus_node_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
2023-02-06 10:34:51 +02:00
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2023-02-09 10:12:09 +02:00
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-01-29 06:17:45 +01:00
2024-01-12 17:41:48 +02:00
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2021-01-29 06:17:45 +01:00
######################################################################
#
2023-01-21 11:07:04 +02:00
# /etke/prometheus_node_exporter
2021-01-29 06:17:45 +01:00
#
######################################################################
2023-03-21 07:38:12 +02:00
2023-02-05 10:32:09 +02:00
######################################################################
#
# etke/prometheus_postgres_exporter
2021-01-29 06:17:45 +01:00
#
######################################################################
2023-02-05 10:32:09 +02:00
prometheus_postgres_exporter_enabled: false
prometheus_postgres_exporter_identifier: matrix-prometheus-postgres-exporter
prometheus_postgres_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-postgres-exporter"
prometheus_postgres_exporter_uid: "{{ matrix_user_uid }}"
prometheus_postgres_exporter_gid: "{{ matrix_user_gid }}"
2024-01-13 15:06:29 +02:00
prometheus_postgres_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
2023-02-05 10:32:09 +02:00
2024-01-13 17:43:23 +02:00
prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}"
2023-02-05 10:32:09 +02:00
2024-01-17 07:17:23 +02:00
prometheus_postgres_exporter_container_additional_networks: |
{{
([devture_postgres_container_network] if (devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname and prometheus_postgres_exporter_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and prometheus_postgres_exporter_container_labels_traefik_enabled else [])
}}
2023-02-06 10:34:51 +02:00
2024-01-12 17:58:11 +02:00
prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
2023-02-06 10:34:51 +02:00
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2023-02-09 10:12:09 +02:00
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-02-05 10:32:09 +02:00
2024-01-12 17:54:54 +02:00
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2023-02-05 10:32:09 +02:00
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter
prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
prometheus_postgres_exporter_database_name: matrix_prometheus_postgres_exporter
2024-01-12 17:54:54 +02:00
prometheus_postgres_exporter_systemd_required_services_list_auto: |
2023-02-05 10:32:09 +02:00
{{
2024-01-12 17:54:54 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else [])
2023-02-05 10:32:09 +02:00
}}
2021-01-29 06:17:45 +01:00
######################################################################
#
2023-02-05 10:32:09 +02:00
# /etke/prometheus_postgres_exporter
2021-01-29 06:17:45 +01:00
#
######################################################################
2023-03-21 07:38:12 +02:00
2022-12-07 15:58:36 +01:00
######################################################################
#
# matrix-prometheus-nginxlog-exporter
#
######################################################################
matrix_prometheus_nginxlog_exporter_enabled: false
2024-01-13 16:50:44 +02:00
matrix_prometheus_nginxlog_exporter_identifier: matrix-prometheus-nginxlog-exporter
matrix_prometheus_nginxlog_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-13 17:43:23 +02:00
matrix_prometheus_nginxlog_exporter_container_network: "{{ matrix_monitoring_container_network }}"
2024-01-13 16:50:44 +02:00
2024-01-14 21:32:02 +02:00
matrix_prometheus_nginxlog_exporter_container_additional_networks_auto: |-
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled) else [])
}}
2024-01-13 16:50:44 +02:00
matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
matrix_prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_prometheus_nginxlog_exporter_config_namespaces_matrix_source_tags_auto: |
{{
([matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_tag] if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled else [])
}}
2022-12-07 15:58:36 +01:00
######################################################################
#
# /matrix-prometheus-nginxlog-exporter
#
######################################################################
2023-03-21 07:38:12 +02:00
2021-01-29 05:29:25 +01:00
######################################################################
#
2023-03-21 07:38:12 +02:00
# prometheus
2021-01-29 05:29:25 +01:00
#
######################################################################
2023-03-21 07:38:12 +02:00
prometheus_enabled: false
prometheus_identifier: matrix-prometheus
2021-01-29 05:29:25 +01:00
2023-03-21 07:38:12 +02:00
prometheus_base_path: "{{ matrix_base_data_path }}/prometheus"
prometheus_uid: "{{ matrix_user_uid }}"
prometheus_gid: "{{ matrix_user_gid }}"
2024-01-13 19:55:27 +02:00
prometheus_container_network: "{{ matrix_monitoring_container_network }}"
2024-01-30 20:31:47 +02:00
prometheus_container_additional_networks_auto: |
2023-03-21 07:38:12 +02:00
{{
(
([prometheus_node_exporter_container_network] if prometheus_self_node_scraper_enabled and prometheus_node_exporter_container_network != prometheus_container_network else [])
