mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-06-25 10:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3857 from luixxiul/fix

Browse Source 
Housekeeping: preparation for l10n with Weblate
This commit is contained in:
Slavi Pantaleev
2024-12-06 18:51:17 +02:00
committed by GitHub
parent 0312ae490d 53ec946f18
commit 75bb7732f6
24 changed files with 161 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/README.md
View File

@ -27,7 +27,7 @@ NOTE:
You can check useful documentation for configuring components here: [Configuring the playbook](configuring-playbook.md)
- [Administration](configuring-playbook.md#administration) - services that help you in administrating and monitoring your Matrix installation
- [Administration](configuring-playbook.md#administration) - services that help you in administrating and monitoring your Matrix installation
- [Authentication and user-related](configuring-playbook.md#authentication-and-user-related) - extend and modify how users are authenticated on your homeserver

8
docs/ansible.md
View File

@ -46,7 +46,7 @@ Once you have a working Docker installation on the server, **clone the playbook*
You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH.
Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...`
Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter `
Run this from the playbook's directory:
@ -64,7 +64,7 @@ Once you execute the above command, you'll be dropped into a `/work` directory i
First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues).
Finally, you can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
Finally, you can execute `ansible-playbook ` (or `ansible-playbook --connection=community.docker.nsenter `) commands as per normal now.
### Running Ansible in a container on another computer (not the Matrix server)
@ -85,13 +85,13 @@ Once you execute the above command, you'll be dropped into a `/work` directory i
First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues).
Finally, you execute `ansible-playbook ...` commands as per normal now.
Finally, you execute `ansible-playbook ` commands as per normal now.
#### If you don't use SSH keys for authentication
If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ` command), run:
```sh
apk add sshpass

12
docs/configuring-playbook-appservice-draupnir-for-all.md
View File

@ -18,7 +18,7 @@ Draupnir for all does not support external tooling like [MRU](https://mru.rory.g
## Installation
### 1. Create a main management room.
### Create a main management room.
The playbook does not create a management room for your Main Draupnir. This task you have to do on your own.
@ -29,11 +29,11 @@ This management room is used to control who has access to your D4A deployment. T
As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions.
>Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet.
### 2. Give your main management room an alias.
### Give your main management room an alias.
Give the room from step 1 an alias. This alias can be anything you want and its recommended for increased security during the setup phase of the bot that you make this alias be a random string. You can give your room a secondary human readable alias when it has been locked down after setup phase.
### 3. Adjusting the playbook configuration.
### Adjusting the playbook configuration.
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):
@ -45,7 +45,7 @@ matrix_appservice_draupnir_for_all_enabled: true
matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE"
```
### 4. Installing
### Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
@ -68,7 +68,7 @@ If you made it through all the steps above and your main control room was joined
The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for allis almost identical to Draupnir bot mode.
### 1. Granting Users the ability to use D4A
### Granting Users the ability to use D4A
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
@ -76,7 +76,7 @@ The bot requires a powerlevel of 50 in the management room to control who is all
To allow users or whole homeservers you type /plain @draupnir-main:example.com allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially.
### 2. How to provision a D4A once you are allowed to.
### How to provision a D4A once you are allowed to.
Open a DM with @draupnir-main:example.com and if using an Element client send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience.

8
docs/configuring-playbook-bot-chatgpt.md
View File

@ -6,7 +6,7 @@ The playbook can install and configure [matrix-chatgpt-bot](https://github.com/m
Talk to [ChatGPT](https://openai.com/blog/chatgpt/) via your favourite Matrix client!
## 1. Register the bot account
## Register the bot account
The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver.
@ -20,13 +20,13 @@ You can use the playbook to [register a new user](registering-users.md):
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
## 2. Get an access token and create encryption keys
## Get an access token and create encryption keys
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
To make sure the bot can read encrypted messages, it will need an encryption key, just like any other new user. While obtaining the access token, follow the prompts to setup a backup key. More information can be found in the [Element documentation](https://element.io/help#encryption6).
## 3. Adjusting the playbook configuration
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):
@ -51,7 +51,7 @@ matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a
You will need to get tokens for ChatGPT.
## 4. Installing
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:

18
docs/configuring-playbook-bot-draupnir.md
View File

@ -8,7 +8,7 @@ This documentation page is about installing Draupnir in bot mode. As an alternat
If your migrating from Mjolnir skip to step 5b.
## 1. Register the bot account
## Register the bot account
The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver.
@ -24,11 +24,11 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupni
If you would like Draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ([see below](#abuse-reports)), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above.
## 2. Get an access token
## Get an access token
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
## 3. Make sure the account is free from rate limiting
## Make sure the account is free from rate limiting
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
@ -36,7 +36,7 @@ If your Synapse Admin API is exposed to the internet for some reason like runnin
The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X POST https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir itself. If you made Draupnir Admin you can just use the Draupnir token.
## 4. Create a management room
## Create a management room
Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room.
@ -46,11 +46,11 @@ Once you have created the room you need to copy the room ID so you can tell the
Finally invite the `@bot.draupnir:example.com` account you created earlier into the room.
## 5. Adjusting the playbook configuration
## Adjusting the playbook configuration
Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md).
### 5a. Configuration with E2EE support
### a. Configuration with E2EE support
When using Pantalaimon, Draupnir will log in to its bot account itself through Pantalaimon, so configure its username and password.
@ -85,7 +85,7 @@ matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matr
matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
```
### 5b. Configuration without E2EE support
### b. Configuration without E2EE support
When NOT using Pantalaimon, Draupnir does not log in by itself and you must give it an access token for its bot account.
@ -101,13 +101,13 @@ matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE"
matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
```
### 5c. Migrating from Mjolnir (Only required if migrating.)
### c. Migrating from Mjolnir (Only required if migrating.)
Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable Mjolnir if you're doing migration.
That is all you need to do due to that Draupnir can complete migration on its own.
## 6. Installing
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:

2
docs/configuring-playbook-bot-matrix-registration-bot.md
View File

@ -58,7 +58,7 @@ You can also refer to the upstream [Usage documentation](https://github.com/moan
If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc... you can use:
To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc you can use:
```sh
just run-tags bot-matrix-registration-bot-clean-cache

18
docs/configuring-playbook-bot-mjolnir.md
View File

@ -4,7 +4,7 @@ The playbook can install and configure the [Mjolnir](https://github.com/matrix-o
See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you.
## 1. Register the bot account
## Register the bot account
The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver.
@ -20,11 +20,11 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir
If you would like Mjolnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above.
## 2. Get an access token
## Get an access token
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
## 3. Make sure the account is free from rate limiting
## Make sure the account is free from rate limiting
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
@ -32,7 +32,7 @@ If your Synapse Admin API is exposed to the internet for some reason like runnin
The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X POST https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir itself. If you made Mjolnir Admin you can just use the Mjolnir token.
## 4. Create a management room
## Create a management room
Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room.
@ -42,11 +42,11 @@ Once you have created the room you need to copy the room ID so you can tell the
Finally invite the `@bot.mjolnir:example.com` account you created earlier into the room.
## 5. Adjusting the playbook configuration
## Adjusting the playbook configuration
Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md).
### 5a. Configuration with E2EE support
### a. Configuration with E2EE support
When using Pantalaimon, Mjolnir will log in to its bot account itself through Pantalaimon, so configure its username and password.
@ -81,7 +81,7 @@ matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matri
matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
```
### 5b. Configuration without E2EE support
### b. Configuration without E2EE support
When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give it an access token for its bot account.
@ -97,7 +97,7 @@ matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE"
matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
```
## 6. Adding Mjolnir synapse antispam module (optional)
## Adding Mjolnir synapse antispam module (optional)
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):
@ -109,7 +109,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
```
## 7. Installing
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:

2
docs/configuring-playbook-bridge-mautrix-discord.md
View File

@ -75,7 +75,7 @@ To acquire the token, open Discord in a private browser window. Then open the de
1. Start a chat with `@discordbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
2. If you would like to login to Discord using a token, send `login-token` command, otherwise, send `login-qr` command.
3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app.
4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..."
4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as "
5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to
6. Some Direct Messages from Discord should start syncing automatically
7. If you'd like to bridge guilds:

4
docs/configuring-playbook-pantalaimon.md
View File

@ -6,7 +6,7 @@ See the project's [documentation](https://github.com/matrix-org/pantalaimon) to
This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [Draupnir](configuring-playbook-bot-draupnir.md) and [Mjolnir](configuring-playbook-bot-mjolnir.md) roles (and possibly others) can use it.
## 1. Adjusting the playbook configuration
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):
@ -16,7 +16,7 @@ matrix_pantalaimon_enabled: true
The default configuration should suffice. For advanced configuration, you can override the variables documented in the role's [defaults](../roles/custom/matrix-pantalaimon/defaults/main.yml).
## 2. Installing
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:

12
docs/configuring-playbook-user-verification-service.md
View File

@ -59,7 +59,7 @@ It is possible to set an API Auth Token to restrict access to the UVS. If this i
By default, the token will be derived from `matrix_homeserver_generic_secret_key` in `group_vars/matrix_servers`.
To set your own Token, simply put the following in your host_vars.
To set your own Token, add the following configuration to your `vars.yml` file:
```yaml
matrix_user_verification_service_uvs_auth_token: "TOKEN"
@ -67,26 +67,22 @@ matrix_user_verification_service_uvs_auth_token: "TOKEN"
In case Jitsi is also managed by this playbook and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
### (Optional) Disable Auth
### (Optional) Disable Auth
Authorization is enabled by default. To disable set
Authorization is enabled by default. To disable it, add the following configuration to your `vars.yml` file:
```yaml
matrix_user_verification_service_uvs_require_auth: false
```
in your host_vars.
### (Optional) Federation
In theory (however currently untested), UVS can handle federation. Simply set:
In theory (however currently untested), UVS can handle federation. To enable it, add the following configuration to your `vars.yml` file:
```yaml
matrix_user_verification_service_uvs_pin_openid_verify_server_name: false
```
in your host_vars.
This will instruct UVS to verify the OpenID token against any domain given in a request. Homeserver discovery is done via '.well-known/matrix/server' of the given domain.
## Installing

2
docs/faq.md
View File

@ -393,7 +393,7 @@ You generally need to do a playbook installation. It's recommended to follow the
This Ansible playbook guides you into installing a server for `example.com` (user identifiers are like this: `@user:example.com`), while the server is at `matrix.example.com`. If your existing setup has a server name (`server_name` configuration setting in Synapse's `homeserver.yaml` file) other than the base `example.com`, you may need to tweak some additional variables. This FAQ entry may be of use if you're dealing with a more complicated setup - [How do I install on matrix.example.com without involving the base domain?](#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain)
After configuring the playbook and installing and **before starting** services (done with `ansible-playbook ... --tags=start`) you'd import [your SQLite](importing-synapse-sqlite.md) (or [Postgres](importing-postgres.md)) database and also [import your media store](importing-synapse-media-store.md).
After configuring the playbook and installing and **before starting** services (done with `ansible-playbook --tags=start`) you'd import [your SQLite](importing-synapse-sqlite.md) (or [Postgres](importing-postgres.md)) database and also [import your media store](importing-synapse-media-store.md).
### I've downloaded Ansible and the playbook on the server. It can't connect using SSH.

6
docs/importing-postgres.md
View File

@ -9,7 +9,7 @@ For this to work, **the database name in Postgres must match** what this playboo
The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`). Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
The migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new rooms, ...)
The migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new rooms, )
Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay).
@ -55,7 +55,7 @@ ALTER TABLE public.account_data OWNER TO synapse_user;
ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user;
ALTER TABLE public.account_validity OWNER TO synapse_user;
ALTER TABLE public.application_services_state OWNER TO synapse_user;
...
```
It can be worked around by changing the username to `synapse`, for example by using `sed`:
@ -64,7 +64,7 @@ It can be worked around by changing the username to `synapse`, for example by us
$ sed -i "s/OWNER TO synapse_user;/OWNER TO synapse;/g" homeserver.sql
```
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse_user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. Expand search/replace statement as shown in example above, in case of old user name like `matrix` - replacing `matrix` only would... well - you can imagine.
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse_user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. Expand search/replace statement as shown in example above, in case of old user name like `matrix` - replacing `matrix` only would well - you can imagine.
Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as: