diff --git a/coreos-config/group_vars/all/vault.yaml b/coreos-config/group_vars/all/vault.yaml
index a2d2453..3f60339 100644
--- a/coreos-config/group_vars/all/vault.yaml
+++ b/coreos-config/group_vars/all/vault.yaml
@@ -1,261 +1,310 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
-62363165313966616662613430333139383139313534373334303965633335376361333230363966
-6533343037343336386261333335626535613232363662360a626266663633633565623936316638
-63393365373530323933316131616662366562346339666366393236333461353438653137393630
-6335313136623630620a316666646266646333656137316462623664643634353939333665396161
-30303131363637383230346236613433613238643737636164396237386665343032323738326162
-66353265343732373265336431663538383130386133653064333063653733623439383664646365
-38653335336265653535396166316237613830623832643636353261623664316164373563373563
-64663739663032353966643165316135653835343337616539393336323261326437613037356263
-63333636363631393234623739653165336434306339633232623164323662646538373266316664
-39393537316639386162313137653466383763306363663066313835383264333532306331366233
-63623738343733626266323962346266356665656338333837333235373363306562396536333566
-30336666643763336537353234363564326437623462313064353662663964343834323039613334
-38663839366136633830366165323734666337663362643638646464306164333462386161623630
-31623764323039383132643163323462616262353064646635326239666232653162353066653664
-66396335383762376132653735306665626666343332396662383839376138663466363431646566
-32373465326136353465393263626138353933653734366337353831303261633231623335656565
-33303039393530333463313965643932636133666636353564363965343835313635656338303563
-39383939343362643331643964616130323138633934636664336237343136383264373232386265
-65643230353962653031663561326431313136383761636664636363353137306366396366613133
-39356235323330653934366461633733336138393932616530386563356162313939303766313439
-37623161323764396465613665353036306464313137356665626439643838386665633433663935
-35396435363137373665386466313163333130356361633632306236383530353635633639323364
-61373931643462343031346237303135373030666232333761666238343135653738363964356434
-36653533366131316164326631363835653363643463643430663731313632303331616431343937
-37373761316636316365633164383764616336366361393736386430393662326162653065316536
-63386334636463643639656364663331656132643461343064336362376537343063653464313336
-39626139383937323332313533663637623261633461313962353334356537613136623936633563
-35373566343561373839656261306539383839363661633064663836653836636464306439303932
-37643261306339343961313032613962623338666133396436306231316263346135313364363030
-30653838653265306365356161376662346266636264643865353139613439356232316662393961
-35663432383636663832346266633037333264383035356261323631323433313237366334663839
-38393536386466636265616239383037336631623831656335626266623865613434613837613335
-65346532343262363263333037623639636530623434383331613139336432373730366662396433
-38663162353438363037626664326436373232656164356337313336346363633732396136653364
-63373861343234656635643263666562633435323462353162643336323433346534386330646263
-62303364663861616130363465336431373836613336643466336264346433663930363836363533
-35393937383536393233383963613664306665363435326238386364666431663930636131333735
-64303762666234366661376330323730643038313134323031613261386435323139633637326133
-63613138303230373438626131633465306463616633383863356535353134383937653938343162
-66306633326466353832306461653132363262343335373862373866383833393331303535666432
-61313530313938333639386566313266636165306561383463383765303363363466366134623531
-66356639306638643165306539346539653436643931373861386237653163646337356131653062
-35393239663234356633343435306237636138653435346362643131373430663365343362653832
-62323665313865346135356562383663666563333166343263353633336338326135383134393835
-66333365326639656632653562323165616333663231616639323166613634393137386639383039
-32333663313363333235663461653437623630636633373563393935366434633362306236326263
-31353530393766626634666266336632356134376337343930316265356466393133626262653137
-38323635623832386635356133636638613631373939396637316338316236343663656335346262
-64663961383734306562303936653561333030323236363165666339626530653761633632376331
-61393334343538613835636261396232323061643431323963323963613263393266613165363564
-34646563396366613631653634316633666466316565613161376263623163353966613465336161
-31373333386262623864656336393063363166356133336336306438363666636432626531333166
-37613233346434386465376266386362636232373130653532653830326230346661316666373034
-34616631353563636463336633623062316461323464343965356365636561663630656162633237
-61356135643165373039393636313065326562396439623563303738363765393566366264386639
-30313930646332336234653863396661396363313331633339323333656662353238656462613161
-31623136326163643530306635363962383335306164383635613031306431363636396565306666
-64623437633535663332386365376237633336373036316239356635333165326235323163636537
-64376639356336363233643762653564636336653530636434646664313535303565663938376366
-36623039663632633561333432623437633838303961336663323336393236316433616363666664