+
([matrix_synapse_container_network] if matrix_prometheus_services_connect_scraper_synapse_enabled and matrix_synapse_container_network != prometheus_container_network else [])
+
([prometheus_postgres_exporter_container_network] if matrix_prometheus_services_connect_scraper_postgres_enabled and prometheus_postgres_exporter_container_network != prometheus_container_network else [])
+
([matrix_hookshot_container_network] if matrix_prometheus_services_connect_scraper_hookshot_enabled and matrix_hookshot_container_network != prometheus_container_network else [])
+
([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
2023-07-12 01:09:27 -05:00
+
([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
2024-07-25 12:19:08 -05:00
+
([matrix_synapse_usage_exporter_container_network] if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled and matrix_synapse_usage_exporter_container_network != prometheus_container_network else [])
2023-03-21 07:38:12 +02:00
) | unique
}}
2023-02-15 08:56:03 +02:00
2023-03-21 07:38:12 +02:00
prometheus_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
prometheus_config_rule_files_auto: |
{{
(['synapse-v2.rules'] if matrix_prometheus_services_connect_synapse_rules_enabled else [])
}}
prometheus_self_node_scraper_enabled: "{{ prometheus_node_exporter_enabled }}"
prometheus_self_node_scraper_static_configs_target: "{{ (prometheus_node_exporter_identifier + ':9100') if prometheus_node_exporter_enabled else '' }}"
prometheus_config_scrape_configs_auto: |
{{
(matrix_prometheus_services_connect_scraper_synapse_configs if matrix_prometheus_services_connect_scraper_synapse_enabled else [])
+
(matrix_prometheus_services_connect_scraper_postgres_scrape_configs if matrix_prometheus_services_connect_scraper_postgres_enabled else [])
+
(matrix_prometheus_services_connect_scraper_hookshot_scrape_configs if matrix_prometheus_services_connect_scraper_hookshot_enabled else [])
+
(matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
2023-07-12 01:09:27 -05:00
+
(matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
2024-07-25 12:19:08 -05:00
+
(matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled else [])
2023-03-21 07:38:12 +02:00
}}
######################################################################
#
# /prometheus
#
######################################################################
2021-01-29 05:29:25 +01:00
2021-01-31 19:23:12 +02:00
2023-03-21 07:38:12 +02:00
######################################################################
#
# matrix-prometheus-services-connect
#
######################################################################
matrix_prometheus_services_connect_synapse_enabled: "{{ prometheus_enabled and matrix_synapse_enabled }}"
2021-01-31 18:26:08 +02:00
2023-03-21 07:38:12 +02:00
matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
matrix_prometheus_services_connect_synapse_rules_download_dir_path: "{{ prometheus_config_path }}"
matrix_prometheus_services_connect_synapse_rules_download_owner: "{{ prometheus_uid }}"
matrix_prometheus_services_connect_synapse_rules_download_group: "{{ prometheus_gid }}"
2021-05-27 20:13:29 +01:00
2023-03-21 07:38:12 +02:00
matrix_prometheus_services_connect_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
2021-05-27 20:13:29 +01:00
2023-03-21 07:38:12 +02:00
matrix_prometheus_services_connect_scraper_postgres_enabled: "{{ prometheus_postgres_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_postgres_static_configs_target: "{{ prometheus_postgres_exporter_identifier }}:{{ prometheus_postgres_exporter_port | string }}"
matrix_prometheus_services_connect_scraper_hookshot_enabled: "{{ matrix_hookshot_enabled and matrix_hookshot_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port | string }}"
matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
2024-01-13 16:50:44 +02:00
matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_identifier }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}"
2022-12-07 15:58:36 +01:00
2023-07-12 01:09:27 -05:00
matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"
2024-07-25 12:19:08 -05:00
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target: "{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}"
2021-01-29 05:29:25 +01:00
######################################################################
#
2023-03-21 07:38:12 +02:00
# /matrix-prometheus-services-connect
2021-01-29 05:29:25 +01:00
#
######################################################################
2023-03-21 07:38:12 +02:00
2021-01-29 09:10:49 +01:00
######################################################################
#
2023-02-15 10:30:58 +02:00
# etke/grafana
2021-01-29 09:10:49 +01:00
#
######################################################################
2023-02-15 10:30:58 +02:00
grafana_enabled: false
grafana_identifier: matrix-grafana
grafana_uid: "{{ matrix_user_uid }}"
grafana_gid: "{{ matrix_user_gid }}"
grafana_hostname: "{{ matrix_server_fqn_grafana }}"
grafana_base_path: "{{ matrix_base_data_path }}/grafana"
2024-01-13 17:43:23 +02:00
