diff --git a/README.md b/README.md
index 912febc04..71d46f822 100644
--- a/README.md
+++ b/README.md
@@ -103,6 +103,7 @@ Bridges can be used to connect your matrix installation with third-party communi
| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) |
| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
+| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge for bridging your Matrix server to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) |
| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
diff --git a/docs/configuring-playbook-bridge-mautrix-gmessages.md b/docs/configuring-playbook-bridge-mautrix-gmessages.md
new file mode 100644
index 000000000..a73c581a1
--- /dev/null
+++ b/docs/configuring-playbook-bridge-mautrix-gmessages.md
@@ -0,0 +1,52 @@
+# Setting up Mautrix gmessages (optional)
+
+The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you.
+
+See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you.
+
+Use the following playbook configuration:
+
+```yaml
+matrix_mautrix_gmessages_enabled: true
+```
+gmessages multidevice beta is required, now it is enough if gmessages is connected to the Internet every 2 weeks.
+
+The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file:
+```yaml
+matrix_mautrix_gmessages_bridge_relay_enabled: true
+```
+
+By default, only admins are allowed to set themselves as relay users. To allow anyone on your homeserver to set themselves as relay users add this to your `vars.yml` file:
+```yaml
+matrix_mautrix_gmessages_bridge_relay_admin_only: false
+```
+
+If you want to activate the relay bot in a room, use `!gmessages set-relay`.
+Use `!gmessages unset-relay` to deactivate.
+
+## Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
+
+### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+### Method 2: manually, by asking each user to provide a working access token
+
+**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
+
+When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
+
+- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
+
+- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
+
+- make sure you don't log out the `Mautrix-gmessages` device some time in the future, as that would break the Double Puppeting feature
+
+
+## Usage
+
+You then need to start a chat with `@gmessagesbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
diff --git a/docs/container-images.md b/docs/container-images.md
index 737a44578..e89161f7e 100644
--- a/docs/container-images.md
+++ b/docs/container-images.md
@@ -46,6 +46,8 @@ These services are not part of our default installation, but can be enabled by [
- [mautrix/telegram](https://mau.dev/mautrix/telegram/container_registry) - the [mautrix-telegram](https://github.com/mautrix/telegram) bridge to [Telegram](https://telegram.org/) (optional)
+- [mautrix/gmessages](https://mau.dev/mautrix/gmessages/container_registry) - the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge to [Google Messages](https://messages.google.com/) (optional)
+
- [mautrix/whatsapp](https://mau.dev/mautrix/whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
- [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
diff --git a/docs/self-building.md b/docs/self-building.md
index ad29fc2da..b959f6f67 100644
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -33,6 +33,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl
- `matrix-bridge-mautrix-telegram`
- `matrix-bridge-mautrix-signal`
- `matrix-bridge-mautrix-whatsapp`
+- `matrix-bridge-mautrix-gmessages`
- `matrix-bridge-mx-puppet-steam`
- `matrix-bot-mjolnir`
- `matrix-bot-honoroit`
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 8d7197f15..a2aa64ea7 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -101,6 +101,8 @@ matrix_homeserver_container_extra_arguments_auto: |
+
(['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
+
+ (['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else [])
+ +
(['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
@@ -158,6 +160,8 @@ matrix_homeserver_app_service_config_files_auto: |
+
(['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
+
+ (['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else [])
+ +
(['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
+
(['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
@@ -270,6 +274,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
+
+ ([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else [])
+ +
([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
+
([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
@@ -1153,6 +1159,51 @@ matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_ge
#
######################################################################
+######################################################################
+#
+# matrix-bridge-mautrix-gmessages
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_gmessages_enabled: false
+
+matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+matrix_mautrix_gmessages_systemd_required_services_list: |
+ {{
+ ['docker.service']
+ +
+ ['matrix-' + matrix_homeserver_implementation + '.service']
+ +
+ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+ +
+ (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+ }}
+
+matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
+# - `matrix_mautrix_twitter_metrics_enabled`
+# - `matrix_mautrix_twitter_proxying_metrics_enabled`
+# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
+matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled }}"
+
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-gmessages
+#
+######################################################################
+
######################################################################
#
# matrix-bridge-mautrix-whatsapp
@@ -3016,6 +3067,12 @@ devture_postgres_managed_databases_auto: |
'password': matrix_mautrix_twitter_database_password,
}] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else [])
+
+ ([{
+ 'name': matrix_mautrix_gmessages_database_name,
+ 'username': matrix_mautrix_gmessages_database_username,
+ 'password': matrix_mautrix_gmessages_database_password,
+ }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else [])
+ +
([{
'name': matrix_mautrix_whatsapp_database_name,
'username': matrix_mautrix_whatsapp_database_username,
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
new file mode 100644
index 000000000..37074d09f
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -0,0 +1,151 @@
+---
+# mautrix-gmessages is a Matrix <-> gmessages bridge
+# Project source code URL: https://github.com/mautrix/gmessages
+
+matrix_mautrix_gmessages_enabled: true
+
+matrix_mautrix_gmessages_container_image_self_build: false
+matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git"
+matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
+
+matrix_mautrix_gmessages_version: v0.9.0
+# See: https://mau.dev/mautrix/gmessages/container_registry
+matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
+matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}"
+matrix_mautrix_gmessages_docker_image_force_pull: "{{ matrix_mautrix_gmessages_docker_image.endswith(':latest') }}"
+
+matrix_mautrix_gmessages_base_path: "{{ matrix_base_data_path }}/mautrix-gmessages"
+matrix_mautrix_gmessages_config_path: "{{ matrix_mautrix_gmessages_base_path }}/config"
+matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/data"
+matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src"
+
+matrix_mautrix_gmessages_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
+matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
+
+matrix_mautrix_gmessages_command_prefix: "!gm"
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_gmessages_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-gmessages.service depends on.
+matrix_mautrix_gmessages_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-gmessages.service wants
+matrix_mautrix_gmessages_systemd_wanted_services_list: []
+
+matrix_mautrix_gmessages_appservice_token: ''
+matrix_mautrix_gmessages_homeserver_token: ''
+
+matrix_mautrix_gmessages_appservice_bot_username: gmessagesbot
+
+# Minimum severity of journal log messages.
+# Options: debug, info, warn, error, fatal
+matrix_mautrix_gmessages_logging_level: 'warn'
+
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_gmessages_federate_rooms: true
+
+# Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_gmessages_metrics_proxying_enabled`.
+matrix_mautrix_gmessages_metrics_enabled: false
+
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-gmessages`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_gmessages_metrics_proxying_enabled: false
+
+# Database-related configuration fields.
+#
+# To use SQLite, stick to these defaults.
+#
+# To use Postgres:
+# - change the engine (`matrix_mautrix_gmessages_database_engine: 'postgres'`)
+# - adjust your database credentials via the `matrix_mautrix_gmessages_database_*` variables
+matrix_mautrix_gmessages_database_engine: 'sqlite'
+
+matrix_mautrix_gmessages_sqlite_database_path_local: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
+matrix_mautrix_gmessages_sqlite_database_path_in_container: "/data/mautrix-gmessages.db"
+
+matrix_mautrix_gmessages_database_username: 'matrix_mautrix_gmessages'
+matrix_mautrix_gmessages_database_password: 'some-password'
+matrix_mautrix_gmessages_database_hostname: ''
+matrix_mautrix_gmessages_database_port: 5432
+matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages'
+
+matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode=disable'
+
+matrix_mautrix_gmessages_appservice_database_type: "{{
+ {
+ 'sqlite': 'sqlite3',
+ 'postgres':'postgres',
+ }[matrix_mautrix_gmessages_database_engine]
+}}"
+
+matrix_mautrix_gmessages_appservice_database_uri: "{{
+ {
+ 'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
+ 'postgres': matrix_mautrix_gmessages_database_connection_string,
+ }[matrix_mautrix_gmessages_database_engine]
+}}"
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mautrix_gmessages_login_shared_secret: ''
+matrix_mautrix_gmessages_bridge_login_shared_secret_map:
+ "{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
+matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
+
+matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
+matrix_mautrix_gmessages_bridge_mute_bridging: true
+
+matrix_mautrix_gmessages_bridge_permissions: |
+ {{
+ {matrix_mautrix_gmessages_homeserver_domain: 'user'}
+ | combine({matrix_admin: 'admin'} if matrix_admin else {})
+ }}
+
+# Default mautrix-gmessages configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mautrix_gmessages_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mautrix_gmessages_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mautrix_gmessages_configuration_extension_yaml: |
+ # Your custom YAML configuration goes here.
