added mautrix-signal role

spantaleev · Oct 22, 2020 · 69efcb5 · efraimbart · Feb 12, 2021 · efraimbart
1 parent 24c6d7e
commit 69efcb5
Show file tree

Hide file tree

Showing 11 changed files with 687 additions and 0 deletions.
diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -0,0 +1,102 @@
+# mautrix-telegram is a Matrix <-> Telegram bridge
+# See: https://github.com/tulir/mautrix-telegram
+
+matrix_mautrix_signal_enabled: false
+
+# See: https://mau.dev/tulir/mautrix-signal/container_registry
+matrix_mautrix_signal_docker_image: "dock.mau.dev/tulir/mautrix-signal:latest"
+matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
+
+matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"
+matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge"
+
+matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:latest"
+matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
+
+matrix_mautrix_signal_daemon_path: "{{ matrix_mautrix_signal_base_path }}/signald"
+
+# # Get your own API keys at https://my.telegram.org/apps
+# matrix_mautrix_telegram_api_id: ''
+# matrix_mautrix_telegram_api_hash: ''
+# matrix_mautrix_telegram_bot_token: disabled
+
+# # Mautrix telegram public endpoint to log in to telegram
+# # Use an uuid so it's not easily discoverable.
+# # Example: /741a0483-ba17-4682-9900-30bd7269f1cc
+# matrix_mautrix_telegram_public_endpoint: ''
+
+matrix_mautrix_signal_homeserver_address: 'http://matrix-synapse:8008'
+matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
+matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328'
+# matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
+
+# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
+matrix_mautrix_signal_container_http_host_bind_port: ''
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_signal_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-signal.service depends on.
+matrix_mautrix_signal_systemd_required_services_list: ['docker.service', 'matrix-mautrix-signal-daemon.service', 'matrix-mautrix-signal-db.service']
+
+# List of systemd services that matrix-mautrix-telegram.service wants
+matrix_mautrix_signal_systemd_wanted_services_list: []
+
+matrix_mautrix_signal_appservice_token: ''
+matrix_mautrix_signal_homeserver_token: ''
+
+matrix_mautrix_signal_db_docker_image: "postgres:13.0-alpine"
+matrix_mautrix_signal_db_docker_image_force_pull: "{{ matrix_mautrix_signal_db_docker_image.endswith(':latest') }}"
+matrix_mautrix_signal_db_storage_path: "{{ matrix_mautrix_signal_base_path }}/database"
+
+matrix_mautrix_signal_db_user: ''
+matrix_mautrix_signal_db_password: ''
+matrix_mautrix_signal_db_host: 'matrix-mautrix-signal-db'
+matrix_mautrix_signal_db_port: '5432'
+matrix_mautrix_signal_db_database: ''
+
+matrix_mautrix_signal_db_url: "postgres://{{ matrix_mautrix_signal_db_user }}:{{ matrix_mautrix_signal_db_password }}@{{ matrix_mautrix_signal_db_host }}:{{ matrix_mautrix_signal_db_port }}/{{ matrix_mautrix_signal_db_database }}"
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mautrix_signal_login_shared_secret: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mautrix_signal_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mautrix_signal_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mautrix_telegram_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mautrix_telegram_configuration_yaml`.
+
+matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml|from_yaml if matrix_mautrix_signal_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
+matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}"
+
+matrix_mautrix_signal_registration_yaml: |
+  id: signal
+  as_token: "{{ matrix_mautrix_signal_appservice_token }}"
+  hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
+  namespaces:
+      users:
+      - exclusive: true
+        regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
+      aliases:
+      - exclusive: true
+        regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
+  url: {{ matrix_mautrix_signal_appservice_address }}
+  sender_localpart: signalbot
+  rate_limited: false
+
+matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}"
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml
@@ -0,0 +1,63 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal', 'matrix-mautrix-signal-daemon'] }}"
+  when: matrix_mautrix_signal_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-mautrix-signal-registration.yaml"] }}
+  when: matrix_mautrix_signal_enabled|bool
+
+# - block:
+#   - name: Fail if matrix-nginx-proxy role already executed
+#     fail:
+#       msg: >-
+#         Trying to append Mautrix Signal's reverse-proxying configuration to matrix-nginx-proxy,
+#         but it's pointless since the matrix-nginx-proxy role had already executed.
+#         To fix this, please change the order of roles in your plabook,
+#         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role.
+#     when: matrix_nginx_proxy_role_executed|default(False)|bool
+
+  # - name: Generate Mautrix Signal proxying configuration for matrix-nginx-proxy
+  #   set_fact:
+  #     matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
+  #       location {{ matrix_mautrix_telegram_public_endpoint }} {
+  #       {% if matrix_nginx_proxy_enabled|default(False) %}
+  #       	{# Use the embedded DNS resolver in Docker containers to discover the service #}
+  #       	resolver 127.0.0.11 valid=5s;
+  #       	set $backend "matrix-mautrix-telegram:8080";
+  #       	proxy_pass http://$backend;
+  #       {% else %}
+  #       	{# Generic configuration for use outside of our container setup #}
+  #       	proxy_pass http://127.0.0.1:9006;
+  #       {% endif %}
+  #       }
+
+  # - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
+  #   set_fact:
+  #     matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+  #       {{
+  #         matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+  #         +
+  #         [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
+  #       }}
+  # tags:
+  #  - always
+  # when: matrix_mautrix_telegram_enabled|bool
