From 0fea35cdd2195f9634c9148dec9783031de73408 Mon Sep 17 00:00:00 2001 From: jdreichmann Date: Sat, 27 Jun 2020 12:40:27 +0200 Subject: [PATCH 1/7] mx-puppet-instagram: add role --- group_vars/matrix_servers | 31 +++++++ .../defaults/main.yml | 86 +++++++++++++++++++ .../tasks/init.yml | 17 ++++ .../tasks/main.yml | 21 +++++ .../tasks/setup_install.yml | 78 +++++++++++++++++ .../tasks/setup_uninstall.yml | 24 ++++++ .../tasks/validate_config.yml | 10 +++ .../templates/config.yaml.j2 | 82 ++++++++++++++++++ .../matrix-mx-puppet-instagram.service.j2 | 41 +++++++++ setup.yml | 1 + 10 files changed, 391 insertions(+) create mode 100644 roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ff69cd8fb..7581d7f44 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -392,6 +392,37 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-instagram +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_instagram_enabled: false + +matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_instagram_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" + +matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" + +matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-instagram +# +###################################################################### + + ###################################################################### # # matrix-corporal diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml new file mode 100644 index 000000000..c7488cbbe --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -0,0 +1,86 @@ +# mx-puppet-instagram bridges instagram DMs +# See: https://github.com/Sorunome/mx-puppet-instagram + +matrix_mx_puppet_instagram_enabled: true + +matrix_mx_puppet_instagram_container_image_self_build: false + +matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest" +matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram" +matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config" +matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data" +matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src" + +matrix_mx_puppet_instagram_appservice_port: "8440" +matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_instagram_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_instagram_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_instagram_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-instagram.service depends on. +matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-instagram.service wants +matrix_mx_puppet_instagram_systemd_wanted_services_list: [] + +matrix_mx_puppet_instagram_appservice_token: '' +matrix_mx_puppet_instagram_homeserver_token: '' + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mx_puppet_instagram_login_shared_secret: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mx_puppet_instagram_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`. + +matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`. +matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_instagram_registration_yaml: | + as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}" + id: instagram-puppet + namespaces: + users: + - exclusive: true + regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _instagrampuppet_bot + url: {{ matrix_mx_puppet_instagram_appservice_address }} + +matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml new file mode 100644 index 000000000..dafa59c07 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -0,0 +1,17 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}" + when: matrix_mx_puppet_instagram_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }} + when: matrix_mx_puppet_instagram_enabled|bool + diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml new file mode 100644 index 000000000..d0fe90e4b --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml new file mode 100644 index 000000000..d60fbaf24 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -0,0 +1,78 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure mx-puppet-instagram image is pulled + docker_image: + name: "{{ matrix_mx_puppet_instagram_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" + when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + +- name: Ensure mx-puppet-instagram paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" } + when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool + +- name: Ensure mx-puppet-instagram repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-instagram.git + dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build" + +- name: Ensure mx-puppet-instagram Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_instagram_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build" + +- name: Ensure mx-puppet-instagram config.yaml installed + copy: + content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mx-puppet-instagram-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mx-puppet-instagram.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + mode: 0644 + register: matrix_mx_puppet_instagram_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_instagram_systemd_service_result.changed" + + diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml new file mode 100644 index 000000000..4b5e67ac8 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-instagram service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + register: matrix_mx_puppet_instagram_service_stat + +- name: Ensure matrix-mx-puppet-instagram is stopped + service: + name: matrix-mx-puppet-instagram + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-instagram.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + state: absent + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml new file mode 100644 index 000000000..b6d9d994e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_instagram_appservice_token" + - "matrix_mx_puppet_instagram_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 new file mode 100644 index 000000000..634fbaecd --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 @@ -0,0 +1,82 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_instagram_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_instagram_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }} + {% if matrix_mx_puppet_instagram_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }} + {% endif %} + +presence: + # Bridge Instagram online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 new file mode 100644 index 000000000..4c4b74a58 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix mx-puppet-instagram bridge +{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_instagram_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_instagram_docker_image }} + +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-instagram + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 4831873e2..247950d4c 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack + - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-synapse - matrix-riot-web From 2073cd6caecdc8258d6f383f2a0e33da6b0e329e Mon Sep 17 00:00:00 2001 From: jdreichmann Date: Sun, 28 Jun 2020 10:40:14 +0200 Subject: [PATCH 2/7] mx-puppet-instagram: change tokens appservice<>homeserver in order to not collide with mx-puppet-slack --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7581d7f44..eb9f415a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -410,9 +410,9 @@ matrix_mx_puppet_instagram_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" +matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" -matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" +matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" From ad05c7f758b4eefea9337dca5951539e55b7352e Mon Sep 17 00:00:00 2001 From: jdreichmann Date: Sun, 28 Jun 2020 10:46:39 +0200 Subject: [PATCH 3/7] mx-puppet-instagram: add documentation on how to setup & use the bridge --- README.md | 2 ++ ...ing-playbook-bridge-mx-puppet-instagram.md | 36 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-instagram.md diff --git a/README.md b/README.md index a5ec78d3b..154d3bfca 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation + - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms diff --git a/docs/configuring-playbook-bridge-mx-puppet-instagram.md b/docs/configuring-playbook-bridge-mx-puppet-instagram.md new file mode 100644 index 000000000..3dad98449 --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-instagram.md @@ -0,0 +1,36 @@ +# Setting up mx-puppet-instagram (optional) + +The playbook can install and configure +[mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you. + +This allows you to bridge Instagram DirectMessages into Matrix. + +To enable the [Instagram](https://www.instagram.