From f57aed8e015593d084518c1dbe27f6f4bd9457de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 20 Jun 2022 21:32:03 +0200 Subject: [PATCH 01/49] Add a setting to make nginx forward node_exporter and postgres_exporter --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 4abcd40a040..8d17d64c4e9 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,6 +45,19 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} + {% if matrix_nginx_proxy_node_exporter_reverse_enabled %} + location /node-exporter/ { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-prometheus-node-exporter:9100/; + } + {% endif %} + {% if matrix_nginx_proxy_postgres_exporter_reverse_enabled %} + location /postgres-exporter/ { + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-prometheus-postgres-exporter:9187/; + } + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} From d24cb7db6f9ed357ae4653174eccb9b44e0ace84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Thu, 23 Jun 2022 20:24:52 +0200 Subject: [PATCH 02/49] Initial maubot commit --- group_vars/matrix_servers | 27 ++++ roles/matrix-maubot/defaults/main.yml | 32 +++++ roles/matrix-maubot/tasks/init.yml | 5 + roles/matrix-maubot/tasks/main.yml | 23 ++++ roles/matrix-maubot/tasks/setup_install.yml | 73 ++++++++++ roles/matrix-maubot/tasks/setup_uninstall.yml | 36 +++++ roles/matrix-maubot/tasks/validate_config.yml | 11 ++ .../templates/config/config.yaml.j2 | 127 ++++++++++++++++++ .../systemd/matrix-maubot.service.j2 | 36 +++++ setup.yml | 1 + 10 files changed, 371 insertions(+) create mode 100644 roles/matrix-maubot/defaults/main.yml create mode 100644 roles/matrix-maubot/tasks/init.yml create mode 100644 roles/matrix-maubot/tasks/main.yml create mode 100644 roles/matrix-maubot/tasks/setup_install.yml create mode 100644 roles/matrix-maubot/tasks/setup_uninstall.yml create mode 100644 roles/matrix-maubot/tasks/validate_config.yml create mode 100644 roles/matrix-maubot/templates/config/config.yaml.j2 create mode 100644 roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f727da55f0c..4bfcaee5d3a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1053,6 +1053,33 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-maubot +# +###################################################################### + +# We don't enable bots by default. +matrix_maubot_enabled: false + +matrix_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_maubot_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + + +###################################################################### +# +# /matrix-maubot +# +###################################################################### + ###################################################################### # diff --git a/roles/matrix-maubot/defaults/main.yml b/roles/matrix-maubot/defaults/main.yml new file mode 100644 index 00000000000..63603c50528 --- /dev/null +++ b/roles/matrix-maubot/defaults/main.yml @@ -0,0 +1,32 @@ +--- + +matrix_maubot_enabled: true +matrix_maubot_container_image_self_build: false +matrix_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" +matrix_maubot_docker_src_files_path: "{{ matrix_maubot_base_path }}/docker-src" + +matrix_maubot_version: latest +matrix_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_maubot_version }}" +matrix_maubot_docker_image_force_pull: "{{ matrix_maubot_docker_image.endswith(':latest') }}" + +matrix_maubot_base_path: "{{ matrix_base_data_path }}/maubot" +matrix_maubot_data_path: "{{ matrix_maubot_base_path }}/data" + +matrix_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" + + + +matrix_maubot_logging_level: info +matrix_maubot_secret: '' +matrix_maubot_admin_user: '' +matrix_maubot_admin_password: '' +matrix_mau_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_maubot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_maubot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_maubot_systemd_wanted_services_list: [] diff --git a/roles/matrix-maubot/tasks/init.yml b/roles/matrix-maubot/tasks/init.yml new file mode 100644 index 00000000000..3b62fbf3e17 --- /dev/null +++ b/roles/matrix-maubot/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}" + when: matrix_maubot_enabled|bool diff --git a/roles/matrix-maubot/tasks/main.yml b/roles/matrix-maubot/tasks/main.yml new file mode 100644 index 00000000000..dbca98c395d --- /dev/null +++ b/roles/matrix-maubot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_maubot_enabled|bool" + tags: + - setup-all + - setup-maubot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_maubot_enabled|bool" + tags: + - setup-all + - setup-maubot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_maubot_enabled|bool" + tags: + - setup-all + - setup-maubot diff --git a/roles/matrix-maubot/tasks/setup_install.yml b/roles/matrix-maubot/tasks/setup_install.yml new file mode 100644 index 00000000000..5d7019469e0 --- /dev/null +++ b/roles/matrix-maubot/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +- name: Ensure maubot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_maubot_base_path }}", when: true} + - - {path: "{{ matrix_maubot_data_path }}", when: true} + - {path: "{{ matrix_maubot_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure maubot configuration file created + template: + src: "{{ role_path }}/templates/config/config.yaml.j2" + dest: "{{ matrix_maubot_base_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure maubot image is pulled + docker_image: + name: "{{ matrix_maubot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_maubot_docker_image_force_pull }}" + when: "not matrix_maubot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure maubot repository is present on self-build + git: + repo: "{{ matrix_maubot_docker_repo }}" + dest: "{{ matrix_maubot_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_maubot_git_pull_results + when: "matrix_maubot_container_image_self_build|bool" + +- name: Ensure maubot image is built + docker_image: + name: "{{ matrix_maubot_docker_image }}" + source: build + force_source: "{{ matrix_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_maubot_docker_src_files_path }}" + pull: true + when: "matrix_maubot_container_image_self_build|bool" + +- name: Ensure matrix-maubot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-maubot.service" + mode: 0644 + register: matrix_maubot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-maubot.service installation + service: + daemon_reload: true + when: "matrix_maubot_systemd_service_result.changed|bool" + +- name: Ensure matrix-maubot.service restarted, if necessary + service: + name: "matrix-maubot.service" + state: restarted diff --git a/roles/matrix-maubot/tasks/setup_uninstall.yml b/roles/matrix-maubot/tasks/setup_uninstall.yml new file mode 100644 index 00000000000..1765eb0322f --- /dev/null +++ b/roles/matrix-maubot/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-maubot service + stat: + path: "{{ matrix_systemd_path }}/matrix-maubot.service" + register: matrix_maubot_service_stat + +- name: Ensure matrix-maubot is stopped + service: + name: matrix-maubot + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_maubot_service_stat.stat.exists|bool" + +- name: Ensure matrix-maubot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-maubot.service" + state: absent + when: "matrix_maubot_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-maubot.service removal + service: + daemon_reload: true + when: "matrix_maubot_service_stat.stat.exists|bool" + +- name: Ensure Matrix maubot paths don't exist + file: + path: "{{ matrix_maubot_base_path }}" + state: absent + +- name: Ensure maubot Docker image doesn't exist + docker_image: + name: "{{ matrix_maubot_docker_image }}" + state: absent diff --git a/roles/matrix-maubot/tasks/validate_config.yml b/roles/matrix-maubot/tasks/validate_config.yml new file mode 100644 index 00000000000..e23dc10c66a --- /dev/null +++ b/roles/matrix-maubot/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_maubot_secret + - matrix_maubot_admin_user + - matrix_maubot_admin_password diff --git a/roles/matrix-maubot/templates/config/config.yaml.j2 b/roles/matrix-maubot/templates/config/config.yaml.j2 new file mode 100644 index 00000000000..9f72cfc0d8c --- /dev/null +++ b/roles/matrix-maubot/templates/config/config.yaml.j2 @@ -0,0 +1,127 @@ +# The full URI to the database. SQLite and Postgres are fully supported. +# Other DBMSes supported by SQLAlchemy may or may not work. +# Format examples: +# SQLite: sqlite:///filename.db +# Postgres: postgresql://username:password@hostname/dbname +database: sqlite:////data/maubot.db + +# Separate database URL for the crypto database. "default" means use the same database as above. +crypto_database: default + +# Additional arguments for asyncpg.create_pool() or sqlite3.connect() +# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool +# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect +# For sqlite, min_size is used as the connection thread pool size and max_size is ignored. +database_opts: + min_size: 1 + max_size: 10 +plugin_directories: + # The directory where uploaded new plugins should be stored. + upload: /data/plugins + # The directories from which plugins should be loaded. + # Duplicate plugin IDs will be moved to the trash. + load: + - /data/plugins + trash: /data/trash + +# Configuration for storing plugin databases +plugin_databases: + # The directory where SQLite plugin databases should be stored. + sqlite: /data/dbs + # The connection URL for plugin databases. If null, all plugins will get SQLite databases. + # If set, plugins using the new asyncpg interface will get a Postgres connection instead. + # Plugins using the legacy SQLAlchemy interface will always get a SQLite connection. + # + # To use the same connection pool as the default database, set to "default" + # (the default database above must be postgres to do this). + # + # When enabled, maubot will create separate Postgres schemas in the database for each plugin. + # To view schemas in psql, use `\dn`. To view enter and interact with a specific schema, + # use `SET search_path = name` (where `name` is the name found with `\dn`) and then use normal + # SQL queries/psql commands. + postgres: + # Maximum number of connections per plugin