diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md
new file mode 100644
index 000000000..0b284db1f
--- /dev/null
+++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md
@@ -0,0 +1,83 @@
+# Setting up Appservice Kakaotalk (optional)
+
+The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code.
+
+See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you.
+
+## Installing
+
+To enable the bridge, add this to your `vars.yml` file:
+
+```yaml
+matrix_appservice_kakaotalk_enabled: true
+```
+
+You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
+
+After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
+
+To make use of the Kakaotalk bridge, see [Usage](#usage) below.
+
+
+### Additional configuration
+
+There are some additional things you may wish to configure about the bridge.
+
+Take a look at:
+
+- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable
+
+Here's some example configuration (which goes into your `vars.yml` file):
+```yaml
+# This configuration:
+# - enables encryption (it's off by default)
+# - grants some user on your homeserver 'admin' access to the bridge
+# (note: the user specified in the `matrix_admin` (part of `roles/matrix-base/defaults/main.yml`) is made an admin by default)
+matrix_appservice_kakaotalk_configuration_extension_yaml: |
+ bridge:
+ permissions:
+ '@YOUR_USERNAME:{{ matrix_domain }}': admin
+
+ encryption:
+ allow: true
+ default: true
+```
+
+
+### Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
+
+#### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+#### Method 2: manually, by asking each user to provide a working access token
+
+**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
+
+When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
+
+- retrieve a Matrix access token for yourself. You can use the following command:
+
+```
+curl \
+--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Appservice-Kakaotalk", "initial_device_display_name": "Appservice-Kakaotalk"}' \
+https://matrix.DOMAIN/_matrix/client/r0/login
+```
+
+- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
+
+- make sure you don't log out the `Appservice-Kakaotalk` device some time in the future, as that would break the Double Puppeting feature
+
+
+## Usage
+
+Start a chat with `@kakaotalkbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+
+Send `login --save EMAIL_OR_PHONE_NUMBER` to the bridge bot to enable bridging for your Kakaotalk account. The `--save` flag may be omitted, if you'd rather not save your password.
+
+After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.
diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md
index e5301df13..cce74778a 100644
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -110,14 +110,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
-- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
-
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
- [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional)
+- [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md) (optional)
+
+- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
+
- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional)
- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index ea17edb40..3f33c7c1b 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -213,6 +213,43 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_gen
#
######################################################################
+######################################################################
+#
+# matrix-bridge-appservice-kakaotalk
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_appservice_kakaotalk_enabled: false
+
+matrix_appservice_kakaotalk_systemd_required_services_list: |
+ {{
+ ['docker.service']
+ +
+ ['matrix-appservice-kakaotalk-node.service']
+ +
+ ['matrix-' + matrix_homeserver_implementation + '.service']
+ +
+ (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+ +
+ (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+ }}
+
+matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
+
+matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
+
+matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-appservice-kakaotalk
+#
+######################################################################
+
######################################################################
#
@@ -1811,6 +1848,12 @@ matrix_postgres_additional_databases: |
'password': matrix_appservice_irc_database_password,
}] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else [])
+
+ ([{
+ 'name': matrix_appservice_kakaotalk_database_name,
+ 'username': matrix_appservice_kakaotalk_database_username,
+ 'password': matrix_appservice_kakaotalk_database_password,
+ }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else [])
+ +
([{
'name': matrix_beeper_linkedin_database_name,
'username': matrix_beeper_linkedin_database_username,
diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml
new file mode 100644
index 000000000..482f1fb7c
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml
@@ -0,0 +1,196 @@
+---
+# matrix-appservice-kakaotalk is a Matrix <-> Kakaotalk bridge
+# Project source code URL: https://src.miscworks.net/fair/matrix-appservice-kakaotalk/
+
+matrix_appservice_kakaotalk_enabled: true
+
+# No images are published for neither of the container images (appservice or node), so we're self-building everything.
+matrix_appservice_kakaotalk_container_image_self_build: true
+# matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/fair/matrix-appservice-kakaotalk.git"
+#
+# hnarjis' fork is used instead of upstream (fair's), because upstream is currently broken.
