Add matrix-steam-bridge (#4572)

* Documentation update * New files for role * Update existing files to add support for matrix-steam-bridge * Typos and misc fixes * Change docker tag to latest until version # is stable * Align bridge permissions * Correct user localpart * Remove trailing + * Fix syslog identifier * Actually enable the service correctly * One more typo fix * Third time's the charm * Fix config file paths * Fix config after bridge repo changes * Add default appservice public address - set public_media to false by default for testing * Fix default config for steamkit-service path * Fix bluesky reference * Fix default container path * Fix appservice connection to http for internal, change port to standard 8080 * Fix appservice port * Enable public_media by default, add labels * Enable public_media by default, add labels * Allow bridge to update its own config and generate public_media signing key * Add deterministic public_media_signing_key, expose portal cleanup * Change default public_media path to omit `matrix.` from the path as it has been found that URLs generated by the bridge will only match {{ matrix_domain }} * Remove domain re-write * Revert "Change default public_media path to omit `matrix.` from the path as it has been found that URLs generated by the bridge will only match {{ matrix_domain }}" This reverts commit 5f399effb9. * Fix TLS label if playbook TLS is disabled * Match default bridge TLS config * Related to 3daf14d69 and 60ab08014 which enable async media by default for mautrix-go bridges * Adjust matrix-bridge-steam files to add new line at the end of files * Pin matrix-bridge-steam (latest -> 1.0.3) --------- Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2025-10-18 10:19:44 +02:00 · 2025-09-11 23:13:09 -07:00
parent 071b5789f2
commit 40813784c1
17 changed files with 1151 additions and 1 deletions
--- a/roles/custom/matrix-bridge-steam/tasks/main.yml
+++ b/roles/custom/matrix-bridge-steam/tasks/main.yml
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- tags:
+    - setup-all
+    - setup-matrix-steam-bridge
+    - install-all
+    - install-matrix-steam-bridge
+  block:
+    - when: matrix_steam_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_steam_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+    - setup-all
+    - setup-matrix-steam-bridge
+  block:
+    - when: not matrix_steam_bridge_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
--- a/roles/custom/matrix-bridge-steam/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-steam/tasks/setup_install.yml
@@ -0,0 +1,102 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- ansible.builtin.set_fact:
+    matrix_steam_bridge_requires_restart: false
+
+- name: Ensure Steam bridge image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_steam_bridge_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_steam_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_steam_bridge_docker_image_force_pull }}"
+  when: matrix_steam_bridge_enabled | bool and not matrix_steam_bridge_container_image_self_build
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure Steam bridge paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+  with_items:
+    - {path: "{{ matrix_steam_bridge_base_path }}", when: true}
+    - {path: "{{ matrix_steam_bridge_config_path }}", when: true}
+    - {path: "{{ matrix_steam_bridge_data_path }}", when: true}
+    - {path: "{{ matrix_steam_bridge_docker_src_files_path }}", when: "{{ matrix_steam_bridge_container_image_self_build }}"}
+  when: item.when | bool
+
+- name: Ensure Steam bridge repository is present on self-build
+  ansible.builtin.git:
+    repo: "{{ matrix_steam_bridge_container_image_self_build_repo }}"
+    version: "{{ matrix_steam_bridge_container_image_self_build_repo_version }}"
+    dest: "{{ matrix_steam_bridge_docker_src_files_path }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_name }}"
+  register: matrix_steam_bridge_git_pull_results
+  when: "matrix_steam_bridge_enabled | bool and matrix_steam_bridge_container_image_self_build"
+
+- name: Ensure Steam bridge Docker image is built
+  community.docker.docker_image:
+    name: "{{ matrix_steam_bridge_docker_image }}"
+    source: build
+    force_source: "{{ matrix_steam_bridge_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_steam_bridge_docker_src_files_path }}"
+      pull: true
+  when: "matrix_steam_bridge_enabled | bool and matrix_steam_bridge_container_image_self_build | bool"
+
+- name: Ensure matrix-steam-bridge config.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_steam_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_steam_bridge_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+
+- name: Ensure matrix-steam-bridge registration.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_steam_bridge_registration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_steam_bridge_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+
+- name: Ensure matrix-steam-bridge support files installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/{{ item }}.j2"
+    dest: "{{ matrix_steam_bridge_base_path }}/{{ item }}"
+    mode: 0640
+    owner: "{{ matrix_user_name }}"
+    group: "{{ matrix_group_name }}"
+  with_items:
+    - labels
+
+- name: Ensure matrix-steam-bridge container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_steam_bridge_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure matrix-steam-bridge.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-steam-bridge.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service"
+    mode: 0644
+
+- name: Ensure matrix-steam-bridge.service restarted, if necessary
+  ansible.builtin.service:
+    name: "matrix-steam-bridge.service"
+    state: restarted
+    daemon_reload: true
+  when: "matrix_steam_bridge_requires_restart | bool"
--- a/roles/custom/matrix-bridge-steam/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-steam/tasks/setup_uninstall.yml
@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Check existence of matrix-steam-bridge service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service"
+  register: matrix_steam_bridge_service_stat
+
+- when: matrix_steam_bridge_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-steam-bridge is stopped
+      ansible.builtin.service:
+        name: matrix-steam-bridge
+        state: stopped
+        daemon_reload: true
+
+    - name: Ensure matrix-steam-bridge.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service"
+        state: absent
--- a/roles/custom/matrix-bridge-steam/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-steam/tasks/validate_config.yml
@@ -0,0 +1,29 @@
+# SPDX-FileCopyrightText: 2025 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+
+- name: Fail if required matrix_steam_bridge settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
+  with_items:
+    - {'name': 'matrix_steam_bridge_appservice_token', when: true}
+    - {'name': 'matrix_steam_bridge_homeserver_address', when: true}
+    - {'name': 'matrix_steam_bridge_homeserver_token', when: true}
+    - {'name': 'matrix_steam_bridge_database_hostname', when: "{{ matrix_steam_bridge_database_engine == 'postgres' }}"}
+    - {'name': 'matrix_steam_bridge_container_network', when: true}
+    - {'name': 'matrix_steam_bridge_metrics_proxying_hostname', when: "{{ matrix_steam_bridge_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_steam_bridge_metrics_proxying_path_prefix', when: "{{ matrix_steam_bridge_metrics_proxying_enabled }}"}
+# TODO: Confirm additional config isn't mandatory for public_media
+
+- name: (Deprecation) Catch and report renamed matrix-steam-bridge variables
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_steam_bridge_docker_image_name_prefix', 'new': 'matrix_steam_bridge_docker_image_registry_prefix'}