instance. + postgres_max_conns_per_plugin: 3 + # Overrides for the default database_opts when using a non-"default" postgres connection string. + postgres_opts: {} + +server: + # The IP and port to listen to. + hostname: 0.0.0.0 + port: 29316 + # Public base URL where the server is visible. + public_url: {{ matrix_maubot_bot_server }} + # The base management API path. + base_path: /_matrix/maubot/v1 + # The base path for the UI. + ui_base_path: /_matrix/maubot + # The base path for plugin endpoints. The instance ID will be appended directly. + plugin_base_path: /_matrix/maubot/plugin/ + # Override path from where to load UI resources. + # Set to false to using pkg_resources to find the path. + override_resource_path: /opt/maubot/frontend + # The base appservice API path. Use / for legacy appservice API and /_matrix/app/v1 for v1. + appservice_base_path: /_matrix/app/v1 + # The shared secret to sign API access tokens. + # Set to "generate" to generate and save a new token at startup. + unshared_secret: {{ matrix_maubot_secret }} + +# Known homeservers. This is required for the `mbc auth` command and also allows +# more convenient access from the management UI. This is not required to create +# clients in the management UI, since you can also just type the homeserver URL +# into the box there. +homeservers: + {{ matrix_domain }}: + # Client-server API URL + url: {{ matrix_maubot_bot_server }} + # registration_shared_secret from synapse config + # You can leave this empty if you don't have access to the homeserver. + # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. + secret: {{ matrix_registration_shared_secret }} +admins: + root: '' + {{ matrix_maubot_admin_user }}: {{ matrix_maubot_admin_password }} +api_features: + login: true + plugin: true + plugin_upload: true + instance: true + instance_database: true + client: true + client_proxy: true + client_auth: true + dev_open: true + log: true + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): maubot.lib.color_log.ColorFormatter + format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' + normal: + format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' + handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: normal + filename: /var/log/maubot.log + maxBytes: 10485760 + backupCount: 10 + console: + class: logging.StreamHandler + formatter: colored + loggers: + maubot: + level: DEBUG + mau: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [file, console] diff --git a/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 new file mode 100644 index 00000000000..d09b8b72319 --- /dev/null +++ b/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Maubot +{% for service in matrix_maubot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_maubot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ + --log-driver=none \ + --cap-drop=ALL \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --mount type=bind,src={{ matrix_maubot_base_path }},dst=/data \ + --network={{ matrix_docker_network }} \ + -p 29316:29316 \ + {{ matrix_maubot_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-maubot + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 5ea7e5a7ebf..0a0fdc61ed2 100755 --- a/setup.yml +++ b/setup.yml @@ -66,3 +66,4 @@ - matrix-prometheus-postgres-exporter - matrix-backup-borg - matrix-common-after + - matrix-maubot From 13166569985011d650526c129c9c062780c15dea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Thu, 23 Jun 2022 21:57:52 +0200 Subject: [PATCH 03/49] Rename to bot_maubot and fix permission error --- group_vars/matrix_servers | 6 +-- roles/matrix-bot-maubot/defaults/main.yml | 33 +++++++++++++++ .../tasks/init.yml | 2 +- .../tasks/main.yml | 12 +++--- .../tasks/setup_install.yml | 40 +++++++++---------- .../tasks/setup_uninstall.yml | 12 +++--- .../tasks/validate_config.yml | 5 +-- .../templates/config/config.yaml.j2 | 14 ++++--- .../systemd/matrix-maubot.service.j2 | 16 ++++---- roles/matrix-maubot/defaults/main.yml | 32 --------------- setup.yml | 2 +- 11 files changed, 89 insertions(+), 85 deletions(-) create mode 100644 roles/matrix-bot-maubot/defaults/main.yml rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/init.yml (74%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/main.yml (56%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/setup_install.yml (56%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/setup_uninstall.yml (68%) rename roles/{matrix-maubot => matrix-bot-maubot}/tasks/validate_config.yml (66%) rename roles/{matrix-maubot => matrix-bot-maubot}/templates/config/config.yaml.j2 (91%) rename roles/{matrix-maubot => matrix-bot-maubot}/templates/systemd/matrix-maubot.service.j2 (68%) delete mode 100644 roles/matrix-maubot/defaults/main.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a15e38b49ab..ef4f4b07cff 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1065,11 +1065,11 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | ###################################################################### # We don't enable bots by default. -matrix_maubot_enabled: false +matrix_bot_maubot_enabled: false -matrix_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" +matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" -matrix_maubot_systemd_required_services_list: | +matrix_bot_maubot_systemd_required_services_list: | {{ ['docker.service'] + diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml new file mode 100644 index 00000000000..5e7c58a229f --- /dev/null +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -0,0 +1,33 @@ +--- + +matrix_bot_maubot_enabled: true +matrix_bot_maubot_container_image_self_build: false +matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" +matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" + +matrix_bot_maubot_version: latest +matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" +matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" + +matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" +matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" +matrix_bot_maubot_container_data_dir: "/data" + +matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" + + + +matrix_bot_maubot_logging_level: info +matrix_bot_maubot_secret: '' +matrix_bot_maubot_admin_user: '' +matrix_bot_maubot_admin_password: '' +matrix_mau_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_bot_maubot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_bot_maubot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_bot_maubot_systemd_wanted_services_list: [] diff --git a/roles/matrix-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml similarity index 74% rename from roles/matrix-maubot/tasks/init.yml rename to roles/matrix-bot-maubot/tasks/init.yml index 3b62fbf3e17..286c5f469b5 100644 --- a/roles/matrix-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -2,4 +2,4 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}" - when: matrix_maubot_enabled|bool + when: matrix_bot_maubot_enabled|bool diff --git a/roles/matrix-maubot/tasks/main.yml b/roles/matrix-bot-maubot/tasks/main.yml similarity index 56% rename from roles/matrix-maubot/tasks/main.yml rename to roles/matrix-bot-maubot/tasks/main.yml index dbca98c395d..c67e25ee739 100644 --- a/roles/matrix-maubot/tasks/main.yml +++ b/roles/matrix-bot-maubot/tasks/main.yml @@ -5,19 +5,19 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_maubot_enabled|bool" + when: "run_setup|bool and matrix_bot_maubot_enabled|bool" tags: - setup-all - - setup-maubot + - setup-bot-maubot - import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_maubot_enabled|bool" + when: "run_setup|bool and matrix_bot_maubot_enabled|bool" tags: - setup-all - - setup-maubot + - setup-bot-maubot - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_maubot_enabled|bool" + when: "run_setup|bool and not matrix_bot_maubot_enabled|bool" tags: - setup-all - - setup-maubot + - setup-bot-maubot diff --git a/roles/matrix-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml similarity index 56% rename from roles/matrix-maubot/tasks/setup_install.yml rename to roles/matrix-bot-maubot/tasks/setup_install.yml index 5d7019469e0..36871079804 100644 --- a/roles/matrix-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -4,30 +4,30 @@ file: path: "{{ item.path }}" state: directory - mode: 0750 + mode: 0755 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - {path: "{{ matrix_maubot_base_path }}", when: true} - - - {path: "{{ matrix_maubot_data_path }}", when: true} - - {path: "{{ matrix_maubot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_maubot_base_path }}", when: true} + - - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure maubot configuration file created template: src: "{{ role_path }}/templates/config/config.yaml.j2" - dest: "{{ matrix_maubot_base_path }}/config.yaml" + dest: "{{ matrix_bot_maubot_base_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - mode: 0640 + mode: "u=rwx" - name: Ensure maubot image is pulled docker_image: - name: "{{ matrix_maubot_docker_image }}" + name: "{{ matrix_bot_maubot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_maubot_docker_image_force_pull }}" - when: "not matrix_maubot_container_image_self_build|bool" + force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}" + when: "not matrix_bot_maubot_container_image_self_build|bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -35,37 +35,37 @@ - name: Ensure maubot repository is present on self-build git: - repo: "{{ matrix_maubot_docker_repo }}" - dest: "{{ matrix_maubot_docker_src_files_path }}" + repo: "{{ matrix_bot_maubot_docker_repo }}" + dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" become: true become_user: "{{ matrix_user_username }}" - register: matrix_maubot_git_pull_results - when: "matrix_maubot_container_image_self_build|bool" + register: matrix_bot_maubot_git_pull_results + when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure maubot image is built docker_image: - name: "{{ matrix_maubot_docker_image }}" + name: "{{ matrix_bot_maubot_docker_image }}" source: build - force_source: "{{ matrix_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" build: dockerfile: Dockerfile - path: "{{ matrix_maubot_docker_src_files_path }}" + path: "{{ matrix_bot_maubot_docker_src_files_path }}" pull: true - when: "matrix_maubot_container_image_self_build|bool" + when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure matrix-maubot.service installed template: src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-maubot.service" mode: 0644 - register: matrix_maubot_systemd_service_result + register: matrix_bot_maubot_systemd_service_result - name: Ensure systemd reloaded after matrix-maubot.service installation service: daemon_reload: true - when: "matrix_maubot_systemd_service_result.changed|bool" + when: "matrix_bot_maubot_systemd_service_result.changed|bool" - name: Ensure matrix-maubot.service restarted, if necessary service: diff --git a/roles/matrix-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml similarity index 68% rename from roles/matrix-maubot/tasks/setup_uninstall.yml rename to roles/matrix-bot-maubot/tasks/setup_uninstall.yml index 1765eb0322f..c9dea82a143 100644 --- a/roles/matrix-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -3,7 +3,7 @@ - name: Check existence of matrix-maubot service stat: path: "{{ matrix_systemd_path }}/matrix-maubot.service" - register: matrix_maubot_service_stat + register: matrix_bot_maubot_service_stat - name: Ensure matrix-maubot is stopped service: @@ -12,25 +12,25 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure matrix-maubot.service doesn't exist file: path: "{{ matrix_systemd_path }}/matrix-maubot.service" state: absent - when: "matrix_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-maubot.service removal service: daemon_reload: true - when: "matrix_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure Matrix maubot paths don't exist file: - path: "{{ matrix_maubot_base_path }}" + path: "{{ matrix_bot_maubot_base_path }}" state: absent - name: Ensure maubot Docker image doesn't exist docker_image: - name: "{{ matrix_maubot_docker_image }}" + name: "{{ matrix_bot_maubot_docker_image }}" state: absent diff --git a/roles/matrix-maubot/tasks/validate_config.yml b/roles/matrix-bot-maubot/tasks/validate_config.yml similarity index 66% rename from roles/matrix-maubot/tasks/validate_config.yml rename to roles/matrix-bot-maubot/tasks/validate_config.yml index e23dc10c66a..6c9871e175c 100644 --- a/roles/matrix-maubot/tasks/validate_config.yml +++ b/roles/matrix-bot-maubot/tasks/validate_config.yml @@ -6,6 +6,5 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: - - matrix_maubot_secret - - matrix_maubot_admin_user - - matrix_maubot_admin_password + - matrix_bot_maubot_secret + - matrix_bot_maubot_admins diff --git a/roles/matrix-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 similarity index 91% rename from roles/matrix-maubot/templates/config/config.yaml.j2 rename to roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 9f72cfc0d8c..5e44ff5f644 100644 --- a/roles/matrix-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -50,7 +50,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_maubot_bot_server }} + public_url: {{ matrix_bot_maubot_bot_server }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. @@ -64,7 +64,7 @@ server: appservice_base_path: /_matrix/app/v1 # The shared secret to sign API access tokens. # Set to "generate" to generate and save a new token at startup. - unshared_secret: {{ matrix_maubot_secret }} + unshared_secret: {{ matrix_bot_maubot_secret }} # Known homeservers. This is required for the `mbc auth` command and also allows # more convenient access from the management UI. This is not required to create @@ -73,14 +73,16 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: {{ matrix_maubot_bot_server }} + url: {{ matrix_bot_maubot_bot_server }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. secret: {{ matrix_registration_shared_secret }} -admins: - root: '' - {{ matrix_maubot_admin_user }}: {{ matrix_maubot_admin_password }} + +# List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password +# to prevent normal login. Root is a special user that can't have a password and will always exist. +admins: {{ matrix_bot_maubot_admins | combine( {"root": ""} ) }} + api_features: login: true plugin: true diff --git a/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 similarity index 68% rename from roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 rename to roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index d09b8b72319..3a3c3a0cff7 100644 --- a/roles/matrix-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -1,11 +1,11 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Maubot -{% for service in matrix_maubot_systemd_required_services_list %} +{% for service in matrix_bot_maubot_systemd_required_services_list %} Requires={{ service }} After={{ service }} {% endfor %} -{% for service in matrix_maubot_systemd_wanted_services_list %} +{% for service in matrix_bot_maubot_systemd_wanted_services_list %} Wants={{ service }} {% endfor %} DefaultDependencies=no @@ -18,13 +18,15 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ --log-driver=none \ - --cap-drop=ALL \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --read-only \ - --mount type=bind,src={{ matrix_maubot_base_path }},dst=/data \ + -e UID={{ matrix_user_uid }} \ + -e GID={{ matrix_user_gid }} \ + -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} --network={{ matrix_docker_network }} \ -p 29316:29316 \ - {{ matrix_maubot_docker_image }} + {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' diff --git a/roles/matrix-maubot/defaults/main.yml b/roles/matrix-maubot/defaults/main.yml deleted file mode 100644 index 63603c50528..00000000000 --- a/roles/matrix-maubot/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -matrix_maubot_enabled: true -matrix_maubot_container_image_self_build: false -matrix_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" -matrix_maubot_docker_src_files_path: "{{ matrix_maubot_base_path }}/docker-src" - -matrix_maubot_version: latest -matrix_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_maubot_version }}" -matrix_maubot_docker_image_force_pull: "{{ matrix_maubot_docker_image.endswith(':latest') }}" - -matrix_maubot_base_path: "{{ matrix_base_data_path }}/maubot" -matrix_maubot_data_path: "{{ matrix_maubot_base_path }}/data" - -matrix_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" - - - -matrix_maubot_logging_level: info -matrix_maubot_secret: '' -matrix_maubot_admin_user: '' -matrix_maubot_admin_password: '' -matrix_mau_environment_variables_extension: '' - -# A list of extra arguments to pass to the container -matrix_maubot_container_extra_arguments: [] - -# List of systemd services that matrix-bot-matrix-registration-bot.service depends on -matrix_maubot_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-bot-matrix-registration-bot.service wants -matrix_maubot_systemd_wanted_services_list: [] diff --git a/setup.yml b/setup.yml index 433051c8152..79c377413cc 100755 --- a/setup.yml +++ b/setup.yml @@ -66,4 +66,4 @@ - matrix-postgres-backup - matrix-backup-borg - matrix-common-after - - matrix-maubot + - matrix-bot-maubot From 4d40b61a51662d331f8ad0eaa5b798ccdbb4e501 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 11:50:52 +0200 Subject: [PATCH 04/49] Fix config error, add nginx --- roles/matrix-bot-maubot/defaults/main.yml | 2 + .../matrix-bot-maubot/tasks/setup_install.yml | 42 ++++++++++++++++++- .../systemd/matrix-maubot.service.j2 | 2 +- .../nginx/conf.d/matrix-domain.conf.j2 | 11 ----- setup.yml | 2 +- 5 files changed, 44 insertions(+), 15 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 5e7c58a229f..7e86de6f031 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -11,7 +11,9 @@ matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.en matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" +matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" matrix_bot_maubot_container_data_dir: "/data" +matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 36871079804..7c651ea284e 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -9,18 +9,56 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - - - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true} when: "item.when|bool" - name: Ensure maubot configuration file created template: src: "{{ role_path }}/templates/config/config.yaml.j2" - dest: "{{ matrix_bot_maubot_base_path }}/config.yaml" + dest: "{{ matrix_bot_maubot_data_path }}/config.yaml" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: "u=rwx" +- name: Generate Maubot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-maubot:{{ matrix_bot_maubot_port }}/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + +- name: Register Maubot's proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled|bool and matrix_nginx_proxy_enabled is not defined" + + - name: Ensure maubot image is pulled docker_image: name: "{{ matrix_bot_maubot_docker_image }}" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index 3a3c3a0cff7..8a7a09ed693 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -25,7 +25,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ - -p 29316:29316 \ + -p {{ matrix_bot_maubot_port }}:29316 \ {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 878a297d521..2895ba14a79 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -45,17 +45,6 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} - {% if matrix_nginx_proxy_node_exporter_reverse_enabled %} - location /node-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-node-exporter:9100/; - } - {% endif %} - {% if matrix_nginx_proxy_postgres_exporter_reverse_enabled %} - location /postgres-exporter/ { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-prometheus-postgres-exporter:9187/; - } {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} location /metrics { {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} diff --git a/setup.yml b/setup.yml index 79c377413cc..38c32574a71 100755 --- a/setup.yml +++ b/setup.yml @@ -39,6 +39,7 @@ - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot - matrix-bot-matrix-registration-bot + - matrix-bot-maubot - matrix-bot-buscarron - matrix-bot-honoroit - matrix-bot-go-neb @@ -66,4 +67,3 @@ - matrix-postgres-backup - matrix-backup-borg - matrix-common-after - - matrix-bot-maubot From