+# The following error happens when chatting up the bot without this fix:
+# [2022-07-25 09:04:53,784] [ERROR@mau.as] Exception in Matrix event handler
+# Traceback (most recent call last):
+# File "/usr/lib/python3.9/site-packages/mautrix/appservice/as_handler.py", line 239, in try_handle
+# await handler_func(event)
+# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 820, in int_handle_event
+# await self.int_handle_invite(evt)
+# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 441, in int_handle_invite
+# inviter = await self.bridge.get_user(evt.sender)
+# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/__main__.py", line 112, in get_user
+# return await User.get_by_mxid(user_id, create=create)
+# File "/usr/lib/python3.9/site-packages/mautrix/util/async_getter_lock.py", line 60, in wrapper
+# return await fn(cls, *args, **kwargs)
+# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/user.py", line 227, in get_by_mxid
+# user = cls(mxid)
+# TypeError: __init__() missing 2 required positional arguments: 'force_login' and 'was_connected'
+matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/hnarjis/matrix-appservice-kakaotalk.git"
+matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}"
+
+matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}"
+matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
+matrix_appservice_kakaotalk_node_docker_image_prefix: "localhost/"
+matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}"
+
+matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e
+matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_name_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
+matrix_appservice_kakaotalk_docker_image_name_prefix: "localhost/"
+matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}"
+
+matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk"
+matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config"
+matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data"
+matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
+
+matrix_appservice_kakaotalk_command_prefix: "!kt"
+
+matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}'
+matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115'
+
+
+# A list of extra arguments to pass to the appservice-kakaotalk container
+matrix_appservice_kakaotalk_container_extra_arguments: []
+
+# List of systemd services that matrix-appservice-kakaotalk.service depends on.
+matrix_appservice_kakaotalk_systemd_required_services_list: ['docker.service', 'matrix-appservice-kakaotalk-node.service']
+
+# List of systemd services that matrix-appservice-kakaotalk.service wants
+matrix_appservice_kakaotalk_systemd_wanted_services_list: []
+
+
+# A list of extra arguments to pass to the appservice-kakaotalk-node container
+matrix_appservice_kakaotalk_node_container_extra_arguments: []
+
+# List of systemd services that matrix-appservice-kakaotalk-node.service depends on.
+matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-appservice-kakaotalk-node.service wants
+matrix_appservice_kakaotalk_node_systemd_wanted_services_list: []
+
+
+matrix_appservice_kakaotalk_appservice_token: ''
+matrix_appservice_kakaotalk_homeserver_token: ''
+
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_appservice_kakaotalk_federate_rooms: true
+
+# Database-related configuration fields.
+#
+# To use SQLite:
+# - change the engine (`matrix_appservice_kakaotalk_database_engine: 'sqlite'`)
+# To use Postgres:
+# - adjust your database credentials via the `matrix_appservice_kakaotalk_database_*` variables
+matrix_appservice_kakaotalk_database_engine: 'postgres'
+
+matrix_appservice_kakaotalk_sqlite_database_path_local: "{{ matrix_appservice_kakaotalk_data_path }}/appservice-kakaotalk.db"
+matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice-kakaotalk.db"
+
+matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk'
+matrix_appservice_kakaotalk_database_password: 'some-password'
+matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres'
+matrix_appservice_kakaotalk_database_port: 5432
+matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk'
+
+matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}'
+
+matrix_appservice_kakaotalk_appservice_database: "{{
+ {
+ 'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container),
+ 'postgres': matrix_appservice_kakaotalk_database_connection_string,
+ }[matrix_appservice_kakaotalk_database_engine]
+}}"
+
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+# Also see: matrix_appservice_kakaotalk_bridge_login_shared_secret_map
+matrix_appservice_kakaotalk_login_shared_secret: ''
+
+matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}"
+
+matrix_appservice_kakaotalk_bridge_permissions: |
+ {{
+ {matrix_appservice_kakaotalk_homeserver_domain: 'user'}
+ | combine({matrix_admin: 'admin'} if matrix_admin else {})
+ }}
+
+matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot
+matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_as_'
+
+# Specifies the default log level for all bridge loggers.
+matrix_appservice_kakaotalk_logging_level: WARNING
+
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_appservice_kakaotalk_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_appservice_kakaotalk_configuration_extension_yaml: |
+ # Your custom YAML configuration goes here.
+ # This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_configuration_yaml`).
+ #
+ # You can override individual variables from the default configuration, or introduce new ones.