grafana_container_network: "{{ matrix_monitoring_container_network }}"
2023-02-15 10:30:58 +02:00
2024-01-30 21:09:33 +02:00
grafana_container_additional_networks_auto: |
2023-02-15 10:30:58 +02:00
{{
(
2024-01-30 21:09:33 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and grafana_container_labels_traefik_enabled else [])
2023-02-15 10:30:58 +02:00
+
2023-03-21 07:38:12 +02:00
([prometheus_container_network] if prometheus_enabled and prometheus_container_network != grafana_container_network else [])
2023-02-15 10:30:58 +02:00
) | unique
}}
grafana_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
2023-02-27 17:09:19 +02:00
grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2021-01-29 09:10:49 +01:00
2023-02-15 10:30:58 +02:00
grafana_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '3000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
grafana_provisioning_datasources: |
{{
([{
'name': (matrix_server_fqn_matrix + ' - Prometheus'),
'type': 'prometheus',
'access': 'proxy',
2024-01-13 17:43:23 +02:00
'url': ('http://' + prometheus_identifier + ':9090'),
2024-07-16 14:28:09 +05:00
'jsonData': {
'timeInterval': prometheus_config_global_scrape_interval,
}
2023-03-21 07:38:12 +02:00
}] if prometheus_enabled else [])
2023-02-15 10:30:58 +02:00
}}
2021-01-29 09:10:49 +01:00
2023-02-15 10:30:58 +02:00
grafana_dashboard_download_urls: |
2021-05-27 20:13:29 +01:00
{{
2022-09-26 08:46:10 +03:00
(matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else [])
+
2023-01-21 11:07:04 +02:00
(prometheus_node_exporter_dashboard_urls if prometheus_node_exporter_enabled else [])
2021-05-27 20:13:29 +01:00
+
2023-02-05 10:32:09 +02:00
(prometheus_postgres_exporter_dashboard_urls if prometheus_postgres_exporter_enabled else [])
2022-12-07 15:58:36 +01:00
+
(matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
2023-07-12 01:09:27 -05:00
+
(matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
2024-07-25 12:19:08 -05:00
+
(matrix_synapse_usage_exporter_dashboard_urls if matrix_synapse_usage_exporter_enabled else [])
2021-05-27 20:13:29 +01:00
}}
2023-02-15 10:52:25 +02:00
grafana_provisioning_dashboard_template_files: |
{{
([{
'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
'name': 'nginx-proxy.json',
}] if matrix_prometheus_nginxlog_exporter_enabled else [])
}}
2023-02-15 10:30:58 +02:00
grafana_default_home_dashboard_path: |-
2022-09-26 08:23:54 +03:00
{{
{
2023-02-15 10:30:58 +02:00
'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled and matrix_synapse_metrics_enabled else ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else '')),
'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
2022-09-26 08:23:54 +03:00
}[matrix_homeserver_implementation]
}}
2021-01-29 09:10:49 +01:00
######################################################################
#
2023-02-15 10:30:58 +02:00
# /etke/grafana
2021-01-29 09:10:49 +01:00
#
######################################################################
2023-03-21 07:38:12 +02:00
2020-09-01 13:46:05 +03:00
######################################################################
#
# matrix-registration
#
######################################################################
matrix_registration_enabled: false
2024-01-12 17:17:12 +02:00
matrix_registration_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_registration_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_registration_path_prefix: /matrix-registration
matrix_registration_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_registration_database_hostname == devture_postgres_connection_hostname) else [])
}}
matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
2023-02-13 15:37:12 +02:00
matrix_registration_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8767') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2020-09-01 13:46:05 +03:00
2024-01-12 17:17:12 +02:00
matrix_registration_container_network: "{{ matrix_addons_container_network }}"
matrix_registration_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_registration_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_facebook_container_network != devture_postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_registration_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_registration_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_registration_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_registration_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-05-25 16:14:26 +03:00
matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"
2020-09-01 13:46:05 +03:00
2021-12-23 18:04:26 +02:00
matrix_registration_shared_secret: |-
{{
{
2024-01-17 16:57:06 +02:00
'synapse': matrix_synapse_registration_shared_secret | default (''),
'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
2022-08-05 09:01:59 -05:00
'conduit': '',
2021-12-23 18:04:26 +02:00
}[matrix_homeserver_implementation]
}}
2020-09-01 13:46:05 +03:00
2024-01-12 17:17:12 +02:00
matrix_registration_server_location: "{{ matrix_addons_homeserver_client_api_url }}"
2020-09-01 13:46:05 +03:00
2024-01-14 18:42:14 +02:00
matrix_registration_api_validate_certs: "{{ matrix_playbook_ssl_enabled }}"