d7eb2d097f17c27e22389b78a11637ff262ec6ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 11:58:10 +0200 Subject: [PATCH 05/49] Fix yamllint (emptylines) --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 7e86de6f031..7867ec6cd4e 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -18,7 +18,6 @@ matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" - matrix_bot_maubot_logging_level: info matrix_bot_maubot_secret: '' matrix_bot_maubot_admin_user: '' From 8806598f51a325787c5f3ce764a6213a38902efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 12:29:06 +0200 Subject: [PATCH 06/49] Add option to proxy management UI (now defaults to false) --- roles/matrix-bot-maubot/defaults/main.yml | 1 + roles/matrix-bot-maubot/tasks/setup_install.yml | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 7867ec6cd4e..33556abe786 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -16,6 +16,7 @@ matrix_bot_maubot_container_data_dir: "/data" matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_proxy_management_interface: False matrix_bot_maubot_logging_level: info diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 7c651ea284e..22854ffbd55 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -39,6 +39,7 @@ proxy_set_header Connection "upgrade"; {% endif %} } + when: matrix_bot_maubot_proxy_management_interface|bool - name: Register Maubot's proxying configuration with matrix-nginx-proxy set_fact: @@ -48,6 +49,7 @@ + [matrix_bot_maubot_matrix_nginx_proxy_configuration] }} + when: matrix_bot_maubot_proxy_management_interface|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used debug: @@ -56,7 +58,7 @@ reverse proxy. Please make sure that you're proxying the `/_matrix/maubot` URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" - name: Ensure maubot image is pulled From 0ea146930be1923c11daecc9af9461f1462766a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 12:39:51 +0200 Subject: [PATCH 07/49] Make exposing management UI configurable --- roles/matrix-bot-maubot/defaults/main.yml | 1 + .../templates/systemd/matrix-maubot.service.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 33556abe786..0d141a2c612 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,6 +17,7 @@ matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: False +matrix_bot_maubot_expose_management_interface: True matrix_bot_maubot_logging_level: info diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index 8a7a09ed693..e94696f7b3a 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -25,7 +25,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ + {% if matrix_bot_maubot_expose_management_interface|bool %} -p {{ matrix_bot_maubot_port }}:29316 \ + {% endif %} {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' From 2f1d78fa48de548fe8ce9452c91dfa8662733422 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 12:45:19 +0200 Subject: [PATCH 08/49] Make true and false lowercase --- roles/matrix-bot-maubot/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 0d141a2c612..438c8f46527 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -16,8 +16,8 @@ matrix_bot_maubot_container_data_dir: "/data" matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" -matrix_bot_maubot_proxy_management_interface: False -matrix_bot_maubot_expose_management_interface: True +matrix_bot_maubot_proxy_management_interface: false +matrix_bot_maubot_expose_management_interface: true matrix_bot_maubot_logging_level: info From 2309a61cb0d4a3a8d51ba53404a0b4b1b163ed73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 13:15:34 +0200 Subject: [PATCH 09/49] Fix minor naming issue --- roles/matrix-bot-maubot/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 438c8f46527..bcac2e9ea77 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -29,8 +29,8 @@ matrix_mau_environment_variables_extension: '' # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] -# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +# List of systemd services that matrix-bot-maubot.service depends on matrix_bot_maubot_systemd_required_services_list: ['docker.service'] -# List of systemd services that matrix-bot-matrix-registration-bot.service wants +# List of systemd services that matrix-bot-maubot.service wants matrix_bot_maubot_systemd_wanted_services_list: [] From d5c82a52219c25311a40f45f89892d81152203da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:36:53 +0200 Subject: [PATCH 10/49] Remove logging to /var/log and make readonly --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 8 +------- .../templates/systemd/matrix-maubot.service.j2 | 3 ++- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 5e44ff5f644..86f0076db50 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -108,12 +108,6 @@ logging: normal: format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: normal - filename: /var/log/maubot.log - maxBytes: 10485760 - backupCount: 10 console: class: logging.StreamHandler formatter: colored @@ -126,4 +120,4 @@ logging: level: INFO root: level: DEBUG - handlers: [file, console] + handlers: [console] diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 index e94696f7b3a..a4e6d750080 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 @@ -20,9 +20,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ --log-driver=none \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ + --read-only \ -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \ {% for arg in matrix_bot_maubot_container_extra_arguments %} - {{ arg }} \ + {{ arg }} \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_expose_management_interface|bool %} From 6ed105b83071dd6edae569f19d2c551f3eb418a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:54:57 +0200 Subject: [PATCH 11/49] Rename service from matrix-maubot to matrix-bot-maubot --- roles/matrix-bot-maubot/tasks/init.yml | 2 +- roles/matrix-bot-maubot/tasks/setup_install.yml | 12 ++++++------ ...aubot.service.j2 => matrix-bot-maubot.service.j2} | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) rename roles/matrix-bot-maubot/templates/systemd/{matrix-maubot.service.j2 => matrix-bot-maubot.service.j2} (97%) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 286c5f469b5..6f55c747298 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -1,5 +1,5 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-maubot.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 22854ffbd55..dd48a0f0eb9 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -95,19 +95,19 @@ pull: true when: "matrix_bot_maubot_container_image_self_build|bool" -- name: Ensure matrix-maubot.service installed +- name: Ensure matrix-bot-maubot.service installed template: - src: "{{ role_path }}/templates/systemd/matrix-maubot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-maubot.service" + src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" mode: 0644 register: matrix_bot_maubot_systemd_service_result -- name: Ensure systemd reloaded after matrix-maubot.service installation +- name: Ensure systemd reloaded after matrix-bot-maubot.service installation service: daemon_reload: true when: "matrix_bot_maubot_systemd_service_result.changed|bool" -- name: Ensure matrix-maubot.service restarted, if necessary +- name: Ensure matrix-bot-maubot.service restarted, if necessary service: - name: "matrix-maubot.service" + name: "matrix-bot-maubot.service" state: restarted diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 similarity index 97% rename from roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 rename to roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index a4e6d750080..1cfe4c34314 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -35,7 +35,7 @@ ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' Restart=always RestartSec=30 -SyslogIdentifier=matrix-maubot +SyslogIdentifier=matrix-bot-maubot [Install] WantedBy=multi-user.target From ba0caf395a01fcf21124ce46dd4cade3c05ebf23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:58:50 +0200 Subject: [PATCH 12/49] Create dckr-src file path only when neccessary Co-authored-by: Slavi Pantaleev --- roles/matrix-bot-maubot/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index dd48a0f0eb9..3b2ce5b74df 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -10,7 +10,7 @@ with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: true} + - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} when: "item.when|bool" - name: Ensure maubot configuration file created From 6d1650c83466bdc41ec325ef6efed79bf0c5d8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 17:59:45 +0200 Subject: [PATCH 13/49] Remove config dir Co-authored-by: Slavi Pantaleev --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index bcac2e9ea77..54d50b845c2 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -13,7 +13,6 @@ matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" matrix_bot_maubot_container_data_dir: "/data" -matrix_bot_maubot_container_config_dir: "/root/.config/" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false From 2f167f21227054b6a94990b724c8a2afec537e58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:01:51 +0200 Subject: [PATCH 14/49] Rename docker container to matrix-bot-maubot --- .../templates/systemd/matrix-bot-maubot.service.