+ # This configuration extends the default starting configuration (`matrix_mautrix_gmessages_configuration_yaml`).
+ #
+ # You can override individual variables from the default configuration, or introduce new ones.
+ #
+ # If you need something more special, you can take full control by
+ # completely redefining `matrix_mautrix_gmessages_configuration_yaml`.
+
+matrix_mautrix_gmessages_configuration_extension: "{{ matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml if matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_gmessages_configuration_yaml`.
+matrix_mautrix_gmessages_configuration: "{{ matrix_mautrix_gmessages_configuration_yaml | from_yaml | combine(matrix_mautrix_gmessages_configuration_extension, recursive=True) }}"
+
+matrix_mautrix_gmessages_registration_yaml: |
+ id: gmessages
+ url: {{ matrix_mautrix_gmessages_appservice_address }}
+ as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
+ hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
+ # See https://github.com/mautrix/signal/issues/43
+ sender_localpart: _bot_{{ matrix_mautrix_gmessages_appservice_bot_username }}
+ rate_limited: false
+ namespaces:
+ users:
+ - regex: '^@gmessages_[0-9]+:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
+ exclusive: true
+ - exclusive: true
+ regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
+ de.sorunome.msc2409.push_ephemeral: true
+
+matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}"
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml
new file mode 100644
index 000000000..e7115c317
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml
@@ -0,0 +1,35 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+ ansible.builtin.fail:
+ msg: >-
+ Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
+ but it's pointless since the matrix-nginx-proxy role had already executed.
+ To fix this, please change the order of roles in your playbook,
+ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-gmessages role.
+ when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- when: matrix_mautrix_gmessages_metrics_proxying_enabled | bool
+ block:
+ - name: Generate mautrix-gmessages metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages)
+ ansible.builtin.set_fact:
+ matrix_mautrix_gmessages_nginx_metrics_configuration_block: |
+ location /metrics/mautrix-gmessages {
+ {% if matrix_nginx_proxy_enabled | default(False) %}
+ {# Use the embedded DNS resolver in Docker containers to discover the service #}
+ resolver 127.0.0.11 valid=5s;
+ set $backend "matrix-mautrix-gmessages:8001";
+ proxy_pass http://$backend/metrics;
+ {% else %}
+ return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
+ {% endif %}
+ }
+
+ - name: Register mautrix-gmessages metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages)
+ ansible.builtin.set_fact:
+ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+ {{
+ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+ +
+ [matrix_mautrix_gmessages_nginx_metrics_configuration_block]
+ }}
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml
new file mode 100644
index 000000000..45da31da8
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- tags:
+ - setup-all
+ - setup-nginx-proxy
+ - install-all
+ - install-nginx-proxy
+ block:
+ - when: matrix_mautrix_gmessages_enabled | bool and matrix_mautrix_gmessages_metrics_enabled | bool
+ ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+
+- tags:
+ - setup-all
+ - setup-mautrix-gmessages
+ - install-all
+ - install-mautrix-gmessages
+ block:
+ - when: matrix_mautrix_gmessages_enabled | bool
+ ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+ - when: matrix_mautrix_gmessages_enabled | bool
+ ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+ - setup-all
+ - setup-mautrix-gmessages
+ block:
+ - when: not matrix_mautrix_gmessages_enabled | bool
+ ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml
new file mode 100644
index 000000000..73038c4c1
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml
@@ -0,0 +1,140 @@
+---
+
+- ansible.builtin.set_fact:
+ matrix_mautrix_gmessages_requires_restart: false
+
+- when: "matrix_mautrix_gmessages_database_engine == 'postgres'"
+ block:
+ - name: Check if an SQLite database already exists
+ ansible.builtin.stat:
+ path: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
+ register: matrix_mautrix_gmessages_sqlite_database_path_local_stat_result
+
+ - when: "matrix_mautrix_gmessages_sqlite_database_path_local_stat_result.stat.exists | bool"
+ block:
+ - ansible.builtin.include_role:
+ name: galaxy/com.devture.ansible.role.postgres
+ tasks_from: migrate_db_to_postgres
+ vars:
+ devture_postgres_db_migration_request:
+ src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
+ dst: "{{ matrix_mautrix_gmessages_database_connection_string }}"
+ caller: "{{ role_path | basename }}"
+ engine_variable_name: 'matrix_mautrix_gmessages_database_engine'
+ engine_old: 'sqlite'
+ systemd_services_to_stop: ['matrix-mautrix-gmessages.service']
+ pgloader_options: ['--with "quote identifiers"']
+
+ - ansible.builtin.set_fact:
+ matrix_mautrix_gmessages_requires_restart: true
+
+- name: Ensure Mautrix gmessages paths exists
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: directory
+ mode: 0750
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+ with_items:
+ - {path: "{{ matrix_mautrix_gmessages_base_path }}", when: true}
+ - {path: "{{ matrix_mautrix_gmessages_config_path }}", when: true}