-39666530653030646136346136383039366464376535313537366632373434363666653266306531
-61336336383037323638663564383534363531353234356332353236343834313039366433343032
-63623065333335663132333566376238383931653730626439663630363766373665393339616232
-64613263663431346235313065636664386164393234653136393332646463636537373465346133
-61623436373230636333656164373865646561356365626437356236656430313663396538323862
-34356565316231663261646233393265623966353232666631383836383537613664353238316165
-36396236363531363031316436313338613836666631333565646430356638373939366231396132
-65396136326666323931363037306665323033323966623865373261343834383839376630636331
-33653432333366396236623034313836633834373233303237356534343536663036643461313166
-61336335323161613136646266383137336630646664393566663339633262336336613534313361
-37376331623534323538373235633564643366616465323862326433313033656232626137663635
-30323032366461346662303032373938316239613839386132336336343935323233376634343366
-31353261346638393330633036636362373430613333653566326664323230373733396230316563
-61326462306362633330656134383764656164616261643561326161326233323236356536303332
-65636136613861613064663531353465656662366162343265333662656532663239643937313261
-31663864316266386532623436313339636134376564626339343365653461363839653239616235
-37633534316536373337643538376638373839633462626463323035323933376633633732393437
-38323931343339633839363566346234623238653834353739366538656630376266316339393465
-34626464343635323736376634653263313762326430353164323963633963646465386632323631
-37643938643462383637613431393532633137326336393166636330643065653834663065333731
-33303063326436323135356232396234336561633638633364303938623662373232633937656533
-37373039613738333632626262626561386565626330393038356533303964643831643139613465
-37386531663330393062383933653463643164336362353262353430663933313832623762633232
-33646430653163633833616234326663333861313630316535626362393539616330306161343032
-32313834633563313464643137363362636562313032393034303364313234636231663766383239
-66316633383131623332306161643234393238373735636565323634366336366638666532363130
-36373539643935333736613532303337653763643139396138306466323336386638346435626364
-61306665336332663433343434346365616431386366616236313633373733323733316238373636
-31643631316237356236613662363462326434323337306334306164653537366362633737353530
-39313738643963353534623562383161633431653833306533303464393530363433316535646331
-66373737383731396532666562323062313630636539646466623664626337353835356439646438
-61616661643361646135383364373534313531353166316430646264646637333564613937636565
-30363331366334613630643039616239653135323337383437393466623861643733643737383138
-38333732373564363562626638666262303231303561613665633562333338343430353533306336
-64303634373137306637643031376663623963376638353566363735323733393163383438333466
-36613262376133383034636639376434643362636330313134366466303435393563623139616434
-36653237656234666634383064396661323263666465643330623964346366643339636661663735
-32653234396637373866663534363866663037613430303534616662353231383837303166643537
-34346431316363373033646130313932353337643664643537396235376630363136303131616466
-33306532643063363366366535393865663665336465663431643038636530383336393439393565
-34663131383235656131303235663535383036353437663737306233613536646136616464663638
-39323936323737653732666561636634343264653434636661346331653235326638376162353264
-39353230313433666338656333373736373362636662376661313733386535323135376239653438
-37316331303336346335656534643735663935636139633439633738363839333766373037306464
-37303439623838643432356564326562383664343963386632333430623762323833333132643938
-66313231393633666237303532313462326561353431613539353261303836396662383930633932
-32653730376461633733363139336532306231656332613236616361316634373536623437353032
-65636639616531333165313864306132656535336566313438343833663665306232356436346637
-31626166386165336132313662343533343330303833316538643264303665343731373063633630
-65643264396433353239666164636635363861646235656533363533663064333833613463306361
-35396633323063376137336539663832346539396431363066613862623532313137346639303839
-32666235656465386162616437643763366463383866363235303136636432316230303036323538
-32626132396637633833633930653563656438313736613262383633653233656565633264346661
-37316633326465633165353263393561326164313463343662383866343166323239666439306463
-35656266656135313533633464643064666532653466643334303137303365636434643637393235
-65396266623562656437656336343035633737376534393136366230343731646135663863396530
-32666462653138363036633532636234623939393963613862623330343263313633336136636262
-30666564316265333131313663333035653164383237386334386139646231383638373765393738
-32633738356165613334656133656236643138303736306133303535643964663333633333333661
-31396663643261643031316432393465363133613933393136626435656661363038653166646438
-64663232393131343635643762366463623063653263626164363265356133303337636162653461
-38663838386331306131383234386435613430333334393166623935346666356533653463656334
-32643532303631353265366437633331666532353261313832353337356439626337613932616331
-63333939646635353634393134393963353462313039373239313937663836323138666364386262