2020-09-01 13:46:05 +03:00
2022-11-27 07:23:41 +02:00
# Postgres is the default, except if not using internal Postgres server
matrix_registration_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
2022-11-27 09:16:18 +02:00
matrix_registration_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
2020-12-14 18:58:37 +02:00
2020-09-01 13:46:05 +03:00
######################################################################
#
# /matrix-registration
#
######################################################################
2021-03-16 10:18:26 +01:00
2021-01-24 17:41:11 +11:00
2023-03-07 11:57:56 +02:00
######################################################################
#
# matrix-sliding-sync
#
######################################################################
# We don't enable the sliding sync proxy by default.
matrix_sliding_sync_enabled: false
matrix_sliding_sync_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_sliding_sync_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_sliding_sync_path_prefix: /sliding-sync
2023-07-18 18:12:47 +03:00
matrix_sliding_sync_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
2023-03-07 11:57:56 +02:00
2024-01-05 06:28:42 +02:00
matrix_sliding_sync_container_network: "{{ matrix_homeserver_container_network }}"
2023-03-07 11:57:56 +02:00
matrix_sliding_sync_container_additional_networks: |
{{
(
2024-01-05 06:04:44 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_sliding_sync_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
2023-03-07 11:57:56 +02:00
+
2024-01-02 15:56:56 +02:00
([] if matrix_homeserver_container_network in ['', matrix_sliding_sync_container_network] else [matrix_homeserver_container_network])
2023-03-07 11:57:56 +02:00
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_sliding_sync_container_network else [])
) | unique
}}
matrix_sliding_sync_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-06-10 23:30:22 +02:00
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2024-01-05 06:04:44 +02:00
matrix_sliding_sync_systemd_required_services_list_auto: |
2023-03-07 11:57:56 +02:00
{{
2024-01-02 15:56:56 +02:00
matrix_homeserver_systemd_services_list
2023-03-07 11:57:56 +02:00
+
2024-01-05 06:04:44 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_sliding_sync_database_hostname == devture_postgres_connection_hostname) else [])
2023-03-07 11:57:56 +02:00
}}
2024-01-05 06:28:42 +02:00
matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}"
2023-03-07 11:57:56 +02:00
matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.secret', rounds=655555) | to_uuid }}"
matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"
2024-06-10 23:30:22 +02:00
matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_sliding_sync_metrics_proxying_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_sliding_sync_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_sliding_sync_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/sliding-sync"
#####################################################################
2023-03-07 11:57:56 +02:00
#
# /matrix-sliding-sync
#
######################################################################
2021-01-24 17:41:11 +11:00
######################################################################
#
# matrix-dendrite
#
######################################################################
2021-12-23 16:28:34 +02:00
matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}"
2024-01-11 11:30:42 +02:00
matrix_dendrite_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-14 11:51:30 +02:00
matrix_dendrite_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"
2024-01-05 16:46:30 +02:00
matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}"
2024-01-26 12:55:01 +02:00
matrix_dendrite_container_additional_networks_auto: |
2024-01-05 16:46:30 +02:00
{{
(
2024-01-11 11:30:42 +02:00
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_dendrite_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_dendrite_container_network) else [])
) | unique
2024-01-05 16:46:30 +02:00
}}
2023-02-13 15:37:12 +02:00
matrix_dendrite_container_http_host_bind_address: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_dendrite_http_bind_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
2023-02-10 15:50:35 +02:00
matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite_https_bind_port or not matrix_playbook_service_host_bind_interface_prefix else (matrix_playbook_service_host_bind_interface_prefix + matrix_dendrite_https_bind_port | string) }}"
2021-12-23 18:47:50 +02:00
2024-01-11 11:30:42 +02:00
matrix_dendrite_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_dendrite_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_dendrite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-14 10:29:38 +02:00
matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
2024-01-11 11:31:12 +02:00
2024-01-14 10:29:38 +02:00
matrix_dendrite_container_labels_public_client_root_redirection_enabled: "{{ matrix_dendrite_container_labels_public_client_root_redirection_url != '' }}"
matrix_dendrite_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
2024-01-11 11:30:42 +02:00
2024-01-26 16:04:55 +02:00
matrix_dendrite_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
2024-01-15 09:39:36 +02:00
matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_dendrite_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
2024-01-11 11:30:42 +02:00
2024-01-14 10:29:38 +02:00
matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
2024-01-11 12:02:15 +02:00
2024-01-23 16:43:23 +02:00
matrix_dendrite_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
2024-01-11 12:02:15 +02:00
matrix_dendrite_metrics_proxying_enabled: "{{ matrix_dendrite_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_dendrite_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_dendrite_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/dendrite"
2022-11-25 23:27:43 -08:00
matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
2021-10-27 15:06:29 +03:00
2022-11-27 08:31:54 +02:00
matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
2022-11-27 08:23:43 +02:00
Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.
