-
-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #686 from laszabine/signal
Added a role for the bridge mautrix-signal
- Loading branch information
Showing
16 changed files
with
678 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# Setting up Mautrix Signal (optional) | ||
|
||
The playbook can install and configure [mautrix-signal](https://github.com/tulir/mautrix-signal) for you. | ||
|
||
See the project's [documentation](https://github.com/tulir/mautrix-signal/wiki) to learn what it does and why it might be useful to you. | ||
|
||
**Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signal_database_*`). | ||
|
||
Use the following playbook configuration: | ||
|
||
```yaml | ||
matrix_mautrix_signal_enabled: true | ||
``` | ||
## Set up Double Puppeting | ||
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-whatsapp/wiki/Authentication#replacing-whatsapp-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it. | ||
### Method 1: automatically, by enabling Shared Secret Auth | ||
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. | ||
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. | ||
### Method 2: manually, by asking each user to provide a working access token | ||
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). | ||
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: | ||
- retrieve a Matrix access token for yourself. You can use the following command: | ||
``` | ||
curl \ | ||
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \ | ||
https://matrix.DOMAIN/_matrix/client/r0/login | ||
``` | ||
|
||
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` | ||
|
||
- make sure you don't log out the `Mautrix-Signal` device some time in the future, as that would break the Double Puppeting feature | ||
|
||
|
||
## Usage | ||
|
||
You then need to start a chat with `@signalbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# mautrix-signal is a Matrix <-> Signal bridge | ||
# See: https://github.com/tulir/mautrix-signal | ||
|
||
matrix_mautrix_signal_enabled: true | ||
|
||
# See: https://mau.dev/tulir/mautrix-signal/container_registry | ||
matrix_mautrix_signal_docker_image: "dock.mau.dev/tulir/mautrix-signal:latest" | ||
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" | ||
|
||
matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:latest" | ||
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" | ||
|
||
matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" | ||
matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" | ||
matrix_mautrix_signal_daemon_path: "{{ matrix_mautrix_signal_base_path }}/signald" | ||
|
||
matrix_mautrix_signal_homeserver_address: '' | ||
matrix_mautrix_signal_homeserver_domain: '' | ||
matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' | ||
|
||
# Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). | ||
# | ||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose. | ||
matrix_mautrix_signal_container_http_host_bind_port: '' | ||
|
||
# A list of extra arguments to pass to the container | ||
matrix_mautrix_signal_container_extra_arguments: [] | ||
|
||
# List of systemd services that matrix-mautrix-signal.service depends on. | ||
matrix_mautrix_signal_systemd_required_services_list: | ||
- 'docker.service' | ||
- 'matrix-mautrix-signal-daemon.service' | ||
|
||
# List of systemd services that matrix-mautrix-signal.service wants | ||
matrix_mautrix_signal_systemd_wanted_services_list: [] | ||
|
||
# List of systemd services that matrix-mautrix-signal-daemon.service depends on. | ||
matrix_mautrix_signal_daemon_systemd_required_services_list: ['docker.service'] | ||
|
||
# List of systemd services that matrix-mautrix-signal-daemon.service wants | ||
matrix_mautrix_signal_daemon_systemd_wanted_services_list: [] | ||
|
||
matrix_mautrix_signal_appservice_token: '' | ||
matrix_mautrix_signal_homeserver_token: '' | ||
|
||
# Database-related configuration fields | ||
# | ||
# This bridge only supports postgres. | ||
# | ||
matrix_mautrix_signal_database_engine: 'postgres' | ||
|
||
matrix_mautrix_signal_database_username: 'matrix_mautrix_signal' | ||
matrix_mautrix_signal_database_password: 'some-password' | ||
matrix_mautrix_signal_database_hostname: 'matrix-postgres' | ||
matrix_mautrix_signal_database_port: 5432 | ||
matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' | ||
|
||
matrix_mautrix_signal_database_connection_string: 'postgres://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}' | ||
|
||
matrix_mautrix_signal_appservice_database: "{{ | ||
{ | ||
'postgres': matrix_mautrix_facebook_database_connection_string, | ||
}[matrix_mautrix_signal_database_engine] | ||
}}" | ||
|
||
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). | ||
matrix_mautrix_signal_login_shared_secret: '' | ||
|
||
# Default configuration template which covers the generic use case. | ||
# You can customize it by controlling the various variables inside it. | ||
# | ||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_signal_configuration_extension_yaml`) | ||
# or completely replace this variable with your own template. | ||
matrix_mautrix_signal_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||
|
||
matrix_mautrix_signal_configuration_extension_yaml: | | ||
# Your custom YAML configuration goes here. | ||
# This configuration extends the default starting configuration (`matrix_mautrix_signal_configuration_yaml`). | ||
# | ||
# You can override individual variables from the default configuration, or introduce new ones. | ||
# | ||
# If you need something more special, you can take full control by | ||
# completely redefining `matrix_mautrix_signal_configuration_yaml`. | ||
matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml|from_yaml if matrix_mautrix_signal_configuration_extension_yaml|from_yaml is mapping else {} }}" | ||
|
||
# Holds the final configuration (a combination of the default and its extension). | ||
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`. | ||
matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" | ||
|
||
matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}" | ||
|
||
matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}" | ||
|
||
matrix_mautrix_signal_log_level: 'DEBUG' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
- set_fact: | ||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal', 'matrix-mautrix-signal-daemon'] }}" | ||
when: matrix_mautrix_signal_enabled|bool | ||
|
||
# If the matrix-synapse role is not used, these variables may not exist. | ||
- set_fact: | ||
matrix_synapse_container_extra_arguments: > | ||
{{ matrix_synapse_container_extra_arguments|default([]) }} | ||
+ | ||
["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] | ||
matrix_synapse_app_service_config_files: > | ||
{{ matrix_synapse_app_service_config_files|default([]) }} | ||
+ | ||
{{ ["/matrix-mautrix-signal-registration.yaml"] }} | ||
when: matrix_mautrix_signal_enabled|bool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
- import_tasks: "{{ role_path }}/tasks/init.yml" | ||
tags: | ||
- always | ||
|
||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||
when: "run_setup|bool and matrix_mautrix_signal_enabled|bool" | ||
tags: | ||
- setup-all | ||
- setup-mautrix-signal | ||
|
||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml" | ||
when: "run_setup|bool and matrix_mautrix_signal_enabled|bool" | ||
tags: | ||
- setup-all | ||
- setup-mautrix-signal | ||
|
||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" | ||
when: "run_setup|bool and not matrix_mautrix_signal_enabled|bool" | ||
tags: | ||
- setup-all | ||
- setup-mautrix-signal |
72 changes: 72 additions & 0 deletions
72
roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
--- | ||
|
||
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. | ||
# We don't want to fail in such cases. | ||
- name: Fail if matrix-synapse role already executed | ||
fail: | ||
msg: >- | ||
The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role. | ||
when: "matrix_synapse_role_executed|default(False)" | ||
|
||
- name: Ensure Mautrix Signal image is pulled | ||
docker_image: | ||
name: "{{ matrix_mautrix_signal_docker_image }}" | ||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" | ||
when: matrix_mautrix_signal_enabled|bool | ||
|
||
- name: Ensure Mautrix Signal Daemon image is pulled | ||
docker_image: | ||
name: "{{ matrix_mautrix_signal_daemon_docker_image }}" | ||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||
force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" | ||
when: matrix_mautrix_signal_enabled|bool | ||
|
||
- name: Ensure Mautrix Signal paths exist | ||
file: | ||
path: "{{ item }}" | ||
state: directory | ||
mode: 0750 | ||
owner: "{{ matrix_user_username }}" | ||
group: "{{ matrix_user_groupname }}" | ||
with_items: | ||
- "{{ matrix_mautrix_signal_base_path }}" | ||
- "{{ matrix_mautrix_signal_config_path }}" | ||
- "{{ matrix_mautrix_signal_daemon_path }}" | ||
|
||
- name: Ensure mautrix-signal config.yaml installed | ||
copy: | ||
content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml }}" | ||
dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" | ||
mode: 0644 | ||
owner: "{{ matrix_user_username }}" | ||
group: "{{ matrix_user_groupname }}" | ||
|
||
- name: Ensure mautrix-signal registration.yaml installed | ||
copy: | ||
content: "{{ matrix_mautrix_signal_registration|to_nice_yaml }}" | ||
dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" | ||
mode: 0644 | ||
owner: "{{ matrix_user_username }}" | ||
group: "{{ matrix_user_groupname }}" | ||
|
||
- name: Ensure matrix-mautrix-signal-daemon.service installed | ||
template: | ||
src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2" | ||
dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" | ||
mode: 0644 | ||
register: matrix_mautrix_signal_daemon_systemd_service_result | ||
|
||
- name: Ensure matrix-mautrix-signal.service installed | ||
template: | ||
src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" | ||
dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" | ||
mode: 0644 | ||
register: matrix_mautrix_signal_systemd_service_result | ||
|
||
- name: Ensure systemd reloaded after matrix-mautrix-signal.service installation | ||
service: | ||
daemon_reload: yes | ||
when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" |
45 changes: 45 additions & 0 deletions
45
roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
|
||
# Signal daemon service | ||
- name: Check existence of matrix-mautrix-signal-daemon service | ||
stat: | ||
path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" | ||
register: matrix_mautrix_signal_daemon_service_stat | ||
|
||
- name: Ensure matrix-mautrix-signal-daemon is stopped | ||
service: | ||
name: matrix-mautrix-signal-daemon | ||
state: stopped | ||
daemon_reload: yes | ||
when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" | ||
|
||
- name: Ensure matrix-mautrix-signal-daemon.service doesn't exist | ||
file: | ||
path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" | ||
state: absent | ||
when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" | ||
|
||
# Bridge service | ||
- name: Check existence of matrix-mautrix-signal service | ||
stat: | ||
path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" | ||
register: matrix_mautrix_signal_service_stat | ||
|
||
- name: Ensure matrix-mautrix-signal is stopped | ||
service: | ||
name: matrix-mautrix-signal | ||
state: stopped | ||
daemon_reload: yes | ||
when: "matrix_mautrix_signal_service_stat.stat.exists" | ||
|
||
- name: Ensure matrix-mautrix-signal.service doesn't exist | ||
file: | ||
path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" | ||
state: absent | ||
when: "matrix_mautrix_signal_service_stat.stat.exists" | ||
|
||
# All services | ||
- name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal | ||
service: | ||
daemon_reload: yes | ||
when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" |
Oops, something went wrong.