+ - {path: "{{ matrix_mautrix_gmessages_data_path }}", when: true}
+ - {path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}", when: "{{ matrix_mautrix_gmessages_container_image_self_build }}"}
+ when: item.when | bool
+
+- name: Ensure Mautrix gmessages image is pulled
+ community.docker.docker_image:
+ name: "{{ matrix_mautrix_gmessages_docker_image }}"
+ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+ force_source: "{{ matrix_mautrix_gmessages_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_docker_image_force_pull }}"
+ when: not matrix_mautrix_gmessages_container_image_self_build
+ register: result
+ retries: "{{ devture_playbook_help_container_retries_count }}"
+ delay: "{{ devture_playbook_help_container_retries_delay }}"
+ until: result is not failed
+
+- name: Ensure Mautrix gmessages repository is present on self-build
+ ansible.builtin.git:
+ repo: "{{ matrix_mautrix_gmessages_container_image_self_build_repo }}"
+ dest: "{{ matrix_mautrix_gmessages_docker_src_files_path }}"
+ version: "{{ matrix_mautrix_gmessages_container_image_self_build_branch }}"
+ force: "yes"
+ become: true
+ become_user: "{{ matrix_user_username }}"
+ register: matrix_mautrix_gmessages_git_pull_results
+ when: "matrix_mautrix_gmessages_container_image_self_build | bool"
+
+- name: Ensure Mautrix gmessages Docker image is built
+ community.docker.docker_image:
+ name: "{{ matrix_mautrix_gmessages_docker_image }}"
+ source: build
+ force_source: "{{ matrix_mautrix_gmessages_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_git_pull_results.changed }}"
+ build:
+ dockerfile: Dockerfile
+ path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}"
+ pull: true
+ when: "matrix_mautrix_gmessages_container_image_self_build | bool"
+
+- name: Check if an old database file exists
+ ansible.builtin.stat:
+ path: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db"
+ register: matrix_mautrix_gmessages_stat_database
+
+- name: Check if an old matrix state file exists
+ ansible.builtin.stat:
+ path: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json"
+ register: matrix_mautrix_gmessages_stat_mx_state
+
+- name: (Data relocation) Ensure matrix-mautrix-gmessages.service is stopped
+ ansible.builtin.service:
+ name: matrix-mautrix-gmessages
+ state: stopped
+ enabled: false
+ daemon_reload: true
+ failed_when: false
+ when: "matrix_mautrix_gmessages_stat_database.stat.exists"
+
+- name: (Data relocation) Move mautrix-gmessages database file to ./data directory
+ ansible.builtin.command:
+ cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db {{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
+ creates: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
+ removes: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db"
+ when: "matrix_mautrix_gmessages_stat_database.stat.exists"
+
+- name: (Data relocation) Move mautrix-gmessages mx-state file to ./data directory
+ ansible.builtin.command:
+ cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mx-state.json {{ matrix_mautrix_gmessages_data_path }}/mx-state.json"
+ creates: "{{ matrix_mautrix_gmessages_data_path }}/mx-state.json"
+ removes: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json"
+ when: "matrix_mautrix_gmessages_stat_mx_state.stat.exists"
+
+- name: Ensure mautrix-gmessages config.yaml installed
+ ansible.builtin.copy:
+ content: "{{ matrix_mautrix_gmessages_configuration | to_nice_yaml(indent=2, width=999999) }}"
+ dest: "{{ matrix_mautrix_gmessages_config_path }}/config.yaml"
+ mode: 0644
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mautrix-gmessages registration.yaml installed
+ ansible.builtin.copy:
+ content: "{{ matrix_mautrix_gmessages_registration | to_nice_yaml(indent=2, width=999999) }}"
+ dest: "{{ matrix_mautrix_gmessages_config_path }}/registration.yaml"
+ mode: 0644
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mautrix-gmessages.service installed
+ ansible.builtin.template:
+ src: "{{ role_path }}/templates/systemd/matrix-mautrix-gmessages.service.j2"
+ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
+ mode: 0644
+
+- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary
+ ansible.builtin.service:
+ name: "matrix-mautrix-gmessages.service"
+ state: restarted
+ daemon_reload: true
+ when: "matrix_mautrix_gmessages_requires_restart | bool"
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml
new file mode 100644
index 000000000..e324a523e
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Check existence of matrix-mautrix-gmessages service
+ ansible.builtin.stat:
+ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
+ register: matrix_mautrix_gmessages_service_stat
+
+- when: matrix_mautrix_gmessages_service_stat.stat.exists | bool
+ block:
+ - name: Ensure matrix-mautrix-gmessages is stopped
+ ansible.builtin.service:
+ name: matrix-mautrix-gmessages
+ state: stopped
+ enabled: false
+ daemon_reload: true
+
+ - name: Ensure matrix-mautrix-gmessages.service doesn't exist
+ ansible.builtin.file:
+ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
+ state: absent
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml
new file mode 100644
index 000000000..acfffa75e
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Fail if required mautrix-gmessages settings not defined
+ ansible.builtin.fail:
+ msg: >-
+ You need to define a required configuration setting (`{{ item.name }}`).