After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.
These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.
The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).
Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):
> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
2021-01-24 17:41:11 +11:00
# Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway.
2022-11-25 23:27:43 -08:00
matrix_dendrite_client_api_turn_uris: |
2021-01-24 17:41:11 +11:00
{{
[
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
]
if matrix_coturn_enabled
else []
}}
2024-02-18 09:52:00 +02:00
matrix_dendrite_client_api_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_dendrite_client_api_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_dendrite_client_api_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
2021-01-24 17:41:11 +11:00
2024-01-14 18:42:14 +02:00
matrix_dendrite_disable_tls_validation: "{{ not matrix_playbook_ssl_enabled }}"
2021-01-24 17:41:11 +11:00
2024-01-14 18:42:14 +02:00
matrix_dendrite_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
2021-12-18 10:50:44 +02:00
2021-12-23 14:48:59 +02:00
matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}"
2024-01-05 16:46:30 +02:00
matrix_dendrite_systemd_required_services_list_auto: |
2021-01-24 17:41:11 +11:00
{{
2024-01-05 16:46:30 +02:00
([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
2021-01-24 17:41:11 +11:00
+
2022-10-11 00:43:22 +01:00
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
2021-01-24 17:41:11 +11:00
}}
2024-01-11 11:30:42 +02:00
matrix_dendrite_systemd_wanted_services_list_auto: |
2021-01-24 17:41:11 +11:00
{{
(['matrix-coturn.service'] if matrix_coturn_enabled else [])
}}
2024-04-08 08:02:55 +03:00
matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
2022-11-22 21:36:49 +02:00
matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
2022-08-24 11:08:12 +05:30
2021-01-24 17:41:11 +11:00
######################################################################
#
# /matrix-dendrite
#
######################################################################
2022-08-04 14:35:41 -05:00
2024-01-05 16:46:30 +02:00
2022-08-04 14:35:41 -05:00
######################################################################
#
# matrix-conduit
#
######################################################################
matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"
2024-01-11 09:17:13 +02:00
matrix_conduit_hostname: "{{ matrix_server_fqn_matrix }}"
2024-01-14 11:51:30 +02:00
matrix_conduit_allow_federation: "{{ matrix_homeserver_federation_enabled }}"
2024-01-05 16:46:30 +02:00
matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}"
2022-08-04 14:35:41 -05:00
2024-01-11 08:56:51 +02:00
matrix_conduit_container_additional_networks_auto: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_conduit_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
) | unique
}}
matrix_conduit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_conduit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_conduit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_conduit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-14 10:29:38 +02:00
matrix_conduit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduit_container_labels_public_client_root_redirection_url != '' }}"
matrix_conduit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
2024-01-11 08:56:51 +02:00
2024-01-26 16:04:55 +02:00
matrix_conduit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
2024-01-15 09:39:36 +02:00
matrix_conduit_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_conduit_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
2024-01-11 08:56:51 +02:00
2024-01-14 10:40:46 +02:00
matrix_conduit_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_conduit_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
2024-01-11 07:52:28 +02:00
matrix_conduit_turn_uris: |
{{
2024-01-26 13:07:09 +02:00
([
2024-01-11 07:52:28 +02:00
'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
2024-01-26 13:07:09 +02:00
] if matrix_coturn_enabled and matrix_coturn_tls_enabled else [])
2024-01-11 07:52:28 +02:00
+
2024-01-26 13:07:09 +02:00
([
2024-01-11 07:52:28 +02:00
'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