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 1cfe4c34314..c7415399241 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -13,10 +13,10 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ @@ -31,8 +31,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-maubot \ {% endif %} {{ matrix_bot_maubot_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-maubot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-maubot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-maubot From 8e9d1657876cda603a0f3d96b75f252c1be37856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:06:06 +0200 Subject: [PATCH 15/49] Another rename to matrix-bot-maubot No functionality changed --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ef4f4b07cff..79df3cf1697 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1060,7 +1060,7 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | ###################################################################### # -# matrix-maubot +# matrix-bot-maubot # ###################################################################### @@ -1081,7 +1081,7 @@ matrix_bot_maubot_systemd_required_services_list: | ###################################################################### # -# /matrix-maubot +# /matrix-bot-maubot # ###################################################################### From a289116140920ae8ac19d6ccb734003ca42ac2a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:07:09 +0200 Subject: [PATCH 16/49] Use tagged release Co-authored-by: Slavi Pantaleev --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 54d50b845c2..b38f71c7dbb 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_maubot_container_image_self_build: false matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" -matrix_bot_maubot_version: latest +matrix_bot_maubot_version: v0.3.1 matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" From 90447a283924d20c3268d8b9ed627964cf004e98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:19:23 +0200 Subject: [PATCH 17/49] Use correct registration secret --- group_vars/matrix_servers | 8 ++++++++ roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 79df3cf1697..1705bdebbdf 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1078,6 +1078,14 @@ matrix_bot_maubot_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} +matrix_bot_maubot_registration_shared_secret: |- + {{ + { + 'synapse': matrix_synapse_registration_shared_secret, + 'dendrite': matrix_dendrite_registration_shared_secret, + }[matrix_homeserver_implementation] + }} + ###################################################################### # diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 86f0076db50..2797c03fe24 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -77,7 +77,7 @@ homeservers: # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. - secret: {{ matrix_registration_shared_secret }} + secret: {{ matrix_bot_maubot_registration_shared_secret|to_json }} # List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password # to prevent normal login. Root is a special user that can't have a password and will always exist. From 7baf477c160b31abe7c8ae8993d68108d4e6ad99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Jun 2022 18:21:13 +0200 Subject: [PATCH 18/49] Remove unnecessary variable The /data is hardcoded in the container --- roles/matrix-bot-maubot/defaults/main.yml | 1 - .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index b38f71c7dbb..6e4219f567c 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -12,7 +12,6 @@ matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.en matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" -matrix_bot_maubot_container_data_dir: "/data" matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index c7415399241..89c91d5f21b 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -21,7 +21,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ --read-only \ - -v {{ matrix_bot_maubot_data_path }}:{{ matrix_bot_maubot_container_data_dir }}:z \ + -v {{ matrix_bot_maubot_data_path }}:/data:z \ {% for arg in matrix_bot_maubot_container_extra_arguments %} {{ arg }} \ {% endfor %} From 64fbc5ff87c45ab3c87b75d21962f123853dc808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 08:50:22 +0200 Subject: [PATCH 19/49] Replace spaces with tabs --- .../templates/systemd/matrix-bot-maubot.service.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 89c91d5f21b..df66d321d5f 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -17,19 +17,19 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ - --log-driver=none \ + --log-driver=none \ -e UID={{ matrix_user_uid }} \ -e GID={{ matrix_user_gid }} \ --read-only \ -v {{ matrix_bot_maubot_data_path }}:/data:z \ - {% for arg in matrix_bot_maubot_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_expose_management_interface|bool %} -p {{ matrix_bot_maubot_port }}:29316 \ {% endif %} - {{ matrix_bot_maubot_docker_image }} + {{ matrix_bot_maubot_docker_image }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From a295ec3e3d9b1f75d213d3c9942daec52d57c7be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 09:44:24 +0200 Subject: [PATCH 20/49] Change to matrix_bot_maubot_bot_server_public This shall indicate that the public url of maubot is here configured the same as matrix_server_fqn_matrix but this must not be the case. In the config I used the matrix fqnd directly as this part of the config is directly bound to the homeserver we want to connect to (but can not use the internal) --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 6e4219f567c..dd777a7bd22 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -13,7 +13,7 @@ matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" -matrix_bot_maubot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 2797c03fe24..2986034047f 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -50,7 +50,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_bot_maubot_bot_server }} + public_url: {{ matrix_bot_maubot_bot_server_public }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. @@ -73,7 +73,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: {{ matrix_bot_maubot_bot_server }} + url: {{ matrix_server_fqn_matrix }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. From 2e5ad5cbe97d550b76c77f1597d6322b517d1d2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 09:46:19 +0200 Subject: [PATCH 21/49] Remove unused variable --- roles/matrix-bot-maubot/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index dd777a7bd22..9d27305394b 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -18,7 +18,6 @@ matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true -matrix_bot_maubot_logging_level: info matrix_bot_maubot_secret: '' matrix_bot_maubot_admin_user: '' matrix_bot_maubot_admin_password: '' From 9ed70188dd8cb08d25bee55edfc2e887d8ab0f6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Jun 2022 09:47:32 +0200 Subject: [PATCH 22/49] Use safer |to_json --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 2986034047f..1a45b91a044 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -64,7 +64,7 @@ server: appservice_base_path: /_matrix/app/v1 # The shared secret to sign API access tokens. # Set to "generate" to generate and save a new token at startup. - unshared_secret: {{ matrix_bot_maubot_secret }} + unshared_secret: {{ matrix_bot_maubot_secret|to_json }} # Known homeservers. This is required for the `mbc auth` command and also allows # more convenient access from the management UI. This is not required to create From 6cc92854df7d81068fb13057e8751b6f488deebe Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Wed, 29 Jun 2022 12:37:29 +0000 Subject: [PATCH 23/49] enable setting database URL --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 1a45b91a044..eb9e7abfaef 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -3,10 +3,12 @@ # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgresql://username:password@hostname/dbname -database: sqlite:////data/maubot.db +database: {{ matrix_bot_maubot_storage_database|to_json }} # Separate database URL for the crypto database. "default" means use the same database as above. -crypto_database: default +crypto_database: + type: default + postgres_uri: {{ matrix_bot_maubot_storage_database|to_json }} # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool From 320978cdf50baed5a0c4c9e82ba08cafeff91179 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Wed, 29 Jun 2022 13:17:03 +0000 Subject: [PATCH 24/49] Enable setting database URI and other things --- roles/matrix-bot-maubot/defaults/main.yml | 8 +++----- roles/matrix-bot-maubot/tasks/setup_install.yml | 16 ++++++++-------- .../templates/config/config.yaml.j2 | 4 ++-- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 9d27305394b..210fb193973 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,11 +17,9 @@ matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true - -matrix_bot_maubot_secret: '' -matrix_bot_maubot_admin_user: '' -matrix_bot_maubot_admin_password: '' -matrix_mau_environment_variables_extension: '' +matrix_bot_database_uri: 'sqlite:///data/maubot.db' +matrix_bot_maubot_port: 29316 +matrix_bot_maubot_secret: 'generate' # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 3b2ce5b74df..6d9aec87ee2 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -26,15 +26,15 @@ matrix_bot_maubot_matrix_nginx_proxy_configuration: | location ~ ^/(_matrix/maubot/.*) { {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-maubot:{{ matrix_bot_maubot_port }}/$1"; - proxy_pass http://$backend; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:29316/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; {% endif %} diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index eb9e7abfaef..aa9a2045f0d 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -3,12 +3,12 @@ # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgresql://username:password@hostname/dbname -database: {{ matrix_bot_maubot_storage_database|to_json }} +database: {{ matrix_bot_maubot_database_uri|to_json }} # Separate database URL for the crypto database. "default" means use the same database as above. crypto_database: type: default - postgres_uri: {{ matrix_bot_maubot_storage_database|to_json }} + postgres_uri: {{ matrix_bot_maubot_database_uri|to_json }} # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool From 59806ec3ea6287e2bbe896e8aa161f7f77d9c5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:25:35 +0200 Subject: [PATCH 25/49] Fix typo in variable name --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 210fb193973..d15a451fa8b 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,7 +17,7 @@ matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true -matrix_bot_database_uri: 'sqlite:///data/maubot.db' +matrix_bot_maubot_database_uri: 'sqlite:////data/maubot.db' matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' From 07cfd3ba090f301bf9cff48870424507af76ea4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:39:23 +0200 Subject: [PATCH 26/49] Use custom invocation instead of provided script --- roles/matrix-bot-maubot/tasks/setup_install.yml | 3 +++ .../templates/systemd/matrix-bot-maubot.service.j2 | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 6d9aec87ee2..de47ecd4e82 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -10,6 +10,9 @@ with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true } + - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true } + - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true } - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} when: "item.when|bool" diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index df66d321d5f..cde18e4dc9b 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -29,7 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% if matrix_bot_maubot_expose_management_interface|bool %} -p {{ matrix_bot_maubot_port }}:29316 \ {% endif %} - {{ matrix_bot_maubot_docker_image }} + {{ matrix_bot_maubot_docker_image }} \ + python3 -m maubot -c /data/config.yaml ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From 4ab516fca8cc3747df2f82e5be6e702f7fe95ed7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:42:18 +0200 Subject: [PATCH 27/49] Fix linter --- roles/matrix-bot-maubot/tasks/setup_install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index de47ecd4e82..56d8c6a88b3 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -10,9 +10,9 @@ with_items: - {path: "{{ matrix_bot_maubot_base_path }}", when: true} - {path: "{{ matrix_bot_maubot_data_path }}", when: true} - - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true } - - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true } - - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true } + - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true} - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} when: "item.when|bool" From 9ee5785704aa8a12a83b4e2cfcd650785b6e4aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:44:11 +0200 Subject: [PATCH 28/49] Add postgres to service dependencies --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1705bdebbdf..4cc380df667 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1075,6 +1075,8 @@ matrix_bot_maubot_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} From 135096e53a155a9eb9f68b9c43d7306ec94acb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 11:55:49 +0200 Subject: [PATCH 29/49] Add defaults --- group_vars/matrix_servers | 9 +++++++++ roles/matrix-bot-maubot/defaults/main.yml | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4cc380df667..be09c7bae89 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1088,6 +1088,9 @@ matrix_bot_maubot_registration_shared_secret: |- }[matrix_homeserver_implementation] }} +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" ###################################################################### # @@ -1805,6 +1808,12 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_maubot_database_name, + 'username': matrix_bot_maubot_database_username, + 'password': matrix_bot_maubot_database_password, + }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_bot_buscarron_database_name, 'username': matrix_bot_buscarron_database_username, diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index d15a451fa8b..294cd868461 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -17,7 +17,16 @@ matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true -matrix_bot_maubot_database_uri: 'sqlite:////data/maubot.db' +matrix_bot_maubot_database_engine: sqlite +matrix_bot_maubot_sqlite_database_path_local: "{{ matrix_bot_maubot_data_path }}/maubot.db" +matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db" + +matrix_bot_maubot_database_username: matrix_bot_maubot +matrix_bot_maubot_database_password: ~ +matrix_bot_maubot_database_hostname: 'matrix-postgres' +matrix_bot_maubot_database_port: 5432 +matrix_bot_maubot_database_name: matrix_bot_maubot + matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' From a842e9cd1d71be6ef4b23ec5a2b9c52405baaecd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 13:00:17 +0200 Subject: [PATCH 30/49] Fix uninstall (did not remove service) --- roles/matrix-bot-maubot/tasks/setup_uninstall.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index c9dea82a143..0346b7e7c99 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -5,22 +5,22 @@ path: "{{ matrix_systemd_path }}/matrix-maubot.service" register: matrix_bot_maubot_service_stat -- name: Ensure matrix-maubot is stopped +- name: Ensure matrix-bot-maubot is stopped service: - name: matrix-maubot + name: matrix-bot-maubot state: stopped enabled: false daemon_reload: true register: stopping_result when: "matrix_bot_maubot_service_stat.stat.exists|bool" -- name: Ensure matrix-maubot.service doesn't exist +- name: Ensure matrix-bot-maubot.service doesn't exist file: - path: "{{ matrix_systemd_path }}/matrix-maubot.service" + path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" state: absent when: "matrix_bot_maubot_service_stat.stat.exists|bool" -- name: Ensure systemd reloaded after matrix-maubot.service removal +- name: Ensure systemd reloaded after matrix-bot-maubot.service removal service: daemon_reload: true when: "matrix_bot_maubot_service_stat.stat.exists|bool" From bcd7ec714b4817bf1a3bde5eac48f9f2418b51c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 13:00:28 +0200 Subject: [PATCH 31/49] Add postgres configuration --- roles/matrix-bot-maubot/defaults/main.yml | 1 + .../templates/config/config.yaml.j2 | 24 +++---------------- 2 files changed, 4 insertions(+), 21 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 294cd868461..21a7a2ec180 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -26,6 +26,7 @@ matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot +matrix_bot_maubot_database_uri: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index aa9a2045f0d..157d76c346d 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -6,9 +6,8 @@ database: {{ matrix_bot_maubot_database_uri|to_json }} # Separate database URL for the crypto database. "default" means use the same database as above. -crypto_database: - type: default - postgres_uri: {{ matrix_bot_maubot_database_uri|to_json }} +crypto_database: + type: default # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool @@ -28,24 +27,7 @@ plugin_directories: # Configuration for storing plugin databases plugin_databases: - # The directory where SQLite plugin databases should be stored. - sqlite: /data/dbs - # The connection URL for plugin databases. If null, all plugins will get SQLite databases. - # If set, plugins using the new asyncpg interface will get a Postgres connection instead. - # Plugins using the legacy SQLAlchemy interface will always get a SQLite connection. - # - # To use the same connection pool as the default database, set to "default" - # (the default database above must be postgres to do this). - # - # When enabled, maubot will create separate Postgres schemas in the database for each plugin. - # To view schemas in psql, use `\dn`. To view enter and interact with a specific schema, - # use `SET search_path = name` (where `name` is the name found with `\dn`) and then use normal - # SQL queries/psql commands. - postgres: - # Maximum number of connections per plugin instance. - postgres_max_conns_per_plugin: 3 - # Overrides for the default database_opts when using a non-"default" postgres connection string. - postgres_opts: {} + type: default server: # The IP and port to listen to. From 05c1333ebb8ff1c7863ff00edb9348c42e15c024 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 9 Jul 2022 13:44:41 +0200 Subject: [PATCH 32/49] Restrict permissions of container --- .../templates/systemd/matrix-bot-maubot.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index cde18e4dc9b..b01139d2d77 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -18,9 +18,9 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ - -e UID={{ matrix_user_uid }} \ - -e GID={{ matrix_user_gid }} \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ + --cap-drop=ALL \ -v {{ matrix_bot_maubot_data_path }}:/data:z \ {% for arg in matrix_bot_maubot_container_extra_arguments %} {{ arg }} \ From f64c1329271d52cbb1b9d7a2ea60c82b19a56460 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 09:51:27 +0200 Subject: [PATCH 33/49] Make database switchable --- roles/matrix-bot-maubot/defaults/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 21a7a2ec180..50e10bfd2a2 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -26,7 +26,15 @@ matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot -matrix_bot_maubot_database_uri: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' + +matrix_bot_maubot_database_connection_string: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' + +matrix_bot_maubot_database_uri: "{{ + { + 'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container), + 'postgres': matrix_bot_maubot_database_connection_string, + }[matrix_bot_maubot_database_engine] + }}" matrix_bot_maubot_port: 29316 matrix_bot_maubot_secret: 'generate' From 27b1835ed47af91b253ab3d399b030a833641cf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 10:06:17 +0200 Subject: [PATCH 34/49] Fix uninstall (for real this time) --- roles/matrix-bot-maubot/tasks/setup_uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index 0346b7e7c99..f1d2fca2690 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-maubot service stat: - path: "{{ matrix_systemd_path }}/matrix-maubot.service" + path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" register: matrix_bot_maubot_service_stat - name: Ensure matrix-bot-maubot is stopped From 2e15bd85ea3e61090598ad6ae9c1d8a4b6eaac20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 10:09:55 +0200 Subject: [PATCH 35/49] Rename with addition "unshared" --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- roles/matrix-bot-maubot/tasks/validate_config.