+
+# - name: Warn about reverse-proxying if matrix-nginx-proxy not used
+#   debug:
+#     msg: >-
+#       NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
+#       reverse proxy.
+#       Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
+#       URL endpoint to the matrix-mautrix-telegram container.
+#       You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
+#   when: "matrix_mautrix_telegram_enabled|bool and matrix_nginx_proxy_enabled is not defined"
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/matrix-bridge-mautrix-signal/tasks/main.yml
@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mautrix_signal_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-signal
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mautrix_signal_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-signal
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mautrix_signal_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-signal
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
@@ -0,0 +1,102 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure Mautrix Signal image is pulled
+  docker_image:
+    name: "{{ matrix_mautrix_signal_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
+
+- name: Ensure Mautrix Signal Daemon image is pulled
+  docker_image:
+    name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
+
+- name: Ensure Mautrix Signal database image is pulled
+  docker_image:
+    name: "{{ matrix_mautrix_signal_db_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_signal_db_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
+
+- name: Ensure Mautrix Signal paths exist
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_mautrix_signal_base_path }}"
+    - "{{ matrix_mautrix_signal_config_path }}"
+    - "{{ matrix_mautrix_signal_daemon_path }}"
+    - "{{ matrix_mautrix_signal_db_storage_path }}"
+
+# - name: Check if an old database file already exists
+#   stat:
+#     path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
+#   register: matrix_mautrix_telegram_stat_database
+#
+# - name: (Data relocation) Ensure matrix-mautrix-telegram.service is stopped
+#   service:
+#     name: matrix-mautrix-telegram
+#     state: stopped
+#     daemon_reload: yes
+#   failed_when: false
+#   when: "matrix_mautrix_telegram_stat_database.stat.exists"
+#
+# - name: (Data relocation) Move mautrix-telegram database file to ./data directory
+#   command: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
+#   when: "matrix_mautrix_telegram_stat_database.stat.exists"
+
+- name: Ensure mautrix-signal config.yaml installed
+  copy:
+    content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mautrix-signal registration.yaml installed
+  copy:
+    content: "{{ matrix_mautrix_signal_registration|to_nice_yaml }}"
+    dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mautrix-signal-daemon.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service"
+    mode: 0644
+  register: matrix_mautrix_signal_daemon_systemd_service_result
+
+- name: Ensure matrix-mautrix-signal-db.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-db.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-db.service"
+    mode: 0644
+  register: matrix_mautrix_signal_db_systemd_service_result
+
+- name: Ensure matrix-mautrix-signal.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service"
+    mode: 0644
+  register: matrix_mautrix_signal_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-mautrix-signal.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed or matrix_mautrix_signal_db_systemd_service_result.changed"
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml
@@ -0,0 +1,64 @@
+---
+
+# Signal database service
+- name: Check existence of matrix-mautrix-signal-db service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-db.service"
+  register: matrix_mautrix_signal_db_service_stat
+
+- name: Ensure matrix-mautrix-signal-db is stopped
+  service:
+    name: matrix-mautrix-signal-db
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_signal_db_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-signal-db.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-db.service"
+    state: absent
+  when: "matrix_mautrix_signal_db_service_stat.stat.exists"
+
+# Signal daemon service
+- name: Check existence of matrix-mautrix-signal-daemon service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service"
+  register: matrix_mautrix_signal_daemon_service_stat
+
+- name: Ensure matrix-mautrix-signal-daemon is stopped
+  service:
+    name: matrix-mautrix-signal-daemon
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_signal_daemon_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-signal-daemon.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service"
+    state: absent
+  when: "matrix_mautrix_signal_daemon_service_stat.stat.exists"
+
+# Bridge service
+- name: Check existence of matrix-mautrix-signal service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service"
+  register: matrix_mautrix_signal_service_stat
+
+- name: Ensure matrix-mautrix-signal is stopped
+  service:
+    name: matrix-mautrix-signal
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_signal_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-signal.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service"
+    state: absent
+  when: "matrix_mautrix_signal_service_stat.stat.exists"
+
+# All services
+- name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists or matrix_mautrix_signal_db_service_stat.stat.exists"
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mautrix_signal_appservice_token"
+    - "matrix_mautrix_signal_homeserver_token"
+    - "matrix_mautrix_signal_db_user"
+    - "matrix_mautrix_signal_db_password"
+    - "matrix_mautrix_signal_db_database"
+
+- name: (Deprecation) Catch and report renamed Signal variables
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_mautrix_signal_container_exposed_port_number', 'new': '<superseded by matrix_mautrix_signal_container_http_host_bind_port>'}