mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 13:30:40 +02:00 
			
		
		
		
	Add support for experimental encryption in Hookshot
Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042 commit49932b8f3cAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:21:31 2023 +0200 Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml Also, this task always does work and side-effects, so it should always report changes (`changed_when: true`). commit6bdf7a9dcbAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:12:41 2023 +0200 Add Hookshot validation task to ensure queue settings are set when encryption is enabled commit8c531b7971Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:10:17 2023 +0200 Add missing variables rewiring in group_vars/matrix_servers for Hookshot commit7d26dabc2fAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:08:19 2023 +0200 Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port commit74f91138c9Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:06:17 2023 +0200 Fix syntax for connecting to additional networks for Hookshot commitca7b41f3f2Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:05:28 2023 +0200 Fix indentation and remove unnecessary if-statements commitac4a918d58Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:04:44 2023 +0200 Add missing --network for Hookshot This seems to have been removed by accident. commit6a81fa208fAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:02:47 2023 +0200 Make automatic Redis enabling safer, when Hookshot encryption enabled If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled. commit75a8e0f2a6Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:01:10 2023 +0200 Fix typo commit98ad182eacAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:37:40 2023 +0100 Add defaults for Hookshot's encryption commit29fa9fab15Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:35:11 2023 +0100 Improve wording of Hookshot's encryption section commit4f835e0560Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:28:52 2023 +0100 use safer mount options for the container's files commit8c93327e25Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:26:01 2023 +0100 fix filename commit03a7bb6e77Merge:e55d769406047763Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:23:44 2023 +0100 Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption commit06047763bbAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:15:54 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev <slavi@devture.com> commite55d769465Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:13:50 2023 +0100 clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency commit66706e4535Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:08:20 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev <slavi@devture.com> commitf6aaeb9a16Merge:e5d34002869dd33fAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:22:34 2023 +0100 Merge branch 'master' into HarHarLinks/hookshot-encryption commite5d34002fdAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:09:27 2023 +0100 Add Jinja loop to allow adding multiple networks commit69f947782dAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:52:41 2023 +0100 split if statements for the message queue and experimental encryption support into seperate statements commit4c13be1c89Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:31:19 2023 +0100 change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551) commit9905309aa9Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:14:04 2023 +0100 amend docs commit94abf2d5bdAuthor: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:05:22 2023 +0100 draft encryption support for hookshot
This commit is contained in:
		| @@ -10,6 +10,11 @@ matrix_hookshot_container_image_self_build: false | ||||
| matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" | ||||
| matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" | ||||
|  | ||||
| # Specifies additional networks for the Hookshot container to connect with | ||||
| matrix_hookshot_container_additional_networks: "{{ matrix_hookshot_container_additional_networks_auto + matrix_hookshot_container_additional_networks_custom }}" | ||||
| matrix_hookshot_container_additional_networks_auto: [] | ||||
| matrix_hookshot_container_additional_networks_custom: [] | ||||
|  | ||||
| # renovate: datasource=docker depName=halfshot/matrix-hookshot | ||||
| matrix_hookshot_version: 4.7.0 | ||||
|  | ||||
| @@ -30,6 +35,17 @@ matrix_hookshot_public_endpoint: /hookshot | ||||
| matrix_hookshot_appservice_port: 9993 | ||||
| matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app" | ||||
|  | ||||
| # The variables below control the queue parameters and may optionally be pointed to a Redis instance. | ||||
| # These are required when experimental encryption is enabled (`matrix_hookshot_experimental_encryption_enabled`). | ||||
| matrix_hookshot_queue_host: '' | ||||
| matrix_hookshot_queue_port: 6739 | ||||
|  | ||||
| # Controls whether the experimental end-to-bridge encryption support is enabled. | ||||
| # This requires that: | ||||
| # - support to also be enabled in the homeserver, see the documentation of Hookshot. | ||||
| # - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_queue_*` variables. | ||||
| matrix_hookshot_experimental_encryption_enabled: false | ||||
|  | ||||
| # Controls whether metrics are enabled in the bridge configuration. | ||||
| # Enabling them is usually enough for a local (in-container) Prometheus to consume them. | ||||
| # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`. | ||||
| @@ -41,7 +57,7 @@ matrix_hookshot_metrics_enabled: false | ||||
| matrix_hookshot_metrics_proxying_enabled: false | ||||
|  | ||||
| # There is no need to edit ports. | ||||
| # Read the documentation to learn about using hookshot metrics with external Prometheus | ||||
| # Read the documentation to learn about using Hookshot metrics with external Prometheus | ||||
| # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. | ||||
| matrix_hookshot_metrics_port: 9001 | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user