Add matrix-steam-bridge (#4572)

* Documentation update * New files for role * Update existing files to add support for matrix-steam-bridge * Typos and misc fixes * Change docker tag to latest until version # is stable * Align bridge permissions * Correct user localpart * Remove trailing + * Fix syslog identifier * Actually enable the service correctly * One more typo fix * Third time's the charm * Fix config file paths * Fix config after bridge repo changes * Add default appservice public address - set public_media to false by default for testing * Fix default config for steamkit-service path * Fix bluesky reference * Fix default container path * Fix appservice connection to http for internal, change port to standard 8080 * Fix appservice port * Enable public_media by default, add labels * Enable public_media by default, add labels * Allow bridge to update its own config and generate public_media signing key * Add deterministic public_media_signing_key, expose portal cleanup * Change default public_media path to omit `matrix.` from the path as it has been found that URLs generated by the bridge will only match {{ matrix_domain }} * Remove domain re-write * Revert "Change default public_media path to omit `matrix.` from the path as it has been found that URLs generated by the bridge will only match {{ matrix_domain }}" This reverts commit 5f399effb9. * Fix TLS label if playbook TLS is disabled * Match default bridge TLS config * Related to 3daf14d69 and 60ab08014 which enable async media by default for mautrix-go bridges * Adjust matrix-bridge-steam files to add new line at the end of files * Pin matrix-bridge-steam (latest -> 1.0.3) --------- Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2025-10-16 09:19:43 +02:00 · 2025-09-11 23:13:09 -07:00
parent 071b5789f2
commit 40813784c1
17 changed files with 1151 additions and 1 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -162,6 +162,8 @@ matrix_homeserver_container_extra_arguments_auto: |
    +
    (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
    +
+    (['--mount type=bind,src=' + matrix_steam_bridge_config_path + '/registration.yaml,dst=/matrix-steam-bridge-registration.yaml,ro'] if matrix_steam_bridge_enabled else [])
+    +
    (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
  }}

@@ -236,6 +238,8 @@ matrix_homeserver_app_service_config_files_auto: |
    (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
    +
    (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
+    +
+    (['/matrix-steam-bridge-registration.yaml'] if matrix_steam_bridge_enabled else [])
  }}

 matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}"
@@ -381,6 +385,8 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
    +
+    ([{'name': 'matrix-steam-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'matrix-steam-bridge']}] if matrix_steam_bridge_enabled else [])
+    +
    ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
    +
    ([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else [])
@@ -2767,6 +2773,82 @@ matrix_postmoogle_container_additional_networks_auto: |-
 #
 ######################################################################

+######################################################################
+#
+# matrix-bridge-steam
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_steam_bridge_enabled: false
+
+matrix_steam_bridge_systemd_required_services_list_auto: |
+  {{
+    matrix_addons_homeserver_systemd_services_list
+    +
+    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
+  }}
+
+matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
+
+matrix_steam_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
+matrix_steam_bridge_container_network: "{{ matrix_addons_container_network }}"
+
+matrix_steam_bridge_container_additional_networks_auto: |-
+  {{
+    (
+      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+      +
+      ([postgres_container_network] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname and matrix_steam_bridge_container_network != postgres_container_network) else [])
+      +
+      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_steam_bridge_container_labels_traefik_enabled else [])
+    ) | unique
+  }}
+
+matrix_steam_bridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
+matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_steam_bridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
+matrix_steam_bridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+
+matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
+matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
+
+matrix_steam_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.as.token', rounds=655555) | to_uuid }}"
+
+matrix_steam_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
+matrix_steam_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_steam_bridge_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
+
+matrix_steam_bridge_public_media_signing_key: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.pub.key', rounds=655555) | to_uuid) if matrix_steam_bridge_public_media_enabled else '' }}"
+
+matrix_steam_bridge_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.prov', rounds=655555) | to_uuid }}"
+
+matrix_steam_bridge_double_puppet_secrets_auto: |-
+  {{
+    ({
+      matrix_steam_bridge_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
+    })
+    if matrix_appservice_double_puppet_enabled
+    else {}
+  }}
+
+matrix_steam_bridge_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
+
+matrix_steam_bridge_metrics_proxying_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_metrics_exposure_enabled }}"
+matrix_steam_bridge_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
+matrix_steam_bridge_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/matrix-steam-bridge"
+
+matrix_steam_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
+matrix_steam_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}"
+
+######################################################################
+#
+# /matrix-bridge-steam
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bot-matrix-reminder-bot
@@ -4396,6 +4478,12 @@ postgres_managed_databases_auto: |
      'password': matrix_mx_puppet_groupme_database_password,
    }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
    +
+    ([{
+      'name': matrix_steam_bridge_database_name,
+      'username': matrix_steam_bridge_database_username,
+      'password': matrix_steam_bridge_database_password,
+    }] if (matrix_steam_bridge_enabled and matrix_steam_bridge_database_engine == 'postgres' and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
+    +
    ([{
      'name': matrix_dimension_database_name,
      'username': matrix_dimension_database_username,
@@ -5313,6 +5401,11 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
      '^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_wechat_enabled else [])
+    +
+    ([
+      '^@'+(matrix_steam_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
+      '^@steam_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
+    ] if matrix_steam_bridge_enabled else [])
  }}

 ######################################################################