+ when: "item.when | bool and vars[item.name] == ''"
+ with_items:
+ - {'name': 'matrix_mautrix_gmessages_appservice_token', when: true}
+ - {'name': 'matrix_mautrix_gmessages_homeserver_token', when: true}
+ - {'name': 'matrix_mautrix_gmessages_database_hostname', when: "{{ matrix_mautrix_gmessages_database_engine == 'postgres' }}"}
+
+- name: (Deprecation) Catch and report renamed settings
+ ansible.builtin.fail:
+ msg: >-
+ Your configuration contains a variable, which now has a different name.
+ Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+ when: "item.old in vars"
+ with_items:
+ - {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'}
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
new file mode 100644
index 000000000..9fa697629
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
@@ -0,0 +1,298 @@
+#jinja2: lstrip_blocks: "True"
+# Homeserver details.
+homeserver:
+ # The address that this appservice can use to connect to the homeserver.
+ address: {{ matrix_mautrix_gmessages_homeserver_address }}
+ # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+ domain: {{ matrix_mautrix_gmessages_homeserver_domain }}
+
+ # What software is the homeserver running?
+ # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+ software: standard
+ # The URL to push real-time bridge status to.
+ # If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes.
+ # The bridge will use the appservice as_token to authorize requests.
+ status_endpoint: null
+ # Endpoint for reporting per-message status.
+ message_send_checkpoint_endpoint: null
+ # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+ async_media: false
+
+ # Should the bridge use a websocket for connecting to the homeserver?
+ # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+ # mautrix-asmux (deprecated), and hungryserv (proprietary).
+ websocket: false
+ # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+ ping_interval_seconds: 0
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration.
+appservice:
+ # The address that the homeserver can use to connect to this appservice.
+ address: {{ matrix_mautrix_gmessages_appservice_address }}
+
+ # The hostname and port where this appservice should listen.
+ hostname: 0.0.0.0
+ port: 29336
+
+ # Database config.
+ database:
+ # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+ type: postgres
+ # The database URI.
+ # SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+ # https://github.com/mattn/go-sqlite3#connection-string
+ # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+ # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+ uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
+ # Maximum number of connections. Mostly relevant for Postgres.
+ max_open_conns: 20
+ max_idle_conns: 2
+ # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+ # Parsed with https://pkg.go.dev/time#ParseDuration
+ max_conn_idle_time: null
+ max_conn_lifetime: null
+
+ # The unique ID of this appservice.
+ id: gmessages
+ # Appservice bot details.
+ bot:
+ # Username of the appservice bot.
+ username: {{ matrix_mautrix_gmessages_appservice_bot_username|to_json }}
+ # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+ # to leave display name/avatar as-is.
+ displayname: Google Messages bridge bot
+ avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb
+
+ # Whether or not to receive ephemeral events via appservice transactions.
+ # Requires MSC2409 support (i.e. Synapse 1.22+).
+ ephemeral_events: true
+
+ # Should incoming events be handled asynchronously?
+ # This may be necessary for large public instances with lots of messages going through.
+ # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+ async_transactions: false
+
+ # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+ as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
+ hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
+
+# Segment API key to track some events, like provisioning API login and encryption errors.
+segment_key: null
+# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
+segment_user_id: null
+
+# Prometheus config.
+metrics:
+ # Enable prometheus metrics?
+ enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }}
+ # IP and port where the metrics listener should be. The path is always /metrics
+ listen: 127.0.0.1:8001
+
+google_messages:
+ # OS name to tell the phone. This is the name that shows up in the paired devices list.
+ os: mautrix-gmessages
+ # Browser type to tell the phone. This decides which icon is shown.
+ # Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
+ browser: OTHER
+
+ # Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
+ # If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge.
+ aggressive_reconnect: false
+
+# Bridge config
+bridge:
+ # Localpart template of MXIDs for SMS users.
+ # {{.}} is replaced with an identifier of the recipient.
+ username_template: gmessages_{{.}}
+ # Displayname template for SMS users.
+ # {{.FullName}} - Full name provided by the phone
+ # {{.FirstName}} - First name provided by the phone
+ # {{.PhoneNumber}} - Formatted phone number provided by the phone
+ displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (GM)' }}"
+ # Should the bridge create a space for each logged-in user and add bridged rooms to it?
+ personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
+ # Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone?
+ delivery_receipts: false
+ # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+ message_status_events: false
+ # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+ message_error_notices: true
+
+ portal_message_buffer: 128
+
+ # Should the bridge update the m.direct account data event when double puppeting is enabled.
+ # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+ # and is therefore prone to race conditions.
+ sync_direct_chat_list: false
+ # Number of chats to sync when connecting to Google Messages.
+ initial_chat_sync_count: 25
+ # Backfill settings
+ backfill:
+ # Number of messages to backfill in new chats.
+ initial_limit: 50
+ # Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message.
+ missed_limit: 100
+
+ # Servers to always allow double puppeting from
+ double_puppet_server_map:
+ "{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }}
+ # Allow using double puppeting from any server with a valid client .well-known file.
+ double_puppet_allow_discovery: false
+ # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+ #
+ # If set, double puppeting will be enabled automatically for local users
+ # instead of users having to find an access token and run `login-matrix`
+ # manually.
+ login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }}
+
+ # Whether to explicitly set the avatar and room name for private chat portal rooms.
+ # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+ # If set to `always`, all DM rooms will have explicit names and avatars set.
+ # If set to `never`, DM rooms will never have names and avatars set.
+ private_chat_portal_meta: default
+ # Should Matrix m.notice-type messages be bridged?
+ bridge_notices: true
+ # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+ # This field will automatically be changed back to false after it, except if the config file is not writable.
+ resend_bridge_info: false
+ # When using double puppeting, should muted chats be muted in Matrix?
+ mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }}
+ # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
+ # This can be set to a tag (e.g. m.lowpriority), or null to disable.
+ archive_tag: null
+ # Same as above, but for pinned chats. The favorite tag is called m.favourite
+ pinned_tag: null
+ # Should mute status and tags only be bridged when the portal room is created?
+ tag_only_on_create: true
+ # Whether or not created rooms should have federation enabled.
+ # If false, created portal rooms will never be federated.
+ federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }}
+ # Should the bridge never send alerts to the bridge management room?
+ # These are mostly things like the user being logged out.
+ disable_bridge_alerts: false
+ # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
+ # This is currently not supported in most clients.
+ caption_in_message: false
+
+ # The prefix for commands. Only required in non-management rooms.
+ command_prefix: "!gm"
+
+ # Messages sent upon joining a management room.
+ # Markdown is supported. The defaults are listed below.
+ management_room_text:
+ # Sent when joining a room.
+ welcome: "Hello, I'm a Google Messages bridge bot."
+ # Sent when joining a management room and the user is already logged in.
+ welcome_connected: "Use `help` for help."
+ # Sent when joining a management room and the user is not logged in.
+ welcome_unconnected: "Use `help` for help or `login` to log in."
+ # Optional extra text sent when joining a management room.
+ additional_help: ""
+
+ # End-to-bridge encryption support options.
+ #
+ # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+ encryption:
+ # Allow encryption, work in group chat rooms with e2ee enabled
+ allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }}
+ # Default to encryption, force-enable encryption in all portals the bridge creates
+ # This will cause the bridge bot to be in private chats for the encryption to work properly.