2024-01-26 13:07:09 +02:00
] if matrix_coturn_enabled else [])
2024-01-11 07:52:28 +02:00
}}
2024-02-18 09:52:00 +02:00
matrix_conduit_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_conduit_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_conduit_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
2024-01-11 07:52:28 +02:00
2022-08-04 14:35:41 -05:00
######################################################################
#
# /matrix-conduit
#
######################################################################
2022-11-01 16:22:58 +02:00
######################################################################
#
# matrix-user-creator
#
######################################################################
matrix_user_creator_users_auto: |
{{
2023-07-24 12:57:06 +02:00
([{
'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
'initial_password': matrix_bot_matrix_registration_bot_bot_password,
'initial_type': 'admin',
}] if matrix_bot_matrix_registration_bot_enabled else [])
+
2024-09-12 15:19:40 +03:00
([{
'username': matrix_bot_baibot_config_user_mxid_localpart,
'initial_password': matrix_bot_baibot_config_user_password,
'initial_type': 'bot',
}] if matrix_bot_baibot_enabled else [])
+
2023-12-23 13:30:39 +02:00
([{
'username': matrix_bot_chatgpt_matrix_bot_username_localpart,
'initial_password': matrix_bot_chatgpt_matrix_bot_password,
'initial_type': 'bot',
}] if matrix_bot_chatgpt_enabled and matrix_bot_chatgpt_matrix_bot_password | length > 0 else [])
+
2022-11-22 15:46:00 +02:00
([{
2022-11-01 16:22:58 +02:00
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
'initial_type': 'bot',
2022-11-22 15:46:00 +02:00
}] if matrix_bot_matrix_reminder_bot_enabled else [])
2022-11-01 16:22:58 +02:00
+
2022-11-22 15:46:00 +02:00
([{
2022-11-01 16:22:58 +02:00
'username': matrix_bot_honoroit_login,
'initial_password': matrix_bot_honoroit_password,
'initial_type': 'bot',
2022-11-22 15:46:00 +02:00
}] if matrix_bot_honoroit_enabled else [])
2022-11-01 16:22:58 +02:00
+
2022-11-22 15:46:00 +02:00
([{
2022-11-01 16:22:58 +02:00
'username': matrix_bot_postmoogle_login,
'initial_password': matrix_bot_postmoogle_password,
'initial_type': 'bot',
2022-11-22 15:46:00 +02:00
}] if matrix_bot_postmoogle_enabled else [])
2022-11-01 17:03:53 +02:00
+
2022-11-22 15:46:00 +02:00
([{
2022-11-01 17:03:53 +02:00
'username': matrix_bot_buscarron_login,
'initial_password': matrix_bot_buscarron_password,
'initial_type': 'bot',
2022-11-22 15:46:00 +02:00
}] if matrix_bot_buscarron_enabled else [])
2024-06-19 13:58:10 +02:00
+
([{
'username': matrix_bot_maubot_login,
'initial_password': matrix_bot_maubot_initial_password,
'initial_type': 'bot',
}] if matrix_bot_maubot_enabled else [])
2022-11-01 16:22:58 +02:00
}}
######################################################################
#
# /matrix-user-creator
#
######################################################################
2023-01-04 13:45:37 +01:00
######################################################################
#
# matrix-user-verification-service
#
######################################################################
2023-02-06 13:23:11 +01:00
matrix_user_verification_service_enabled: false
2024-01-13 17:31:03 +02:00
2023-01-04 13:45:37 +01:00
matrix_user_verification_service_systemd_required_services_list: |
2023-07-28 17:26:05 +03:00
{{
2024-06-05 23:12:34 +08:00
[devture_systemd_docker_base_docker_service_name]
2023-07-28 17:26:05 +03:00
+
(['matrix-' + matrix_homeserver_implementation + '.service'])
}}
2024-01-13 17:31:03 +02:00
matrix_user_verification_service_container_network: "{{ matrix_addons_container_network }}"
2023-07-28 17:26:05 +03:00
matrix_user_verification_service_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else [])
) | unique
}}
2023-01-04 13:45:37 +01:00
# If Jitsi is managed by this playbook we can use the docker network - no need to expose a port.
# If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
2023-02-10 15:50:35 +02:00
# matrix-user-verfification-services's client-server port to port 3003.
2023-02-06 13:06:14 +01:00
# By default Matrix-User-Verification-Service binds to port 3000, which collides with grafana, therefore this uses port 3003.