-65626435393532343631313030303837666163613736333034373136653130346335623135383230
-38323534326561663562356161353263336263353636333163393137346366313232613531313035
-37316238326332623532666266373236383834643335646539353263396461663761326530386133
-38646134396636323230653132363937353634646162663165633330633632663337663166633763
-33633938373134613436633264356134323136366263336433306562316436313133636265363136
-66313565393965373038653730373233326264323633326230313738363634613636396566386338
-39323062373865646262666565613064626231643261346463653731386563633830663432393434
-61323631316465323964393439373337653064373663306164663064643566316235303132323663
-37353663393539393834346231306265353764366435646665306161346132663862663631623237
-35376637336230383239643931383662333837396634383465383766383739333961613865323761
-33353837343963663265393837366336636561336336376465383330366131366137616433636132
-33623431626463383031313335336332656539626132643634366664636637653331613035663039
-32636134376333326430343338333539626332633130383161643835613363343162613834306462
-35623835633330316365353165623466663764333661633864386539393639343463623939646334
-32323035323762613935663133333632316464303836613039393863613361373031353730393566
-30386562346330313365646534363464653730646161373036356465666433626334316633396538
-37303263316563626332313735353363623436666235363535323730666563366539363266313661
-64336639343438616338386338386363323934333631633838663436303137326334323634633138
-34643966663564663761306538346336633862613539616336366139623035656330626466373030
-36396532373932613365323462376235346138663433363535383335306230636137616531343437
-64376632653732383063346662323439343963386434383734626563313330343364343164623662
-31373365653730376465356438393739616430363562303838306466646630636362376661653139
-62373466386166656530346637303138396163316632313235643262383466643130323061393166
-33306564313661373164336435646430313538333162653536623439373866383033386135643862
-64376662643036326464336466363838653833353137333164663131343834383636653165383935
-64363665383461393030616133396465613132653530346433313065663338623434323466633436
-63636135313037396638336638316664616466626562363330666139393265356135653830386464
-66646137343763333339356535633264333532356235333630303837316639303239383764643761
-33376539616239643765356436336661313462333536633939326162666465633633376530383166
-63656436643963633137383864306463633338373837663366313865663562383331306633363132
-35316565653837643230333931376331643634346332376339353264393166623162366630373539
-33303830303437633765613362363662316364373335396137303332366665383964333961303934
-64396166393663613436386530363663643236306232396532613265333161353034306266363734
-30336363373435623534303537616436373063396465613536306535346263313062323136643737
-65613061653130336131336138306631383062356537623630626563616361636537666137633636
-37623263653932303966313865616266383830356361653136316561623139346232313832356233
-38373330643764663761643233366463396362303033306537336634346266633630383831366638
-31313438393237333864346464663830656162306664643165626565636530636361303265343036
-32653836353432656133633237633062333966343762643735326563626133346331303339316532
-32303866333932653266303036356465626237626232303862313235623463623337363764653335
-39616235353631363139613932643932316264653163333364616330373130363661343833663965
-33313634653666626235316130666534623066623936613261316364383131313065396636333863
-34306665633361653763386136333965383766346330383664656630616434393232393966303032
-36396261653365616438613465353763653763376334303439663532633962643934386331656434
-32313565306665633461393737333866376431376634313336353233633333383235326464646138
-62336436353333646333633932383139636631616537353839643836333663663338333836383963
-36323434646232393230383938643162633866313839623964636634373335653564376337383663
-62373231613931663832633235633538353936373062646537626263386462643662353230333266
-32613561373235646531333363303133636665353934653331333339326164633635643462656462
-66633364373438326666393133366133383765653634393139376238383037626636323032306164
-39353436346531376337363537633131653237333133636235623531613431376539616263656133
-33316562326232623437646333636230636662653531313836353566616263393935383536343933
-36323932633832626530306234343033623362353733373932663062346338363732363835613531
-66663364303133366639396137383235626530653332383032623762306332626164363936373838
-31633036656138623439373733636331366633333637303737333565383665646365396136323536
-33623032393036636663636137633464343438303664313866396132313435626565343535633331
-34663362346366646331643931376438343363626662353035623039666561373335363234636634
-61643131616563303965613262313466386264393764663361633938323166383462326362393731
-39356633363564636361373861343439386637613461313334346466303134363732326561353638
-63356134313535373037336134393235616638653536313430306332393339626532343137623863
-30623965613235373331376436326263376231323135363062356166623862663038333961623737
-65396330643735386536643930353264303231643734653532626166666364343632353535343232
-35306133333631376435666666653837333264323338643635316334366166346537363436633037