+ #
+ # If you need something more special, you can take full control by
+ # completely redefining `matrix_appservice_kakaotalk_configuration_yaml`.
+
+matrix_appservice_kakaotalk_configuration_extension: "{{ matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml if matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_configuration_yaml`.
+matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_configuration_yaml | from_yaml | combine(matrix_appservice_kakaotalk_configuration_extension, recursive=True) }}"
+
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_node_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}"
+
+# Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_appservice_kakaotalk_node_configuration_default`.
+#
+# Example configuration extension follows:
+#
+# matrix_appservice_kakaotalk_node_configuration_extension_json: |
+# {
+# "register_timeout": 5000
+# }
+matrix_appservice_kakaotalk_node_configuration_extension_json: '{}'
+
+matrix_appservice_kakaotalk_node_configuration_extension: "{{ matrix_appservice_kakaotalk_node_configuration_extension_json | from_json if matrix_appservice_kakaotalk_node_configuration_extension_json | from_json is mapping else {} }}"
+
+# Holds the final appservice-kakaotalk-node configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_node_configuration_default`.
+matrix_appservice_kakaotalk_node_configuration: "{{ matrix_appservice_kakaotalk_node_configuration_default | combine(matrix_appservice_kakaotalk_node_configuration_extension, recursive=True) }}"
+
+
+matrix_appservice_kakaotalk_registration_yaml: |
+ id: appservice-kakaotalk
+ as_token: {{ matrix_appservice_kakaotalk_appservice_token|to_json }}
+ hs_token: {{ matrix_appservice_kakaotalk_homeserver_token|to_json }}
+ namespaces:
+ users:
+ - exclusive: true
+ regex: '^@{{ matrix_appservice_kakaotalk_user_prefix | regex_escape }}.*:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$'
+ - exclusive: true
+ regex: '^@{{ matrix_appservice_kakaotalk_appservice_bot_username | regex_escape }}:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$'
+ url: {{ matrix_appservice_kakaotalk_appservice_address|to_json }}
+ sender_localpart: _appservice_kakaotalk
+ rate_limited: false
+
+matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}"
diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml
new file mode 100644
index 000000000..c2679b356
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml
@@ -0,0 +1,28 @@
+---
+# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
+# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
+- name: Fail if trying to self-build on Ansible < 2.8
+ ansible.builtin.fail:
+ msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md"
+ when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled"
+
+- ansible.builtin.set_fact:
+ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}"
+ when: matrix_appservice_kakaotalk_enabled | bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- ansible.builtin.set_fact:
+ matrix_synapse_container_extra_arguments: >
+ {{
+ matrix_synapse_container_extra_arguments | default([])
+ +
+ ["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"]
+ }}
+
+ matrix_synapse_app_service_config_files: >
+ {{
+ matrix_synapse_app_service_config_files | default([])
+ +
+ ["/matrix-appservice-kakaotalk-registration.yaml"]
+ }}
+ when: matrix_appservice_kakaotalk_enabled | bool
diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml
new file mode 100644
index 000000000..dfb286f2c
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
+ tags:
+ - always
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+ when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
+ tags:
+ - setup-all
+ - setup-appservice-kakaotalk
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+ when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
+ tags:
+ - setup-all
+ - setup-appservice-kakaotalk
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+ when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool"
+ tags:
+ - setup-all
+ - setup-appservice-kakaotalk
diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
new file mode 100644
index 000000000..def73c595
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
@@ -0,0 +1,125 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+ ansible.builtin.fail:
+ msg: >-
+ The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role.