2023-04-03 08:53:46 +03:00
matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (jitsi_enabled | bool and jitsi_enable_auth | bool and jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"
2023-01-04 13:45:37 +01:00
# URL exposed in the docker network
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
2024-01-07 17:04:23 +02:00
matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
2023-02-06 12:15:54 +01:00
# We connect via the container network (private IPs), so we need to disable IP checks
2023-01-04 13:45:37 +01:00
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-user-verification-service
#
######################################################################
2023-02-10 14:37:08 +02:00
2024-01-03 13:05:59 +02:00
########################################################################
# #
# matrix-static-files #
# #
########################################################################
matrix_static_files_enabled: true
2024-01-17 08:46:48 +02:00
matrix_static_files_container_network: "{{ (matrix_static_files_identifier if matrix_playbook_reverse_proxy_type == 'none' else matrix_playbook_reverse_proxy_container_network) }}"
2024-01-03 13:05:59 +02:00
matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2024-01-03 14:39:17 +02:00
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
# Base domain serving is not enabled by default (see `matrix_static_files_container_labels_base_domain_enabled`),
# but we pass the hostname, so that enabling it is easy.
matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_domain }}"
2024-01-31 12:13:20 +02:00
# If we're not serving a static webpage, serve a redirect instead of a 404.
matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: "{{ not matrix_static_files_file_index_html_enabled }}"
2024-05-25 16:14:26 +03:00
matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}"
2024-01-31 12:13:20 +02:00
2024-01-03 13:44:19 +02:00
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
2024-01-03 13:05:59 +02:00
matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"
matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
2024-05-25 16:14:26 +03:00
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json"
2024-01-03 13:05:59 +02:00
matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
2024-05-25 16:14:26 +03:00
matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
2024-01-03 13:44:19 +02:00
matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}"
2024-01-03 13:05:59 +02:00
########################################################################
# #
# /matrix-static-files #
# #
########################################################################
2023-03-06 09:08:04 +02:00
########################################################################
# #
# com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
devture_container_socket_proxy_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
devture_container_socket_proxy_identifier: matrix-container-socket-proxy
devture_container_socket_proxy_base_path: "{{ matrix_base_data_path }}/container-socket-proxy"
devture_container_socket_proxy_uid: "{{ matrix_user_uid }}"
devture_container_socket_proxy_gid: "{{ matrix_user_gid }}"
# Traefik requires read access to the containers APIs to do its job
devture_container_socket_proxy_api_containers_enabled: true
########################################################################
# #
# /com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
2023-02-06 10:34:51 +02:00
########################################################################
# #
# com.devture.ansible.role.traefik #
# #
########################################################################
2023-02-11 08:44:11 +02:00
devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
2023-02-06 10:34:51 +02:00
Relocate Traefik (to matrix-traefik.service && /matrix/traefik base path)
The migration is automatic. Existing users should experience a bit of
downtime until the playbook runs to completion, but don't need to do
anything manually.
This change is provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2535
While my statements there ("Traefik is a shared component among
sibling/related playbooks and should retain its global
non-matrix-prefixed name and path") do make sense, there's another point
of view as well.
With the addition of docker-socket-proxy support in bf2b54080789f7e,
we potentially introduced another non-`matrix-`-prefixed systemd service
and global path (`/devture-container-socket-proxy`). It would have
started to become messy.
Traefik always being called `devture-traefik.service` and using the `/devture-traefik` path
has the following downsides:
- different playbooks may write to the same place, unintentionally,
before you disable the Traefik role in some of them.
If each playbook manages its own installation, no such conflicts
arise and you'll learn about the conflict when one of them starts its
Traefik service and fails because the ports are already in use
- the data is scattered - backing up `/matrix` is no longer enough when
some stuff lives in `/devture-traefik` or `/devture-container-socket-proxy` as well;
similarly, deleting `/matrix` is no longer enough to clean up
For this reason, the Traefik instance managed by this playbook
will now be called `matrix-traefik` and live under `/matrix/traefik`.
This also makes it obvious to users running multiple playbooks, which
Traefik instance (powered by which playbook) is the active one.
Previously, you'd look at `devture-traefik.service` and wonder which
role was managing it.