-65656439333338336438326537313262643463653165663264383261323961656538343837356464
-33666664663265396566373032633831336139353965303938373930643138343130346461626334
-63316465306561353530316166393765313839383038643065653332393562316134656263633264
-65646136383038326531613762333061616665353031633563616538613164613039653538623965
-32613435346661393234373534646362663361333637383436646338663862326663323066613531
-66643566323931366430343139396234303335626537663534363962366133343937643930623366
-62623163656335373761333762636637393835376565613832383739643433313462326630343134
-65303539336134643963633832396366383362333361386565383535333464656565343830633437
-37353732623436353962396362623336353633383366323537333839636536656639643435303165
-35656134353535666339643861316562336437366532356463623965613961356132333662343335
-38663165663036353865316564336532636232353765643263666266656161646565613162633263
-34663931376661383665616133613038363832303837653232373339363535616234366135343738
-37316465636132393164373530393137613961353138353732643032316537353638653436633831
-37626139636632303533666233376262653030613936346130636130326663356334656530373266
-36373062303532336434343735303836313930363233333637353131343761303933313233656131
-33393435323230636366306463346335386634366661356464326561376263306666363832636136
-66353332373038636636333830663233346362623562613438633035356238653430636230336564
-62656337396363623465376362653161376439376166306166343365363834613965646233303233
-66326565663631346534653861393561333866363937396335393639626139303361393935303161
-34303337356261646235306135646362356535356463366335306637616466633036303838343061
-61323439653537353438326364613630313836303333626361626339303766353234396135616330
-39613166333566623839383462336138316462303562666235386232353665613063353337353863
-39326366353436306664646265636466303838363166346437323561623437616238396665623038
-63366538623038383736343365383166303364623531656331323239393761633435353632336238
-65373030653030383866326466666631303663336565386362623566323938623832356335616662
-30373663363165626231343735303965633135383962366366373561663862333934363439363739
-34663837366331646462336664333937623563663931333734656162653333633166393938393762
-38383735663831343561643938363131303034303632333932663838306561386331393936646435
-33393930666161333838333766313532616362623837653966383635396238346234663335613738
-63393464333235303666646664383133303064656133316333666636386431396366346261363262
-37383363313434346262336163663135653465343238356264313633303130633361653065653134
-66356235353937346534313433383863393633326638383537353436386237656631323231333439
-34616431643561646532636666396432306264326136333332626234653938643766326661313265
-39636135616631393963616236633933653766383032666439366533306333383133336438376138
-38613635383137376362326665316564636464663735326161376336383530633730386532363033
-31626533383539396362346436646164393238356263386364613964336266633536636638656631
-65316538393164333363636166313036323433376564633834353430616134396434376166356137
-31633963613362656438356466396632386236393832333539646434353766346433376634306363
-35373833376135613337643936326239363330383539306439353562346262363264663439356463
-32633737303231316231376666663761393563356465333963643534383865636436363139316531
-37333538653230376131623937626336626165313733616463643038653866623830333137343833
-34613864366237313034323765393336346337613830313138393764613737633235653337323966
-36393361386439333238393665616431396432313538373435626463626431373336396663613931
-33356363346465616630626537343531343231336336373133643232383036646437393933646562
-33353630613530663033333539646565303533346561363066353566323130363864323233353631
-37373232633661666230343661653431313762353730323636633530333763613434656565326237
-38633433343431643262633164643632623532353765323266636137343132323265333962363937
-34393565386431623833353234646464316633646136333034626564383365373662653737666332
-30313831363833316333323964363336326264333034306437643938343233656261316137363466
-63326363613037643437653466653233626539333166336631333365633730336265656632656131
-63303639303665623737383535366164363763663266373361346434636361356437303332303332
-33333166373935643861303862336636613736346339336664393262626336363564613639316231
-63663531393737656332376265623533653366323936623330346433383039383330343566313532
-35653233323737393637316163626336313132326465386464626265316662643063626533383265
-61646362333634353436343139343032363462306566363431633432303264306461633439373564
-39616535393031333761336136396431353035323432313132303436626466366366613637613530
-61633465343138646463663162313565656535316236376565356661636265343562343462333633
-30316262346238616238323938333036313733633132656133633561383439373931393238376535
-31613264363863663432653733313437323539383532353166636137313662353333366166613862
-38383366306337333564333066636562306634326136306636383739363739326433626634626665
-35643534646232383838663231613833313261366439303362316231626631313964303836633834
-36303932623530626432306265616437303038653933356666656364623365626434393064363763
-34393734356266633362643638396135323631616562313161366433393633356535303537616564
-61353436353334613830353035313733613538336330663339393766333063653135373532666632
