mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-03-27 23:05:31 +01:00
cd60cf1199
* Enable Internal Admin API Access separately from Public access. * Add Config variable for Draupnir Hijack command And also make the internal admin API be automatically activated when this capability is used. * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Further Refine Internal Admin API * Add Non Worker Labels for Internal Admin API * Variable Rename * Add validation rules for Internal Synapse admin API * Add Draupnir Admin API required config validation. * Override `matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_traefik_entrypoints` via group vars * Wire `matrix_bot_draupnir_admin_api_enabled` to `matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand` in Draupnir's `defaults/main.yml` * Remove unnecessary `matrix_bot_draupnir_admin_api_enabled` override from `group_vars/matrix_servers` The same value is now (more appropriately) defined in Draupnir's `defaults/main.yml` file anyway. * Add additional condition (`matrix_bot_draupnir_enabled`) for enabling `matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled` * Use a separate task for validating `matrix_bot_draupnir_admin_api_enabled` when `matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand` The other task deals with checking for null and not-blank and can't handle booleans properly. --------- Co-authored-by: Slavi Pantaleev <slavi@devture.com>
76 lines
4.9 KiB
YAML
76 lines
4.9 KiB
YAML
# SPDX-FileCopyrightText: 2023 - 2025 MDAD project contributors
|
|
# SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
|
|
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
---
|
|
|
|
- name: (Deprecation) Catch and report renamed Draupnir settings
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
Your configuration contains a variable, which now has a different name.
|
|
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
|
|
when: "item.old in vars"
|
|
with_items:
|
|
- {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
|
|
- {'old': 'matrix_bot_draupnir_enable_room_state_backing_store', 'new': 'matrix_bot_draupnir_config_roomStateBackingStore_enabled'}
|
|
- {'old': 'matrix_bot_draupnir_disable_server_acl', 'new': 'matrix_bot_draupnir_config_disableServerACL'}
|
|
- {'old': 'matrix_bot_draupnir_enable_experimental_rust_crypto', 'new': 'matrix_bot_draupnir_config_experimentalRustCrypto'}
|
|
- {'old': 'matrix_bot_draupnir_access_token', 'new': 'matrix_bot_draupnir_config_accessToken'}
|
|
- {'old': 'matrix_bot_draupnir_management_room', 'new': 'matrix_bot_draupnir_config_managementRoom'}
|
|
- {'old': 'matrix_bot_draupnir_homeserver_url', 'new': 'matrix_bot_draupnir_config_homeserverUrl'}
|
|
- {'old': 'matrix_bot_draupnir_raw_homeserver_url', 'new': 'matrix_bot_draupnir_config_rawHomeserverUrl'}
|
|
- {'old': 'matrix_bot_draupnir_web_enabled', 'new': 'matrix_bot_draupnir_config_web_enabled'}
|
|
- {'old': 'matrix_bot_draupnir_abuse_reporting_enabled', 'new': 'matrix_bot_draupnir_config_web_abuseReporting'}
|
|
- {'old': 'matrix_bot_draupnir_display_reports', 'new': 'matrix_bot_draupnir_config_displayReports'}
|
|
|
|
- name: Fail if required matrix-bot-draupnir variables are undefined
|
|
ansible.builtin.fail:
|
|
msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
|
|
with_items:
|
|
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
|
|
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_config_experimentalRustCrypto }}"}
|
|
- {'name': 'matrix_bot_draupnir_config_managementRoom', when: true}
|
|
- {'name': 'matrix_bot_draupnir_container_network', when: true}
|
|
- {'name': 'matrix_bot_draupnir_config_homeserverUrl', when: true}
|
|
- {'name': 'matrix_bot_draupnir_config_rawHomeserverUrl', when: true}
|
|
- {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
|
|
- {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
|
|
when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)"
|
|
|
|
- name: Fail if Draupnir room hijacking enabled without enabling the Synapse Admin API
|
|
ansible.builtin.fail:
|
|
msg: "When matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand is enabled, matrix_bot_draupnir_admin_api_enabled must also be enabled"
|
|
when: "matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | bool and not matrix_bot_draupnir_admin_api_enabled | bool"
|
|
|
|
- name: Fail if inappropriate variables are defined
|
|
ansible.builtin.fail:
|
|
msg: "The `{{ item.name }}` variable must be undefined or have a null value."
|
|
with_items:
|
|
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
|
|
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_login_native }}"}
|
|
when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"
|
|
|
|
- name: Fail when matrix_bot_draupnir_config_experimentalRustCrypto is enabled together with matrix_bot_draupnir_pantalaimon_use
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time.
|
|
These settings are mutually incompatible and therefore cant be used at the same time.
|
|
when:
|
|
- matrix_bot_draupnir_pantalaimon_use
|
|
- matrix_bot_draupnir_config_experimentalRustCrypto
|
|
|
|
- when: "matrix_bot_draupnir_pantalaimon_use == 'true' and matrix_bot_draupnir_pantalaimon_breakage_ignore == 'false'"
|
|
block:
|
|
- name: Inject warning if Pantalaimon is used together with Draupnir
|
|
ansible.builtin.set_fact:
|
|
devture_playbook_runtime_messages_list: |
|
|
{{
|
|
devture_playbook_runtime_messages_list | default([])
|
|
+
|
|
[
|
|
"Note: Draupnir does not support running with Pantalaimon as it would break all workflows that involve answering prompts with reactions. To enable E2EE for Draupnir, it is recommended to use matrix_bot_draupnir_config_experimentalRustCrypto instead. This warning can be disabled by setting matrix_bot_draupnir_pantalaimon_breakage_ignore to true."
|
|
]
|
|
}}
|