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_instagram_enabled: true +``` + + +## Usage + +Once the bot is enabled, you need to start a chat with `Instagram Puppet Bridge` with +the handle `@_instagrampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Send `link ` to the bridge bot to link your instagram account. + +The `list` commands shows which accounts are linked and which `puppetId` is associated. + +For double-puppeting, you probably want to issue these commands: + +- `settype $puppetId puppet` to enable puppeting for the link (instead of relaying) +- `setautoinvite $puppetId 1` to automatically invite you to chats +- `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting) + +If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out. + +The `help` command shows which commands are available, though at the time of writing, not every command is fully implemented. + From 635f385971779c3b927edc731c89ce0a543da1af Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 29 Jun 2020 14:53:23 +0300 Subject: [PATCH 4/7] Use pre-built arm64 image for ma1sd ma1sd 2.4.0 announced experimental support for arm64. We're making use of those arm64 images instead of self-building. --- group_vars/matrix_servers | 12 +++++++++++- roles/matrix-ma1sd/defaults/main.yml | 4 +++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 85dab4dd2..155dd8bc3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -564,7 +564,17 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. matrix_ma1sd_enabled: true -matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +# There's no prebuilt ma1sd image for the `arm32` architecture. +# We're relying on self-building there. +matrix_ma1sd_architecture: "{{ + { + 'amd64': 'amd64', + 'arm32': 'arm32', + 'arm64': 'arm64', + }[matrix_architecture] +}}" + +matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 9e21d862d..822cc9422 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -5,7 +5,9 @@ matrix_ma1sd_enabled: true matrix_ma1sd_container_image_self_build: false -matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0" +matrix_ma1sd_architecture: "amd64" + +matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}" matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}" matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd" From de545f9c5f2e081e64df2048721170f482f5018c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 29 Jun 2020 14:58:03 +0300 Subject: [PATCH 5/7] Update docs on self-building and remove useless variable `matrix_container_images_self_build` was not really doing anything anymore. It previously was influencing `matrix_*_self_build` variables, but it's no longer the case since some time ago. Individual `matrix_*_self_build` variables are still available. People that would like to toggle self-building for a specific component ought to use those. These variables are also controlled automatically (via `group_vars/matrix_servers`) depending on `matrix_architecture`. In other words, self-building is being done automatically for all components when they don't have a prebuilt image for the specified architecture. Some components only support `amd64`, while others also have images for other architectures. --- docs/alternative-architectures.md | 9 +++------ docs/self-building.md | 19 ++++++++++--------- roles/matrix-base/defaults/main.yml | 4 ---- 3 files changed, 13 insertions(+), 19 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 4ca9646e3..7a3e35eb3 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -1,6 +1,6 @@ # Alternative architectures -As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. +As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. To that end add the following variable to your `vars.yaml` file: @@ -21,9 +21,6 @@ matrix_architecture: "arm32" ## Implementation details -This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection. +For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture). -On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: -- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well -- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well -- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling. +For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. diff --git a/docs/self-building.md b/docs/self-building.md index e49120903..8413fb5e7 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -2,22 +2,23 @@ **Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.** -The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd). +The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required. -To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: -```yaml -matrix_container_images_self_build: true -``` -Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well. +For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building). +To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image. + +Note that **not all components support self-building yet**. List of roles where self-building the Docker image is currently possible: - `matrix-synapse` - `matrix-riot-web` - `matrix-coturn` - `matrix-ma1sd` - `matrix-mailer` -- `matrix-mautrix-facebook` -- `matrix-mautrix-hangouts` -- `matrix-mx-puppet-skype` +- `matrix-bridge-mautrix-facebook` +- `matrix-bridge-mautrix-hangouts` +- `matrix-bridge-mx-puppet-skype` Adding self-building support to other roles is welcome. Feel free to contribute! + +If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles. diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 3a147124e..804da22cc 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -99,7 +99,3 @@ run_setup: true run_self_check: true run_start: true run_stop: true - -# Building every docker image from source on the target host -# Controlling docker image build is possible on a per unit base -matrix_container_images_self_build: false From f41c5e89e592e6423c92625f814afb3824a94306 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 29 Jun 2020 18:41:06 +0300 Subject: [PATCH 6/7] Upgrade riot-web (1.6.6 -> 1.6.7) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index f4f4b018a..bbf7c0f1d 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.6" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.7" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 8b59402f7918228a1bd583cad96ae77a38f0523c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 30 Jun 2020 14:28:41 +0300 Subject: [PATCH 7/7] Upgrade Coturn (4.5.1.2 -> 4.5.1.3) 4.5.1.3 fixes a security vulnerability: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index ef314d89b..104019a4e 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -2,7 +2,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false -matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.2" +matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" # The Docker network that Coturn would be put into.