-39393663383231616632376331333535343563663363363463613836626137376266363739366138
-35623136643431323362383762353833333233316535643037613838396363633334656438343938
-39396634396232393935323165353563663362303934633863316566333439643130356631393039
-34663762353132393638663963356432363835643065633366336464363539653236373439303461
-31626234346365656337633964303161623533333838656662653036313766333064313839336233
-37633739323131643630323133353536626334366563303031333964356338316363333236613662
-31383630663536306262363761343164396661383630653638636638623734336262336339313264
-66653461626164316636656561653763366133373762313638343363383632393238333030643531
-30336466653963663739
+36363630663965616332643735633962316565343233376635656330393138623432663164336233
+3735346164626130313138393664383662326463393862620a303135323531383236376635313230
+61376530383363623136616462656562393365653137366333313439616561313035313130616134
+3764633636303862330a343033383763666462376130616263323632306264376633666536323565
+32366633633730343336313236336636323536363538386666396531373362613162653439343932
+31653331306633353866346232633362313064363439353662663033363635336362376262653839
+32633739663334343466613134343463323162343865353636646630666339666637633163626632
+39613130336530393934356639653331363934323366386234353230366437616433663538336562
+61643338333837323861313438666564386434363931393631393437383438643966323963323831
+33303938623235346337643765313131653432626631303630393831353066333232326364383865
+36333762653937646436306364616633643064653964316634613139383639323466393336323665
+33333134353433666563623661393761326265323238313562316436393633373630376564613230
+35383566663765613264633838396134323961316233646639353133383466343962373334646163
+32316336633033613563316238636263393537303136376337366463393537313130373132366433
+63353965356263623666656366376561373561316331623261386661656561346363366432323365
+65653564633834363762303161613437636531326163346235393937346637633433623534373138
+65383832393666323237613930326164626435633139326432383337316536383230636333613934
+35383638336165303839303764626235383163616262373935666563343333633235623464373130
+61326136626662643262633030356362303539643432346438343366386630373635643935373434
+32386233663066623930616564393938343239326334353134393038306337646138653931353138
+37616363623533336165653663323463393936626130333238376438623036616236656361313730
+35396335643239646266323238323138396430393466666366333136333062373639653966386261
+37363064313132333463333639666662623531656533353338623333616464383066333238656466
+33386132383530356135363132343330623933336436393463363265383863313633323930626362
+65623833386162353834613064353538653932333434373063373738373037373332666161663662
+66383136393334346237336435373762323231376234643637373332336461346438353161313937
+35386330393337386539623538303738653234303936343236336133373135353131346333373836
+35396330323630313030666432393066373966663433623462653039666665656531396534646461
+62303038373330306665313265613366333265313463353661623138616663393634623066643563
+65613237363839613262666138313534373835313636646434626433633962643733343533346238
+64633536666162633464623036353865336538336365353232333532646665313966393630616466
+63323863336431613065356663303638353430643830313863353335396531653439356538623066
+64316139643163613736343637323131303533396335366339343238613730393832653735383333
+39393461663665386464656634303563313762316164386337313365316237303532343736643530
+65323532333834666366623236653432323664356434633330636465636633626434633266396634
+63336365396161313835626164663064623330646438396636633938333133306162313563663730
+33373862666364643966636131393162303837616338396462356134373238633937633230336337
+32333733623966383365316434373637353164353234653437623732663233313062643034623837
+64653531373731343231333832653865663932353530303837366430383330353839303038316338
+39373964366362383661646338323665393639336235653466313732333264663230313365623839
+30373239303631663963623865306661616362373036306466356239383666383939336563643465
+37616639346533633630316237663232363561623234363261653562393139653330396361353131
+33393434373437386461356366363061663338356439333832616432626337396639313536326566
+66363537623733336339353332393233313264646534353166333533643737653631366436616636
+63323965313337363761336663643839373562613936323063383832613239383561393033363531
+64383636306364303737653938333832353337393535346434633835303232643338333930353036
+35353464366361313737303038316330333861613930343038303062353737303335383263393334
+30613037353765356463653064396266323162633837366133656438376661353033376336333032
+62663238373531313836323139333261353662333637343835636666346430646664613264396462
+33636262333463323665313335623838663530373866656266386232663235326666333237616330
+39653937666336633835386531646331346563616466353266653738356232343064633135346361
+33313236363936626261663964613139336163383761306536353465396236323836376135653233
+31653961363832383632353437643934616266646537303035313035326238313134623933353733
+38363737323466313734393232383532306136653731656261316134653962323937666134646664
+30663734663838393537663038643462303132616136626561643661306333366366306432626163