+ default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }}
+ # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+ appservice: false
+ # Require encryption, drop any unencrypted messages.
+ require: false
+ # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+ # You must use a client that supports requesting keys from other users to use this feature.
+ allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }}
+ # Options for deleting megolm sessions from the bridge.
+ delete_keys:
+ # Beeper-specific: delete outbound sessions when hungryserv confirms
+ # that the user has uploaded the key to key backup.
+ delete_outbound_on_ack: false
+ # Don't store outbound sessions in the inbound table.
+ dont_store_outbound: false
+ # Ratchet megolm sessions forward after decrypting messages.
+ ratchet_on_decrypt: false
+ # Delete fully used keys (index >= max_messages) after decrypting messages.
+ delete_fully_used_on_decrypt: false
+ # Delete previous megolm sessions from same device when receiving a new one.
+ delete_prev_on_new_session: false
+ # Delete megolm sessions received from a device when the device is deleted.
+ delete_on_device_delete: false
+ # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+ periodically_delete_expired: false
+ # Delete inbound megolm sessions that don't have the received_at field used for
+ # automatic ratcheting and expired session deletion. This is meant as a migration
+ # to delete old keys prior to the bridge update.
+ delete_outdated_inbound: false
+ # What level of device verification should be required from users?
+ #
+ # Valid levels:
+ # unverified - Send keys to all device in the room.
+ # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+ # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+ # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+ # Note that creating user signatures from the bridge bot is not currently possible.
+ # verified - Require manual per-device verification
+ # (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+ verification_levels:
+ # Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix.
+ receive: unverified
+ # Minimum level that the bridge should accept for incoming Matrix messages.
+ send: unverified
+ # Minimum level that the bridge should require for accepting key requests.
+ share: cross-signed-tofu
+ # Options for Megolm room key rotation. These options allow you to
+ # configure the m.room.encryption event content. See:
+ # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+ # more information about that event.
+ rotation:
+ # Enable custom Megolm room key rotation settings. Note that these
+ # settings will only apply to rooms created after this option is
+ # set.
+ enable_custom: false
+ # The maximum number of milliseconds a session should be used
+ # before changing it. The Matrix spec recommends 604800000 (a week)
+ # as the default.
+ milliseconds: 604800000
+ # The maximum number of messages that should be sent with a given a
+ # session before changing it. The Matrix spec recommends 100 as the
+ # default.
+ messages: 100
+
+ # Disable rotating keys when a user's devices change?
+ # You should not enable this option unless you understand all the implications.
+ disable_device_change_key_rotation: false
+
+ # Settings for provisioning API
+ provisioning:
+ # Prefix for the provisioning API paths.
+ prefix: /_matrix/provision
+ # Shared secret for authentication. If set to "generate", a random secret will be generated,
+ # or if set to "disable", the provisioning API will be disabled.
+ shared_secret: generate
+
+ # Permissions for using the bridge.
+ # Permitted values:
+ # user - Access to use the bridge to link their own Google Messages on android.
+ # admin - User level and some additional administration tools
+ # Permitted keys:
+ # * - All Matrix users
+ # domain - All users on that homeserver
+ # mxid - Specific user
+ permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
+
+# Logging config. See https://github.com/tulir/zeroconfig for details.
+logging:
+ min_level: debug
+ writers:
+ - type: stdout
+ format: pretty-colored
+ - type: file
+ format: json
+ filename: ./logs/mautrix-gmessages.log
+ max_size: 100
+ max_backups: 10
+ compress: true
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-whatsapp.service.j2
new file mode 100644
index 000000000..fb34e95b9
--- /dev/null
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-whatsapp.service.j2
@@ -0,0 +1,43 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Mautrix gmessages bridge
+{% for service in matrix_mautrix_gmessages_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mautrix_gmessages_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-gmessages \
+ --log-driver=none \
+ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+ --cap-drop=ALL \
+ --network={{ matrix_docker_network }} \
+ -v {{ matrix_mautrix_gmessages_config_path }}:/config:z \
+ -v {{ matrix_mautrix_gmessages_data_path }}:/data:z \
+ --workdir=/data \
+ {% for arg in matrix_mautrix_gmessages_container_extra_arguments %}
+ {{ arg }} \
+ {% endfor %}
+ {{ matrix_mautrix_gmessages_docker_image }} \
+ /usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-mautrix-gmessages
+
+[Install]
+WantedBy=multi-user.target