mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-10-30 23:07:57 +01:00
94c1503a60
Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042 commit49932b8f3cAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:21:31 2023 +0200 Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml Also, this task always does work and side-effects, so it should always report changes (`changed_when: true`). commit6bdf7a9dcbAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:12:41 2023 +0200 Add Hookshot validation task to ensure queue settings are set when encryption is enabled commit8c531b7971Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:10:17 2023 +0200 Add missing variables rewiring in group_vars/matrix_servers for Hookshot commit7d26dabc2fAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:08:19 2023 +0200 Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port commit74f91138c9Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:06:17 2023 +0200 Fix syntax for connecting to additional networks for Hookshot commitca7b41f3f2Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:05:28 2023 +0200 Fix indentation and remove unnecessary if-statements commitac4a918d58Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:04:44 2023 +0200 Add missing --network for Hookshot This seems to have been removed by accident. commit6a81fa208fAuthor: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:02:47 2023 +0200 Make automatic Redis enabling safer, when Hookshot encryption enabled If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled. commit75a8e0f2a6Author: Slavi Pantaleev <slavi@devture.com> Date: Sat Dec 16 09:01:10 2023 +0200 Fix typo commit98ad182eacAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:37:40 2023 +0100 Add defaults for Hookshot's encryption commit29fa9fab15Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:35:11 2023 +0100 Improve wording of Hookshot's encryption section commit4f835e0560Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:28:52 2023 +0100 use safer mount options for the container's files commit8c93327e25Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:26:01 2023 +0100 fix filename commit03a7bb6e77Merge:e55d769406047763Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:23:44 2023 +0100 Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption commit06047763bbAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:15:54 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host Co-authored-by: Slavi Pantaleev <slavi@devture.com> commite55d769465Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:13:50 2023 +0100 clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency commit66706e4535Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 22:08:20 2023 +0100 Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 fix for a typo Co-authored-by: Slavi Pantaleev <slavi@devture.com> commitf6aaeb9a16Merge:e5d34002869dd33fAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:22:34 2023 +0100 Merge branch 'master' into HarHarLinks/hookshot-encryption commite5d34002fdAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Fri Dec 15 00:09:27 2023 +0100 Add Jinja loop to allow adding multiple networks commit69f947782dAuthor: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:52:41 2023 +0100 split if statements for the message queue and experimental encryption support into seperate statements commit4c13be1c89Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de> Date: Thu Dec 14 23:31:19 2023 +0100 change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551) commit9905309aa9Author: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:14:04 2023 +0100 amend docs commit94abf2d5bdAuthor: HarHarLinks <kim.brose@rwth-aachen.de> Date: Wed Nov 1 16:05:22 2023 +0100 draft encryption support for hookshot
171 lines
6.4 KiB
Django/Jinja
171 lines
6.4 KiB
Django/Jinja
#jinja2: lstrip_blocks: "True"
|
|
bridge:
|
|
# Basic homeserver configuration
|
|
#
|
|
domain: {{ matrix_domain }}
|
|
url: {{ matrix_hookshot_homeserver_address }}
|
|
mediaUrl: {{ matrix_hookshot_homeserver_address }}
|
|
port: {{ matrix_hookshot_appservice_port }}
|
|
bindAddress: 0.0.0.0
|
|
{% if matrix_hookshot_github_enabled %}
|
|
github:
|
|
# (Optional) Configure this to enable GitHub support
|
|
#
|
|
auth:
|
|
# Authentication for the GitHub App.
|
|
#
|
|
id: {{ matrix_hookshot_github_auth_id | to_json }}
|
|
privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }}
|
|
webhook:
|
|
# Webhook settings for the GitHub app.
|
|
#
|
|
secret: {{ matrix_hookshot_github_webhook_secret | to_json }}
|
|
{% if matrix_hookshot_github_oauth_enabled %}
|
|
oauth:
|
|
# (Optional) Settings for allowing users to sign in via OAuth.
|
|
#
|
|
client_id: {{ matrix_hookshot_github_oauth_client_id | to_json }}
|
|
client_secret: {{ matrix_hookshot_github_oauth_client_secret | to_json }}
|
|
redirect_uri: {{ matrix_hookshot_github_oauth_redirect_uri | to_json }}
|
|
{% endif %}
|
|
defaultOptions:
|
|
# (Optional) Default options for GitHub connections.
|
|
#
|
|
ignoreHooks: {{ matrix_hookshot_github_defaultOptions_ignoreHooks | to_json }}
|
|
commandPrefix: {{ matrix_hookshot_github_defaultOptions_commandPrefix | to_json }}
|
|
showIssueRoomLink: {{ matrix_hookshot_github_defaultOptions_showIssueRoomLink | to_json }}
|
|
prDiff: {{ matrix_hookshot_github_defaultOptions_prDiff | to_json }}
|
|
includingLabels: {{ matrix_hookshot_github_defaultOptions_includingLabels | to_json }}
|
|
excludingLabels: {{ matrix_hookshot_github_defaultOptions_excludingLabels | to_json }}
|
|
hotlinkIssues:
|
|
prefix: {{ matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_gitlab_enabled %}
|
|
gitlab:
|
|
# (Optional) Configure this to enable GitLab support
|
|
#
|
|
instances: {{ matrix_hookshot_gitlab_instances | to_json }}
|
|
webhook:
|
|
secret: {{ matrix_hookshot_gitlab_webhook_secret | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_figma_enabled %}
|
|
figma:
|
|
# (Optional) Configure this to enable Figma support
|
|
#
|
|
publicUrl: {{ matrix_hookshot_figma_publicUrl | to_json }}
|
|
instances: {{ matrix_hookshot_figma_instances | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_jira_enabled %}
|
|
jira:
|
|
# (Optional) Configure this to enable Jira support
|
|
#
|
|
webhook:
|
|
secret: {{ matrix_hookshot_jira_webhook_secret | to_json }}
|
|
{% if matrix_hookshot_jira_oauth_enabled %}
|
|
oauth:
|
|
client_id: {{ matrix_hookshot_jira_oauth_client_id | to_json }}
|
|
client_secret: {{ matrix_hookshot_jira_oauth_client_secret | to_json }}
|
|
redirect_uri: {{ matrix_hookshot_jira_oauth_redirect_uri | to_json }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if matrix_hookshot_generic_enabled %}
|
|
generic:
|
|
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
|
|
#
|
|
enabled: {{ matrix_hookshot_generic_enabled | to_json }}
|
|
enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
|
|
urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
|
|
userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}
|
|
allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
|
|
waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_feeds_enabled %}
|
|
feeds:
|
|
# (Optional) Configure this to enable RSS/Atom feed support
|
|
#
|
|
enabled: {{ matrix_hookshot_feeds_enabled | to_json }}
|
|
pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
|
|
pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_provisioning_enabled %}
|
|
provisioning:
|
|
# (Optional) Provisioning API for integration managers
|
|
#
|
|
secret: {{ matrix_hookshot_provisioning_secret | to_json }}
|
|
{% endif %}
|
|
passFile:
|
|
# A passkey used to encrypt tokens stored inside the bridge.
|
|
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
|
|
#
|
|
/data/passkey.pem
|
|
bot:
|
|
# (Optional) Define profile information for the bot user
|
|
#
|
|
displayname: {{ matrix_hookshot_bot_displayname | to_json }}
|
|
avatar: {{ matrix_hookshot_bot_avatar | to_json }}
|
|
metrics:
|
|
# (Optional) Prometheus metrics support
|
|
#
|
|
enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
|
|
{% if matrix_hookshot_queue_host != '' %}
|
|
queue:
|
|
monolithic: true
|
|
port: {{ matrix_hookshot_queue_port }}
|
|
host: {{ matrix_hookshot_queue_host | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_experimental_encryption_enabled %}
|
|
experimentalEncryption:
|
|
storagePath: /data/encryption
|
|
{% endif %}
|
|
logging:
|
|
# (Optional) Logging settings. You can have a severity debug,info,warn,error
|
|
#
|
|
level: {{ matrix_hookshot_logging_level | to_json }}
|
|
{% if matrix_hookshot_widgets_enabled %}
|
|
widgets:
|
|
# (Optional) EXPERIMENTAL support for complimentary widgets
|
|
#
|
|
addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms | to_json }}
|
|
{% if matrix_hookshot_widgets_roomSetupWidget_enabled %}
|
|
roomSetupWidget:
|
|
addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite | to_json }}
|
|
{% endif %}
|
|
{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %}
|
|
disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges | to_json }}
|
|
{% endif %}
|
|
publicUrl: {{ matrix_hookshot_widgets_publicUrl | to_json }}
|
|
branding:
|
|
widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle | to_json }}
|
|
{% endif %}
|
|
{% if matrix_hookshot_permissions %}
|
|
permissions: {{ matrix_hookshot_permissions | to_json }}
|
|
{% endif %}
|
|
listeners:
|
|
# (Optional) HTTP Listener configuration.
|
|
# Bind resource endpoints to ports and addresses.
|
|
# 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice
|
|
#
|
|
{# always enabled since all services need it #}
|
|
- port: {{ matrix_hookshot_webhook_port }}
|
|
bindAddress: 0.0.0.0
|
|
resources:
|
|
- webhooks
|
|
{% if matrix_hookshot_metrics_enabled %}
|
|
- port: {{ matrix_hookshot_metrics_port }}
|
|
bindAddress: 0.0.0.0
|
|
resources:
|
|
- metrics
|
|
{% endif %}
|
|
{% if matrix_hookshot_provisioning_enabled %}
|
|
- port: {{ matrix_hookshot_provisioning_port }}
|
|
bindAddress: 0.0.0.0
|
|
resources:
|
|
- provisioning
|
|
{% endif %}
|
|
{% if matrix_hookshot_widgets_enabled %}
|
|
- port: {{ matrix_hookshot_widgets_port }}
|
|
bindAddress: 0.0.0.0
|
|
resources:
|
|
- widgets
|
|
{% endif %}
|