+35313463326232396637383432326362656362616630346461626438363935393137396636353831
+65343932326536626164316334353562373437626663303464306634353939316338376566653237
+30643539623161323166623464346563393431326362323432613734663535343638363336323633
+36663766343733386162303839326534656535376364333530313261343561623831373038613535
+65373339393666343638646536643665313338313831313663373831636636366164363366326235
+63643961356636343064646438353363643636613436363631643433373437643539393330363732
+62653639643930303366346631353137383131326465393333613539646130303966306439383366
+33333639656263323564613339616536383836313036396132643731353162313334346462323438
+32653662613963613536333532666132333432346430316434636161643736316564636565633935
+36393065636431646366346135373239356638623236616666396232643164653033376666623436
+65393938323965616532356430336131633666386634626233363739336637636262313764313665
+36633835333735626531386631656665323661626234383737396339656337363965353135646565
+33316530646336666534353964366663366164336365356435336534653535643864376266306439
+39633335623064343866646466613239313438313363366233336663386638343639643030653830
+62376132626132393266653136633066316334633133613734306133326666303439373664356539
+62636534393434366664323530306566333530396133323431393965666538316439336636623731
+61313361653564316533383462343031633666663730636139656662646165336363396531626436
+65646630666430306563646436656561653438396430653836396434363339626535343136653264
+62313337363931346662313936363631396633363331656236316163613663363533636262646538
+33326434326662643665313264353263383130633136313166353362666331393235343937343731
+65666133346232616432343438346663313037356165636338353361373438663466303763316464
+63316333333865646131346365336331323937663461656139613730663862613935653532393061
+66386663333763646364653333316230353862306432646336323439333537613539363762353838
+62653839633463616638646530653963626532633864636339343830393266366334623766356465
+36363638396331613335356465383937333937663931393864663035383561373633373662316434
+37613861613637386465626166656366366133623866393132323330623366373962323930663538
+32613134363737356633333936373430633461633634366339623735613832346462383361666462
+36643266653066396638663839643138323233393936363937333061653134303766343765373032
+35316138363534306436643163326439613536386331656139383165623239656336343136663964
+36383836623638363639383532303439653663663832666266656631303639373164656462313237
+64373135356435643765386663623536346363623338663838666664323766653631386662646136
+62323331383332616266636464633836643330663962656234313634373361396135656439656232
+37323734643337656363626465356138663437316634343336323232353736396231333530633836
+61626336643433386262623539643661356234613861626531346165623761656164333163383735
+37663862356263613035633663646535303432663330306339303562343065616539346262663231
+63353262646330666261383262663437373431626361373461383838363331303531396366626233
+63656538353662636538376635363838353539646138393634643161313365316330313964316463
+62633430346136316361323865376664613334663139663834393264363333633239613164616532
+65653565363161666139303766353730333935303430393533656461303432653835626232323664
+37353634376338366136376239386236336339386231646434343964336461396563353762306539
+33663465393134393038653563316561393062336233366166336463366235353438313335633463
+30333461383261316534383163353663363833376231363637356165326665623663656439646462
+64663534306531333563323931323639393235623661383334616161316238363964646430623332
+38326132393264666439656235333363666439613534346435303339363239353436303730353832
+66643266623263363431636430346234643361383861303133336463323634643034653166333230
+63383463343062643631313631663632396662623435356532626630613138626166376133636632
+64616632633162306335616162333164633239653331653162323930386565353563333366373062
+38663331356130353765316166333833623363326135356630663632393633616432396638636663
+63396234316235383037303964356133363732633533363239373264333061356235626164313137
+66343238393838336232373333356530303362343031333666636263356237613564663263383036
+34646531383733666231326137633931303364633365643461633032333561373831316335326561
+64346363636137373237383661346232353331323431613362306638366431323431303332313661
+39656663383032623632303961646462323433363632316338626135326134666533633461643265
+32303031323636366138396263363435336165653330373434343434303361386530373166303631
+37623936373930363665353936613463613236316164346636393665623436386636333931336532
+35633436366235666533363664376133373761373064393239366330343963373865386135373933
+34306363656530333364636565353166646562376666643563626437353030343537313830376531
+38633162366465306636386231313261363161653536356265343235653765383135343035376564
+38326339626661323139663833333239393662663466623632383638313134653234343961353563
+31303439363138333964303834363634623337633732633136303535346538383566356565303737
+35336266353637646465353337656461356635613066666135373964343766653430343362633734
+62343661396533623732666465623031356162306366636535643035313037336533386233316234
+37346238363035363834373031353532666261323731613237343561626638386161633136653433
+33623936663466653034376334663565386235396638323962303262313033386637376263363563