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 50e10bfd2a2..a003e65df16 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -37,7 +37,7 @@ matrix_bot_maubot_database_uri: "{{ }}" matrix_bot_maubot_port: 29316 -matrix_bot_maubot_secret: 'generate' +matrix_bot_maubot_unshared_secret: 'generate' # A list of extra arguments to pass to the container matrix_bot_maubot_container_extra_arguments: [] diff --git a/roles/matrix-bot-maubot/tasks/validate_config.yml b/roles/matrix-bot-maubot/tasks/validate_config.yml index 6c9871e175c..18070160a1d 100644 --- a/roles/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/matrix-bot-maubot/tasks/validate_config.yml @@ -6,5 +6,5 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: - - matrix_bot_maubot_secret + - matrix_bot_maubot_unshared_secret - matrix_bot_maubot_admins diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 157d76c346d..3c844be39f2 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -48,7 +48,7 @@ server: appservice_base_path: /_matrix/app/v1 # The shared secret to sign API access tokens. # Set to "generate" to generate and save a new token at startup. - unshared_secret: {{ matrix_bot_maubot_secret|to_json }} + unshared_secret: {{ matrix_bot_maubot_unshared_secret|to_json }} # Known homeservers. This is required for the `mbc auth` command and also allows # more convenient access from the management UI. This is not required to create From 07fdb09f69e51f46c0d1dff080f108dcc3f5bc17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 10:10:30 +0200 Subject: [PATCH 36/49] Rename with addition "url" --- roles/matrix-bot-maubot/defaults/main.yml | 2 +- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index a003e65df16..93732021686 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -13,7 +13,7 @@ matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" -matrix_bot_maubot_bot_server_public: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_bot_server_public_url: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_maubot_proxy_management_interface: false matrix_bot_maubot_expose_management_interface: true diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 3c844be39f2..559dc02ce10 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -34,7 +34,7 @@ server: hostname: 0.0.0.0 port: 29316 # Public base URL where the server is visible. - public_url: {{ matrix_bot_maubot_bot_server_public }} + public_url: {{ matrix_bot_maubot_bot_server_public_url }} # The base management API path. base_path: /_matrix/maubot/v1 # The base path for the UI. From e62632bf5dc1544994cf7c5ac6bfdeb1f51b952e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 11:04:49 +0200 Subject: [PATCH 37/49] Change from spaces to tabs --- .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index b01139d2d77..4ba1ac5d0c4 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -18,7 +18,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ --cap-drop=ALL \ -v {{ matrix_bot_maubot_data_path }}:/data:z \ From ffa20357ea7dd1e703f6caca70a747de1f4999c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 13:33:29 +0200 Subject: [PATCH 38/49] Use http_bin_port and make networking clearer --- roles/matrix-bot-maubot/defaults/main.yml | 14 ++++++++++++++ roles/matrix-bot-maubot/tasks/setup_install.yml | 2 +- .../templates/systemd/matrix-bot-maubot.service.j2 | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 93732021686..d5be023f9d0 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -36,6 +36,20 @@ matrix_bot_maubot_database_uri: "{{ }[matrix_bot_maubot_database_engine] }}" + +# Defines the port number where the management interface is +# To actually expose the management interface outside of the container, use `matrix_bot_maubot_management_interface_http_bind_port` +matrix_bot_maubot_management_interface_port: 29316 + +# Controls whether the maubot container exposes its HTTP management interface port (tcp/29316 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:29316"), or empty string to not expose. +# If you'll be setting this at all, it should be defined in terms of `matrix_bot_maubot_management_interface_port`. +# Example: +# matrix_bot_maubot_management_interface_http_bind_port: "127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}" +matrix_bot_maubot_management_interface_http_bind_port: '' + + matrix_bot_maubot_port: 29316 matrix_bot_maubot_unshared_secret: 'generate' diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 56d8c6a88b3..b4b03165b3f 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -37,7 +37,7 @@ proxy_set_header Connection "upgrade"; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; {% endif %} diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 4ba1ac5d0c4..497c25a6bc1 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -27,7 +27,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_expose_management_interface|bool %} - -p {{ matrix_bot_maubot_port }}:29316 \ + -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /data/config.yaml From acf53f604baa7b99aee601a7a16808f3ed77d79b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sun, 10 Jul 2022 14:48:00 +0200 Subject: [PATCH 39/49] Fix homserver configuration url --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 559dc02ce10..d542fe91485 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -57,7 +57,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: {{ matrix_server_fqn_matrix }} + url: "https://{{ matrix_server_fqn_matrix }}" # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. From 29b336f0a8648b8f79abe624345812742b64a302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 11 Jul 2022 13:28:23 +0200 Subject: [PATCH 40/49] Add docs Unrelated to the original branch I added the matrix-registration bot as it was missing in the readme --- README.md | 4 ++++ docs/configuring-playbook.md | 2 ++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 26f10940434..f32b8233562 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,10 @@ Using this playbook, you can get the following services configured on your serve - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation +- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation + +- (optional) [matrix-maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-matrix-maubot.md](docs/configuring-playbook-bot-matrix-maubot.md) for setup documentation + - (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3bfb01bdc19..bba1b2e9627 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -149,6 +149,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) +- [Setting up maubot](configuring-playbook-bot-maubot.md) - a plugin-based Matrix bot system (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) From 1ffc0d963b5089b10dbbcf21140b1b56003c9294 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 12 Jul 2022 01:15:12 +0200 Subject: [PATCH 41/49] Add maubot configuration docs --- docs/configuring-playbook-bot-maubot.md | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 docs/configuring-playbook-bot-maubot.md diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md new file mode 100644 index 00000000000..1fbe8d17362 --- /dev/null +++ b/docs/configuring-playbook-bot-maubot.md @@ -0,0 +1,62 @@ +# Setting up maubot (optional) + +The playbook can install and configure [maubot](https://github.com/maubot/maubot) for you. + +After setting up maubot, you can use the web management interface to make it do things. +The default location of the management interface is `matrix./_matrix/maubot/` + +See the project's [documentation](https://docs.mau.fi/maubot/usage/basic.html) to learn what it +does and why it might be useful to you. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_maubot_enabled: true +matrix_bot_maubot_admins: + - yourusername: securepassword +``` + +You can add multiple admins. + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + +## Usage + +You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. +To add a client you first need to create an account and obtain a valid access token. + +## Registering the bot user + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +## Obtaining an admin access token + +This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)) or by logging into Element/Schildichat with the bot account +(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom. +You can expand "Access token" to copy it. + +![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) + +**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. + + + + + + + From 6b7191c9393fe74d9a10455731584c2e689a212b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 12 Jul 2022 01:22:20 +0200 Subject: [PATCH 42/49] Fix tabs issue for real --- .../systemd/matrix-bot-maubot.service.j2 | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 497c25a6bc1..59435667616 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -17,20 +17,20 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --read-only \ - --cap-drop=ALL \ - -v {{ matrix_bot_maubot_data_path }}:/data:z \ - {% for arg in matrix_bot_maubot_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_bot_maubot_expose_management_interface|bool %} - -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ - {% endif %} - {{ matrix_bot_maubot_docker_image }} \ - python3 -m maubot -c /data/config.yaml + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --cap-drop=ALL \ + -v {{ matrix_bot_maubot_data_path }}:/data:z \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_bot_maubot_expose_management_interface|bool %} + -p {{ matrix_bot_maubot_management_interface_port }}:29316 \ + {% endif %} + {{ matrix_bot_maubot_docker_image }} \ + python3 -m maubot -c /data/config.yaml ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' From d6d311e810d45d6d4ba5464cc47a988b618fa5d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:27:20 +0200 Subject: [PATCH 43/49] Fix plugin database issue --- roles/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index d542fe91485..254c836e778 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -27,7 +27,7 @@ plugin_directories: # Configuration for storing plugin databases plugin_databases: - type: default + postgres: default server: # The IP and port to listen to. From 73ebbdcacd75e701a80c5ee31921121f4c75bbaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:29:03 +0200 Subject: [PATCH 44/49] Move maubot nginx config Reasoning: setup_install.yml only runs on --tags=setup-all or on --tags=setup-bot-maubot. If --tags=setup-nginx-proxy or similar commands are run, setup_install.yml will not run and the nginx configuration will be incomplete. --- roles/matrix-bot-maubot/tasks/init.yml | 39 ++++++++++++++++++ .../matrix-bot-maubot/tasks/setup_install.yml | 40 ------------------- 2 files changed, 39 insertions(+), 40 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 6f55c747298..032fdbf7bfe 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -3,3 +3,42 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool + +- name: Generate Maubot proxying configuration for matrix-nginx-proxy + set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:29316/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + when: matrix_bot_maubot_proxy_management_interface|bool + +- name: Register Maubot's proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + when: matrix_bot_maubot_proxy_management_interface|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index b4b03165b3f..8b27cd03f1c 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -24,46 +24,6 @@ group: "{{ matrix_user_groupname }}" mode: "u=rwx" -- name: Generate Maubot proxying configuration for matrix-nginx-proxy - set_fact: - matrix_bot_maubot_matrix_nginx_proxy_configuration: | - location ~ ^/(_matrix/maubot/.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-bot-maubot:29316/$1"; - proxy_pass http://$backend; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% endif %} - } - when: matrix_bot_maubot_proxy_management_interface|bool - -- name: Register Maubot's proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_bot_maubot_matrix_nginx_proxy_configuration] - }} - when: matrix_bot_maubot_proxy_management_interface|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `/_matrix/maubot` - URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" - - - name: Ensure maubot image is pulled docker_image: name: "{{ matrix_bot_maubot_docker_image }}" From d2e6ab6c3885dfa267c0ce5cdfb6163b7782d88b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:41:17 +0200 Subject: [PATCH 45/49] Fix some CI lint errors --- roles/matrix-bot-maubot/tasks/init.yml | 73 +++++++++++++------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 032fdbf7bfe..09a5f9a8a8e 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -4,41 +4,42 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool -- name: Generate Maubot proxying configuration for matrix-nginx-proxy - set_fact: - matrix_bot_maubot_matrix_nginx_proxy_configuration: | - location ~ ^/(_matrix/maubot/.*) { - {% if matrix_nginx_proxy_enabled|default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-bot-maubot:29316/$1"; - proxy_pass http://$backend; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {% endif %} - } - when: matrix_bot_maubot_proxy_management_interface|bool +- block: + - name: Generate Maubot proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:29316/$1"; + proxy_pass http://$backend; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + when: matrix_bot_maubot_proxy_management_interface|bool -- name: Register Maubot's proxying configuration with matrix-nginx-proxy - set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) - + - [matrix_bot_maubot_matrix_nginx_proxy_configuration] - }} - when: matrix_bot_maubot_proxy_management_interface|bool + - name: Register Maubot's proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + when: matrix_bot_maubot_proxy_management_interface|bool -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `/_matrix/maubot` - URL endpoint to the matrix-maubot container. - when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined" From f8a88707119feea06042cdba20f6e57d4848aadf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:48:26 +0200 Subject: [PATCH 46/49] Use FQCN --- roles/matrix-bot-maubot/tasks/init.yml | 2 +- roles/matrix-bot-maubot/tasks/setup_install.yml | 16 ++++++++-------- .../matrix-bot-maubot/tasks/setup_uninstall.yml | 12 ++++++------ .../matrix-bot-maubot/tasks/validate_config.yml | 2 +- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 09a5f9a8a8e..fe33da9b643 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -1,6 +1,6 @@ --- -- set_fact: +- ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index 8b27cd03f1c..cf350c02c1c 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -1,7 +1,7 @@ --- - name: Ensure maubot paths exist - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0755 @@ -17,7 +17,7 @@ when: "item.when|bool" - name: Ensure maubot configuration file created - template: + ansible.builtin.template: src: "{{ role_path }}/templates/config/config.yaml.j2" dest: "{{ matrix_bot_maubot_data_path }}/config.yaml" owner: "{{ matrix_user_username }}" @@ -25,7 +25,7 @@ mode: "u=rwx" - name: Ensure maubot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -37,7 +37,7 @@ until: result is not failed - name: Ensure maubot repository is present on self-build - git: + ansible.builtin.git: repo: "{{ matrix_bot_maubot_docker_repo }}" dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" @@ -47,7 +47,7 @@ when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure maubot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: build force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -59,18 +59,18 @@ when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure matrix-bot-maubot.service installed - template: + ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" dest: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" mode: 0644 register: matrix_bot_maubot_systemd_service_result - name: Ensure systemd reloaded after matrix-bot-maubot.service installation - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_maubot_systemd_service_result.changed|bool" - name: Ensure matrix-bot-maubot.service restarted, if necessary - service: + ansible.builtin.service: name: "matrix-bot-maubot.service" state: restarted diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index f1d2fca2690..8812eeed6c9 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -1,12 +1,12 @@ --- - name: Check existence of matrix-maubot service - stat: + ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" register: matrix_bot_maubot_service_stat - name: Ensure matrix-bot-maubot is stopped - service: + ansible.builtin.service: name: matrix-bot-maubot state: stopped enabled: false @@ -15,22 +15,22 @@ when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure matrix-bot-maubot.service doesn't exist - file: + ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" state: absent when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure systemd reloaded after matrix-bot-maubot.service removal - service: + ansible.builtin.service: daemon_reload: true when: "matrix_bot_maubot_service_stat.stat.exists|bool" - name: Ensure Matrix maubot paths don't exist - file: + ansible.builtin.file: path: "{{ matrix_bot_maubot_base_path }}" state: absent - name: Ensure maubot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" state: absent diff --git a/roles/matrix-bot-maubot/tasks/validate_config.yml b/roles/matrix-bot-maubot/tasks/validate_config.yml index 18070160a1d..5b28d9c0eae 100644 --- a/roles/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/matrix-bot-maubot/tasks/validate_config.yml @@ -1,7 +1,7 @@ --- - name: Fail if required settings not defined - fail: + ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" From 04a817aeaadf8db96f7e81db7a33c1d4edd0b486 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 08:55:10 +0200 Subject: [PATCH 47/49] Use explicit version for self build --- roles/matrix-bot-maubot/defaults/main.yml | 2 ++ roles/matrix-bot-maubot/tasks/setup_install.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index d5be023f9d0..7c5cb0eb6b2 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -4,6 +4,8 @@ matrix_bot_maubot_enabled: true matrix_bot_maubot_container_image_self_build: false matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" +matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" + matrix_bot_maubot_version: v0.3.1 matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/matrix-bot-maubot/tasks/setup_install.yml index cf350c02c1c..c136fd897cf 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/matrix-bot-maubot/tasks/setup_install.yml @@ -39,6 +39,7 @@ - name: Ensure maubot repository is present on self-build ansible.builtin.git: repo: "{{ matrix_bot_maubot_docker_repo }}" + version: "{{ matrix_bot_maubot_docker_repo_version }}" dest: "{{ matrix_bot_maubot_docker_src_files_path }}" force: "yes" become: true From f2dcbe5c9cd5119a671d57c00002f4ef778b7961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 20 Jul 2022 09:00:47 +0200 Subject: [PATCH 48/49] Name all tasks --- roles/matrix-bot-maubot/defaults/main.yml | 8 +++++++- roles/matrix-bot-maubot/tasks/init.yml | 6 ++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 7c5cb0eb6b2..57c3f5f7d5c 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -29,7 +29,13 @@ matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot -matrix_bot_maubot_database_connection_string: 'postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable' +matrix_bot_maubot_database_connection_string: > + postgres://{{ matrix_bot_maubot_database_username }} + :{{ matrix_bot_maubot_database_password }} + @{{ matrix_bot_maubot_database_hostname }} + :{{ matrix_bot_maubot_database_port }} + /{{ matrix_bot_maubot_database_name }} + ?sslmode=disable' matrix_bot_maubot_database_uri: "{{ { diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index fe33da9b643..54fd714b558 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -1,10 +1,12 @@ --- -- ansible.builtin.set_fact: +- name: Add maubot to the systemd service list + ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" when: matrix_bot_maubot_enabled|bool -- block: +- name: Configure nginx for maubot + block: - name: Generate Maubot proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_bot_maubot_matrix_nginx_proxy_configuration: | From e306d0051e22b4e69e457e4048ceb7c6198d1a4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 20 Jul 2022 10:07:03 +0300 Subject: [PATCH 49/49] Add project introduction to maubot's defaults file --- roles/matrix-bot-maubot/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/matrix-bot-maubot/defaults/main.yml index 57c3f5f7d5c..49437ece139 100644 --- a/roles/matrix-bot-maubot/defaults/main.yml +++ b/roles/matrix-bot-maubot/defaults/main.yml @@ -1,5 +1,8 @@ --- +# maubot is a plugin-based Matrix bot system. +# Project source code URL: https://mau.dev/maubot/maubot + matrix_bot_maubot_enabled: true matrix_bot_maubot_container_image_self_build: false matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"