2023-03-06 09:32:13 +02:00
devture_traefik_identifier: matrix-traefik
devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik"
2023-02-06 10:34:51 +02:00
devture_traefik_uid: "{{ matrix_user_uid }}"
devture_traefik_gid: "{{ matrix_user_gid }}"
2023-04-04 02:31:49 +00:00
devture_traefik_additional_entrypoints_auto: |
{{
2024-01-14 09:23:36 +02:00
([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else [])
2024-01-14 10:23:55 +02:00
+
([matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition] if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else [])
2023-04-04 02:31:49 +00:00
}}
2023-02-06 13:08:11 +02:00
2023-03-06 09:08:04 +02:00
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
2023-12-05 09:17:20 +02:00
devture_traefik_container_additional_networks_auto: |
2023-03-06 09:08:04 +02:00
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
}}
devture_traefik_systemd_required_services_list: |
{{
2024-06-05 23:12:34 +08:00
([devture_systemd_docker_base_docker_service_name])
2023-03-06 09:08:04 +02:00
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
}}
2023-02-06 10:34:51 +02:00
########################################################################
# #
# /com.devture.ansible.role.traefik #
# #
########################################################################
2023-02-08 16:05:38 +02:00
########################################################################
# #
# com.devture.ansible.role.traefik_certs_dumper #
# #
########################################################################
2023-03-01 09:44:54 +02:00
devture_traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled and devture_traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"
2023-02-08 16:05:38 +02:00
devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper
devture_traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper"
devture_traefik_certs_dumper_uid: "{{ matrix_user_uid }}"
devture_traefik_certs_dumper_gid: "{{ matrix_user_gid }}"
2023-02-11 08:54:07 +02:00
devture_traefik_certs_dumper_ssl_dir_path: "{{ devture_traefik_ssl_dir_path if devture_traefik_enabled else '' }}"
2023-02-08 16:05:38 +02:00
########################################################################
# #
# /com.devture.ansible.role.traefik_certs_dumper #
# #
########################################################################
2024-09-25 14:53:48 +10:00
########################################################################
# #
# matrix-element-call #
# #
########################################################################
# Matrix Element Call Configuration
matrix_element_call_enabled: false # Default is false; should be enabled in host_vars as needed
matrix_element_call_version: "latest" # Default version; can be overridden in host_vars
matrix_element_call_scheme: "https" # Scheme for Element Call (e.g., https)
matrix_element_call_hostname: "call.{{ matrix_domain }}" # Default hostname; should be overridden in host_vars if different
matrix_element_call_path_prefix: "/" # Path prefix for Element Call
matrix_element_call_base_path: "{{ matrix_base_data_path }}/element-call" # Base path for storing Element Call-related files
matrix_element_call_container_image: "ghcr.io/element-hq/element-call:{{ matrix_element_call_version }}"
matrix_element_call_container_image_name_prefix: ghcr.io/
matrix_element_call_container_image_registry_prefix: ghcr.io/
matrix_element_call_container_image_force_pull: true
# Docker network configuration for Element Call
matrix_element_call_container_network: "{{ matrix_homeserver_container_network }}" # Use the homeserver network by default
# Traefik Configuration for Element Call
matrix_element_call_container_labels_traefik_enabled: true
2024-09-26 15:38:12 +10:00
matrix_element_call_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
2024-09-25 14:53:48 +10:00
matrix_element_call_container_labels_traefik_hostname: "{{ matrix_element_call_hostname }}"
matrix_element_call_container_labels_traefik_path_prefix: "{{ matrix_element_call_path_prefix }}"
matrix_element_call_container_labels_traefik_rule: "Host(`{{ matrix_element_call_container_labels_traefik_hostname }}`)"
matrix_element_call_container_labels_traefik_entrypoints: "websecure"
matrix_element_call_container_labels_traefik_tls_certResolver: "default"
2024-09-27 09:14:29 +10:00
matrix_element_call_container_labels_traefik_additional_response_headers: {}
2024-09-25 14:53:48 +10:00
# JWT Service Configuration
matrix_element_call_jwt_service_url: "https://sfu-jwt.{{ matrix_domain }}" # Default JWT service URL; adjust as needed
# LiveKit Service Configuration
matrix_element_call_livekit_service_url: "https://sfu.{{ matrix_domain }}" # Default LiveKit service URL; adjust as needed
matrix_element_call_livekit_dev_key: "{{ matrix_livekit_dev_key }}" # LiveKit dev key
# Redis Configuration for Element Call
matrix_element_call_redis_hostname: "localhost" # Default Redis hostname; can be overridden
matrix_element_call_redis_port: 6379 # Default Redis port; can be overridden
matrix_element_call_redis_password: "" # Redis password; should be set in host_vars if needed
# Additional environment variables for the container
matrix_element_call_environment_variables_additional: {}
# Additional arguments or configuration options for the Docker container
matrix_element_call_container_extra_arguments: []
# Enable or disable metrics collection
matrix_element_call_metrics_enabled: false
matrix_element_call_metrics_port: 2112
########################################################################
# #
# /matrix-element-call #
# #
2024-09-26 15:38:12 +10:00
########################################################################