+63303339623139393865626236393331383065333631346434333336666234306162393038303835
+62356538616462646531363238306661623137363863353536636338353135363637373337363939
+39323730356234313236333239376535363138303866343935633732323630626532386263376337
+31653732653463326432663338653131653439363236316532303830323961393233656536373231
+66336434306230373838643835646163633461643534343065333532323935613939626639666532
+64336532353766323534376531306462313363316566383465373538636334323331653965653933
+37633861373633396432316338303235373230663965353461316331396562653130346539643464
+33626133656235336338326339626437383762663464313739623165626138633636633465306130
+30623335323461313634376231373339383231366463353566373736633134343239653563626662
+30323231313566323136653631333666366433303464346432613164613131626662383262636431
+31623239303832366664653239303032636163333664316265356237356136613136313165303162
+33613839373133313534386662356165636461653733343731626466303333643235616430343238
+63393339326639383934326333356332396130373461666463376339333132346565646138333135
+38623065343832646631373939303130643738646231626164356234666139633639363830333931
+31353066346163653934313133306232376361343063633230626564313631656133316233323965
+63663733326438393663303733326463656230393930663133373335326234646631366238303366
+31393237303735366364303537303665383339373230653634353266316137386432343565373033
+32393332663433666264323638626561316461316261623333613437356536333530383431636331
+36323264323361633664663464353631663265383536616639663836656566343138623539623533
+38303635656530323362313230653439373639383235623263616430336265383763653336336364
+62333837616132336632623266616539663631306561316337303233623738343130663365623662
+66363333646665633532636439386330663136313765353433663461363133303231373431636132
+31326366646538666630333534613862306663666537313231353761643966373761643932623761
+35646137303361303666363438373362643332373866633637633064633239373364313432313831
+37373937363133323965656538333866346565646563616230623438366562353035336162313764
+62366466666263393235323834663463363136353338323537323866376634356232323336626633
+66383334373534613734343764313565303432353963396539356662363863316665346565326332
+34336137326534323531323233373834356639346566386362613963623263393464663765323862
+64333036623566306536616635666335316363323635326533343062616634333833666234653164
+31383937656537383234396662366538613433323763353336653233656636323962613739313937
+64343332616662393535613133316138373863336361333665663131666338316133383434366230
+33383762313230626338646135633932613537363136336231633936366662633963323564336136
+35643037383135323630346264353662383836326637353462666434383561303464363734646462
+65646338653963353333633830636561353537326366636265343037663461643264333365323038
+65396335616666396133393835346133326161666461306537343538373235396433666661633861
+63316534393134613861323739666135643434333836336539366135393736643236343662303135
+34623366643536643765333536373066643662636164613365633232636164383765653735326531
+36666631623266323337643432383965393637373636306539663565383533366535643634613430
+31343638313739646139396464323630356362356162623137313439383039376438633732376461
+36363132333632336566666462646639653530343363616538366662346437336236626566333466
+66653362323633393666363565653266356538623133666664626465613938666332333035613266
+30633335396364663138626233666163613037616134333266363235306563333363336637363661
+66666264323438393038393665623262643663623833376235306631653864343030363161313863
+37333133333861623830653738356439336336376661636234386235356563613737636265613033
+62333136613236333536663366313863333563636262666533326130623065636438656130323339
+66333439303734353431323661353964623134366533616362383163303065386130333238313838
+61646436636165616233663431356136383764616434396333646537656234356337636335373866
+61396666666433346430343331646665313235336263326136356430643038313734326136653234
+33316432323065313465626366656135613439636139623464313862373538626536313830626531
+37373637636334623531386638626131376662616465633461366662333539336661343734366130
+63316131306634323562363565373636356531363861306630646461356431613766353639323235
+61393030626537346235616132623764363365663930373361656666373737356139353330393031
+61656139343166623033383137653466383330356164633532623861626663373139363734383664
+61393631326532373030323838316435643963396630623935383331336531373432313962663633
+35666562396161623930393961613137306137656362333036313365303031636364663539326432
+39643133353133373932656636663364646232306436346430356261343939376539363666343639
+33656238626636613763353666653337323435366139343435643430643134623966343366383162
+31623565326134646565313634353538643632343162626130303831306233393738343330636263
+30336266373639353237306639356466356161636132633666336638323632313261346338663537
+39356439656661396132663934616161663765393131323036363234376335303065376433393738
+63326463303736353034306236336666356134363761393732636236626631666331666465653564
+35376166643731633630373063623031626266656132613264326238633834303064353631323738
+38353964333039623538336165636539393961633632303265346637306636653765646264336537
