mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-01-12 19:27:17 +01:00
draft encryption support for hookshot
This commit is contained in:
parent
4ff9b0d6a5
commit
94abf2d5bd
@ -23,6 +23,11 @@ Other configuration options are available via the `matrix_hookshot_configuration
|
||||
|
||||
Finally, run the playbook (see [installing](installing.md)).
|
||||
|
||||
### End-to-bridge endcryption
|
||||
|
||||
1. Enable by setting `: true`
|
||||
|
||||
If the crypto store has become corrupted, reset it by running `ansible-playbook -i inventory/hosts setup.yml -K --tags=reset-hookshot-encryption`.
|
||||
|
||||
## Usage
|
||||
|
||||
|
@ -3358,7 +3358,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
|
||||
#
|
||||
######################################################################
|
||||
|
||||
redis_enabled: "{{ matrix_synapse_workers_enabled }}"
|
||||
redis_enabled: "{{ matrix_synapse_workers_enabled or matrix_hookshot_experimental_encryption_enabled }}"
|
||||
|
||||
redis_identifier: matrix-redis
|
||||
|
||||
|
@ -30,6 +30,10 @@ matrix_hookshot_public_endpoint: /hookshot
|
||||
matrix_hookshot_appservice_port: 9993
|
||||
matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app"
|
||||
|
||||
# Controls whether the experimental end-to-bridge encryption support is enabled.
|
||||
# This requires that support is also enabled in the homeserver, see the hookshot docs.
|
||||
matrix_hookshot_experimental_encryption_enabled: false
|
||||
|
||||
# Controls whether metrics are enabled in the bridge configuration.
|
||||
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`.
|
||||
|
@ -9,6 +9,12 @@
|
||||
- when: matrix_hookshot_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
||||
|
||||
- tags:
|
||||
- reset-hookshot-encryption
|
||||
block:
|
||||
- when: matrix_hookshot_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/reset_encryption.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-hookshot
|
||||
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Resetting Hookshot's crypto store
|
||||
ansible.builtin.command:
|
||||
cmd: |
|
||||
{{ devture_systemd_docker_base_host_command_docker }} run
|
||||
--rm
|
||||
--name={{ matrix_hookshot_container_url }}-reset-crypto
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
-v {{ matrix_hookshot_base_path }}/config.yml:/config.yml
|
||||
{{ matrix_hookshot_docker_image }} yarn start:resetcrypto
|
||||
changed_when: false
|
@ -107,6 +107,14 @@ metrics:
|
||||
# (Optional) Prometheus metrics support
|
||||
#
|
||||
enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
|
||||
{% if matrix_hookshot_experimental_encryption_enabled %}
|
||||
queue:
|
||||
monolithic: true
|
||||
port: 6379
|
||||
host: matrix-redis
|
||||
experimentalEncryption:
|
||||
storagePath: /data/encryption
|
||||
{% endif %}
|
||||
logging:
|
||||
# (Optional) Logging settings. You can have a severity debug,info,warn,error
|
||||
#
|
||||
|
@ -28,3 +28,9 @@ namespaces:
|
||||
sender_localpart: hookshot
|
||||
url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}" # This should match the bridge.port in your config file
|
||||
rate_limited: false
|
||||
|
||||
{% if matrix_hookshot_experimental_encryption_enabled %}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
push_ephemeral: true
|
||||
org.matrix.msc3202: true
|
||||
{% endif %}
|
||||
|
@ -16,7 +16,7 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }}
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }}
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \
|
||||
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create --rm --name {{ matrix_hookshot_container_url }} \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -30,6 +30,12 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
||||
{% endfor %}
|
||||
{{ matrix_hookshot_docker_image }}
|
||||
|
||||
{% if matrix_hookshot_experimental_encryption_enabled %}
|
||||
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect matrix-redis {{ matrix_hookshot_container_url }}
|
||||
{% endif %}
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_hookshot_container_url }}
|
||||
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }}
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }}
|
||||
Restart=always
|
||||
|
Loading…
Reference in New Issue
Block a user