+ when: "matrix_synapse_role_executed | default(False)"
+
+- name: Ensure matrix-appservice-kakaotalk image is pulled
+ docker_image:
+ name: "{{ matrix_appservice_kakaotalk_docker_image }}"
+ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+ force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}"
+ when: not matrix_appservice_kakaotalk_container_image_self_build
+ register: result
+ retries: "{{ matrix_container_retries_count }}"
+ delay: "{{ matrix_container_retries_delay }}"
+ until: result is not failed
+
+- name: Ensure matrix-appservice-kakaotalk-node image is pulled
+ docker_image:
+ name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
+ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+ force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}"
+ when: not matrix_appservice_kakaotalk_container_image_self_build
+ register: result
+ retries: "{{ matrix_container_retries_count }}"
+ delay: "{{ matrix_container_retries_delay }}"
+ until: result is not failed
+
+- name: Ensure matrix-appservice-kakaotalk paths exist
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: directory
+ mode: 0750
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+ with_items:
+ - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true}
+ - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true}
+ - {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true}
+ - {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
+ when: item.when | bool
+
+- name: Ensure matrix-appservice-kakaotalk repository is present on self-build
+ ansible.builtin.git:
+ repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}"
+ dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
+ version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}"
+ force: "yes"
+ become: true
+ become_user: "{{ matrix_user_username }}"
+ register: matrix_appservice_kakaotalk_git_pull_results
+ when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
+
+- name: Ensure matrix-appservice-kakaotalk-node Docker image is built
+ docker_image:
+ name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
+ source: build
+ force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
+ build:
+ dockerfile: Dockerfile
+ path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node"
+ pull: true
+ when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
+
+- name: Ensure matrix-appservice-kakaotalk Docker image is built
+ docker_image:
+ name: "{{ matrix_appservice_kakaotalk_docker_image }}"
+ source: build
+ force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
+ build:
+ dockerfile: Dockerfile
+ path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
+ pull: true
+ when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
+
+- name: Ensure matrix-appservice-kakaotalk-node config.json installed
+ ansible.builtin.copy:
+ content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}"
+ dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json"
+ mode: 0644
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-appservice-kakaotalk config.yaml installed
+ ansible.builtin.copy:
+ content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}"
+ dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml"
+ mode: 0644
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-appservice-kakaotalk registration.yaml installed
+ ansible.builtin.copy:
+ content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}"
+ dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml"
+ mode: 0644
+ owner: "{{ matrix_user_username }}"
+ group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-appservice-kakaotalk-node.service installed
+ ansible.builtin.template:
+ src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2"
+ dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service"
+ mode: 0644
+ register: matrix_appservice_kakaotalk_node_systemd_service_result
+
+- name: Ensure matrix-appservice-kakaotalk.service installed
+ ansible.builtin.template:
+ src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
+ dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service"
+ mode: 0644
+ register: matrix_appservice_kakaotalk_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation
+ ansible.builtin.service:
+ daemon_reload: true
+ when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed
diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml
new file mode 100644
index 000000000..fb11c3833
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml
@@ -0,0 +1,41 @@
+---
+
+- name: Check existence of matrix-appservice-kakaotalk service
+ ansible.builtin.stat:
+ path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service"
+ register: matrix_appservice_kakaotalk_service_stat
+
+- name: Ensure matrix-appservice-kakaotalk is stopped
+ ansible.builtin.service:
+ name: matrix-appservice-kakaotalk
+ state: stopped
+ enabled: false
+ daemon_reload: true
+ when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
+
+- name: Check existence of matrix-appservice-kakaotalk-node service
+ ansible.builtin.stat:
+ path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service"
+ register: matrix_appservice_kakaotalk_node_service_stat
+
+- name: Ensure matrix-appservice-kakaotalk-node is stopped
+ ansible.builtin.service:
+ name: matrix-appservice-kakaotalk-node
+ state: stopped
+ enabled: false
+ daemon_reload: true
+ when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists"
+
+- name: Ensure matrix-appservice-kakaotalk.service files don't exist
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service"
+ - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service"
+ when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal
+ ansible.builtin.service:
+ daemon_reload: true
+ when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists"
diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
new file mode 100644
index 000000000..4f838e7a5
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+ ansible.builtin.fail:
+ msg: >-
+ You need to define a required configuration setting (`{{ item }}`).
+ when: "vars[item] == ''"
+ with_items:
+ - "matrix_appservice_kakaotalk_appservice_token"
+ - "matrix_appservice_kakaotalk_homeserver_token"
diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
new file mode 100644
index 000000000..186e58d08
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
@@ -0,0 +1,276 @@
+# Homeserver details
+homeserver:
+ # The address that this appservice can use to connect to the homeserver.
+ address: {{ matrix_appservice_kakaotalk_homeserver_address|to_json }}
+ # The domain of the homeserver (for MXIDs, etc).
+ domain: {{ matrix_appservice_kakaotalk_homeserver_domain|to_json }}
+ # Whether or not to verify the SSL certificate of the homeserver.
+ # Only applies if address starts with https://
+ verify_ssl: true
+ # Whether or not the homeserver supports asmux-specific endpoints,
+ # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
+ # updating m.direct.
+ asmux: false
+ # Number of retries for all HTTP requests if the homeserver isn't reachable.
+ http_retry_count: 4
+ # The URL to push real-time bridge status to.
+ # If set, the bridge will make POST requests to this URL whenever a user's MQTT connection state changes.
+ # The bridge will use the appservice as_token to authorize requests.
+ status_endpoint: null
+ # Endpoint for reporting per-message status.
+ message_send_checkpoint_endpoint: null
+ # Whether asynchronous uploads via MSC2246 should be enabled for media.
+ # Requires a media repo that supports MSC2246.
+ async_media: false
+
+# Application service host/registration related details
+# Changing these values requires regeneration of the registration.
+appservice:
+ # The address that the homeserver can use to connect to this appservice.
+ address: {{ matrix_appservice_kakaotalk_appservice_address|to_json }}
+
+ # The hostname and port where this appservice should listen.
+ hostname: 0.0.0.0
+ port: 11115
+ # The maximum body size of appservice API requests (from the homeserver) in mebibytes
+ # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
+ max_body_size: 1
+
+ # The full URI to the database. SQLite and Postgres are supported.
+ # Format examples:
+ # SQLite: sqlite:///filename.db
+ # Postgres: postgres://username:password@hostname/dbname
+ database: {{ matrix_appservice_kakaotalk_appservice_database|to_json }}
+ # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
+ # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
+ # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
+ # For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
+ database_opts:
+ min_size: 5
+ max_size: 10
+
+ # The unique ID of this appservice.
+ id: appservice-kakaotalk
+ # Username of the appservice bot.
+ bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username|to_json }}
+ # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+ # to leave display name/avatar as-is.
+ bot_displayname: KakaoTalk bridge bot
+ bot_avatar:
+
+ # Whether or not to receive ephemeral events via appservice transactions.
+ # Requires MSC2409 support (i.e. Synapse 1.22+).
+ # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+ ephemeral_events: false
+
+ # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+ as_token: {{ matrix_appservice_kakaotalk_appservice_token|to_json }}
+ hs_token: {{ matrix_appservice_kakaotalk_homeserver_token|to_json }}
+
+# Prometheus telemetry config. Requires prometheus-client to be installed.
+metrics:
+ enabled: false
+ listen_port: 8000
+
+# Manhole config.
+manhole:
+ # Whether or not opening the manhole is allowed.
+ enabled: false
+ # The path for the unix socket.
+ path: /var/tmp/matrix-appservice-kakaotalk.manhole
+ # The list of UIDs who can be added to the whitelist.
+ # If empty, any UIDs can be specified in the open-manhole command.
+ whitelist:
+ - 0
+
+# Config for things that are directly sent to KakaoTalk.
+kakaotalk:
+ device_name: "KakaoTalk Bridge"
+
+# Bridge config
+bridge:
+ # Localpart template of MXIDs for KakaoTalk users.
+ # {userid} is replaced with the user ID of the KakaoTalk user.
+ username_template: "{{ matrix_appservice_kakaotalk_user_prefix }}{userid}"
+ # Displayname template for KakaoTalk users.
+ # {displayname} is replaced with the display name of the KakaoTalk user.
+ displayname_template: "{displayname} (KT)"
+
+ # The prefix for commands. Only required in non-management rooms.
+ command_prefix: {{ matrix_appservice_kakaotalk_command_prefix|to_json }}
+
+ # Number of chats to sync (and create portals for) on startup/login.
+ # Set to 0 to disable automatic syncing, or -1 to sync as much as possible.
+ initial_chat_sync: 20
+ # Whether or not the KakaoTalk users of logged in Matrix users should be
+ # invited to private chats when the user sends a message from another client.
+ invite_own_puppet_to_pm: false
+ # Whether or not to use /sync to get presence, read receipts and typing notifications
+ # when double puppeting is enabled
+ sync_with_custom_puppets: true
+ # Whether or not to update the m.direct account data event when double puppeting is enabled.
+ # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+ # and is therefore prone to race conditions.
+ sync_direct_chat_list: false
+ # Servers to always allow double puppeting from
+ double_puppet_server_map: {}
+ # Allow using double puppeting from any server with a valid client .well-known file.
+ double_puppet_allow_discovery: false
+ # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+ #
+ # If set, custom puppets will be enabled automatically for local users
+ # instead of users having to find an access token and run `login-matrix`
+ # manually.
+ # If using this for other servers than the bridge's server,
+ # you must also set the URL in the double_puppet_server_map.
+ login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map|to_json }}
+ # Whether or not to update avatars when syncing all contacts at startup.
+ update_avatar_initial_sync: true
+ # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
+ # and login_shared_secret to be configured in order to get a device for the bridge bot.
+ #
+ # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
+ # application service.
+ encryption:
+ # Allow encryption, work in group chat rooms with e2ee enabled
+ allow: false
+ # Default to encryption, force-enable encryption in all portals the bridge creates
+ # This will cause the bridge bot to be in private chats for the encryption to work properly.
+ default: false
+ # Options for automatic key sharing.
+ key_sharing:
+ # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+ # You must use a client that supports requesting keys from other users to use this feature.
+ allow: false
+ # Require the requesting device to have a valid cross-signing signature?
+ # This doesn't require that the bridge has verified the device, only that the user has verified it.
+ # Not yet implemented.
+ require_cross_signing: false
+ # Require devices to be verified by the bridge?
+ # Verification by the bridge is not yet implemented.
+ require_verification: true
+ # Whether or not the bridge should send a read receipt from the bridge bot when a message has
+ # been sent to KakaoTalk.
+ delivery_receipts: false
+ # Whether to allow inviting arbitrary mxids to portal rooms
+ allow_invites: false
+ # Whether or not created rooms should have federation enabled.
+ # If false, created portal rooms will never be federated.
+ federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms|to_json }}
+ # Settings for backfilling messages from KakaoTalk.
+ backfill:
+ # Whether or not the KakaoTalk users of logged in Matrix users should be
+ # invited to private chats when backfilling history from KakaoTalk. This is
+ # usually needed to prevent rate limits and to allow timestamp massaging.
+ invite_own_puppet: true
+ # Maximum number of messages to backfill initially.
+ # Set to 0 to disable backfilling when creating portal, or -1 to backfill as much as possible.
+ initial_limit: 0
+ # Maximum number of messages to backfill if messages were missed while
+ # the bridge was disconnected.
+ # Set to 0 to disable backfilling missed messages, or -1 to backfill as much as possible.
+ missed_limit: 1000
+ # If using double puppeting, should notifications be disabled
+ # while the initial backfill is in progress?
+ disable_notifications: false
+ # The number of seconds that a disconnection can last without triggering an automatic re-sync
+ # and missed message backfilling when reconnecting.
+ # Set to 0 to always re-sync, or -1 to never re-sync automatically.
+ resync_max_disconnected_time: 5
+ # Should users remain logged in after being disconnected from chatroom updates?
+ # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk.
+ remain_logged_in_on_disconnect: true
+ # May the bridge restore user logins with session tokens instead of requiring a password?
+ # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk.
+ # Note that password-based login will be tried first for users who have saved their password.
+ allow_token_relogin: true
+ # Should the bridge connect users to chatroom updates after a token-based login?
+ # This will disconnect any KakaoTalk PC/bridge sessions that were started since the last connection.
+ # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk.
+ reconnect_on_token_relogin: true
+ # Should the bridge do a resync for connected users on startup?
+ sync_on_startup: true
+ # Whether or not temporary disconnections should send notices to the notice room.
+ # If this is false, disconnections will never send messages and connections will only send
+ # messages if it was disconnected for more than resync_max_disconnected_time seconds.
+ temporary_disconnect_notices: true
+ # Disable bridge notices entirely
+ disable_bridge_notices: false
+ # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+ # This field will automatically be changed back to false after it,
+ # except if the config file is not writable.
+ resend_bridge_info: false
+ # Whether or not mute status and tags should only be bridged when the portal room is created.
+ tag_only_on_create: true
+ # If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or
+ # other configuration. This may be useful if you don't want to use the default proxy for large files.
+ sandbox_media_download: false
+
+ # Permissions for using the bridge.
+ # Permitted values:
+ # relay - Allowed to be relayed through the bridge, no access to commands.
+ # user - Use the bridge with puppeting.
+ # admin - Use and administrate the bridge.
+ # Permitted keys:
+ # * - All Matrix users
+ # domain - All users on that homeserver
+ # mxid - Specific user
+ permissions: {{ matrix_appservice_kakaotalk_bridge_permissions|to_json }}
+
+ relay:
+ # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any
+ # authenticated user into a relaybot for that chat.
+ enabled: false
+ # The formats to use when sending messages to KakaoTalk via a relay user.
+ #
+ # Available variables:
+ # $sender_displayname - The display name of the sender (e.g. Example User)
+ # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
+ # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
+ # $message - The message content
+ message_formats:
+ m.text: '$sender_displayname: $message'
+ m.notice: '$sender_displayname: $message'
+ m.emote: '* $sender_displayname $message'
+ m.file: 'File from $sender_displayname: $message'
+ m.image: 'Image from $sender_displayname: $message'
+ m.audio: 'Audio from $sender_displayname: $message'
+ m.video: 'Video from $sender_displayname: $message'
+ m.location: '$sender_displayname sent a location'
+
+rpc:
+ connection:
+ # Either unix or tcp
+ type: tcp
+ # Only for type: unix
+ # path: /rpc/rpc.sock
+ # Only for type: tcp
+ host: matrix-appservice-kakaotalk-node
+ port: 8000
+
+# Python logging configuration.
+#
+# See section 16.7.2 of the Python documentation for more info:
+# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
+logging:
+ version: 1
+ formatters:
+ colored:
+ (): matrix_appservice_kakaotalk.util.ColorFormatter
+ format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+ normal:
+ format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+ handlers:
+ console:
+ class: logging.StreamHandler
+ formatter: colored
+ loggers:
+ mau:
+ level: {{ matrix_appservice_kakaotalk_logging_level|to_json }}
+ paho:
+ level: {{ matrix_appservice_kakaotalk_logging_level|to_json }}
+ aiohttp:
+ level: {{ matrix_appservice_kakaotalk_logging_level|to_json }}
+ root:
+ level: {{ matrix_appservice_kakaotalk_logging_level|to_json }}
+ handlers: [console]
diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2
new file mode 100644
index 000000000..340add39e
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2
@@ -0,0 +1,13 @@
+{
+ "listen": {
+ "type": "tcp",
+ "host": "0.0.0.0",
+ "port": 8000,
+ "force": true
+ },
+ "register_timeout": 3000,
+ "logging_keys": {
+ "request": ["mxid"],
+ "response": ["status"]
+ }
+}
diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
new file mode 100644
index 000000000..1a526ee61
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
@@ -0,0 +1,38 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=appservice-kakaotalk-node bridge helper
+{% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_appservice_kakaotalk_node_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \
+ --log-driver=none \
+ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+ --cap-drop=ALL \
+ --network={{ matrix_docker_network }} \
+ --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/node-config.json,dst=/config.json,ro \
+ {% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %}
+ {{ arg }} \
+ {% endfor %}
+ {{ matrix_appservice_kakaotalk_node_docker_image }} \
+ node src/main.js --config /config.json
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-appservice-kakaotalk-node
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
new file mode 100644
index 000000000..83a8d4dc9
--- /dev/null
+++ b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
@@ -0,0 +1,42 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=appservice-kakaotalk bridge
+{% for service in matrix_appservice_kakaotalk_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_appservice_kakaotalk_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true'
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \
+ --log-driver=none \
+ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+ --cap-drop=ALL \
+ --network={{ matrix_docker_network }} \
+ --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }},dst=/config,ro \
+ --mount type=bind,src={{ matrix_appservice_kakaotalk_data_path }},dst=/data \
+ {% for arg in matrix_appservice_kakaotalk_container_extra_arguments %}
+ {{ arg }} \
+ {% endfor %}
+ {{ matrix_appservice_kakaotalk_docker_image }} \
+ python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-appservice-kakaotalk
+
+[Install]
+WantedBy=multi-user.target
diff --git a/setup.yml b/setup.yml
index 49612a8cd..30538d819 100755
--- a/setup.yml
+++ b/setup.yml
@@ -17,6 +17,7 @@
- matrix-bridge-appservice-slack
- matrix-bridge-appservice-webhooks
- matrix-bridge-appservice-irc
+ - matrix-bridge-appservice-kakaotalk
- matrix-bridge-beeper-linkedin
- matrix-bridge-go-skype-bridge
- matrix-bridge-mautrix-facebook