+35316662386663643333333039373433353732363739656561383961346532346362343136393932
+30333735336335333131663161393730633937393564366433396562663335616437373230613434
+66666534373631346162383764666330613063336638323832346434373363356166656664373432
+61313231316438623531363934386435613533326566376662623533643036373462636130303063
+35396136306535656630663834646561333765633034333234353665613837663864636637376565
+37323966376138333062336162363265663632653963333065356665613365326563643362316432
+38646630323061356430646466353065323263373231336663336433336565303862336564316237
+32393032363531386639333034636131653433386634363030373165383131343763616131343536
+66396361633238326232643532633834636333343433626132396335656563343866626263313239
+64323366366162353466656263383263313365383639643462386439666531396261336231643033
+38653133646330343836303332303932386266313465663538646533313062356661363335333536
+65353465326531643739336235373961613938353035663838316133633966343265336261623561
+61636265333036653432336165646134333436363461386430353732653032366433316566643835
+37393935326232323561346434376533356330383031643635383036623964336136333063386436
+37666364363566646362353030363264613431383134383534343630306465306332326130333532
+39343761336266323231386665373130633434386136316235616138303137623739336232336535
+37336333666132633633666331396463323234356231373230326133333431666430633936356135
+37616431626464376666636239393462643464316363303334633339303036316561333861303232
+63613030656332303364383138376237636231356637343434643136323932626233363961343265
+30373961376561626266343630623265623134636637373764373836336139356132663964626136
+38626536396234393436326265333033313830653635396436393365653562343437366236346633
+66373136326438346535343632373865303638383939613437343361626231326266333462336263
+63386538316438353464633262623064643961653236343935616161363239663066303961646362
+30666231346431663831306264366435396266333337376363643937643363613665613139633338
+65613761613631376636653831323030353037633566663136303533366332346264646335366539
+31626364333661666330343535626632623061346635383261306332396438653639363638383665
+38326330383962343736393836366330643566663965626333646636653030613233313935653161
+33633266666339653839616462363863313461343065366431656234663235643530366333616437
+30613337326139613762656539313831393035323962316634643834666637373435333635613030
+33386136346661626435383365393737643062383633393464323963636366363432303533356364
+36383931383165646432616562376664383863366265363039303538303239353433613938343963
+31306266646133346663353033633566396530653162393432396139643839396564353934373339
+35366137646432306339336463636161613831636264343064623833353834353061326562313932
+62343838333332666233336264336139623931636564653632396665623162653337316532333631
+30303233653533623135323335633136333736363261306331336439383165626539663733356636
+65633838656236663932316664393562303332393561383837303064366231393537396331623332
+34353438373962613033316332313932313439623636613733373833363039316234623663313338
+31633666613136336237396264333232303538613863326164636137653230383534643139373033
+62313065313334383539643234376230353131626639306561623263663332376462353930363839
+63636365373838313262343230653864396131306536613832323361623037376261633564663337
+36373462623963396366613637343866316464633362666336366637376535343334616361393936
+37396533356230313030333138353838323962306331663834326236353662303034623930653466
+37656464663035313565346130663361366161386433343365386364366230636131623730383931
+34653139646531313931623635653537323261373334396137656336323337626364326365313134
+64343235623738343630613436353862373831386530623061666337346566363130653231366337
+61346137326363363361643966646564303664666137323865383466613930363230353730373466
+62303666643863663033336133653164373563373863323161323936376436333661613165623036
+39356662323131656539653931643363356264623739363662626634376435336332373836343239
+36383238623231343339646231303465343565383432653436663363616136323833616563633563
+35616261376562626137613330323436393261313963626661326161643739346531323739663461
+30626361383335386332336466333236386236646435623837646631356537623632633963393036
+30666261653139376463313163386364373963323261663935366566366231353637303561336363
+31343065323036396639636534303934363330646462396633383465633663376631366564383131
+32343862356233383336656664363562363266353166386166616235633533366635663965343561
+65343132343263313330613163383431623537353666396637316631373361656332313134393034
+36333663353862353162373535643330356630323061613634363133316533383035643166633837
+39616263663866353864303964323130323432636661356363303861626264613535326437316537
+64313263386366666266646134663661626534636463626236373033613936656630343064323763
+38353638353031396631366338656636376661333766343431383462396437303739363039363531
+39353664353939353033656537643964383536303962306162386133326232613939383265353161
+33323030333162393136633835303032363938633938643430343966323534376338383339393561
+61366439306434316431343937383362633931616432386665353632636433383937356461383137
+31346132663636366164346437656337656630343431333937633738623064643564643763343162
+30373537636562623861326331343134303339663933333766353938303261366266653532633134
+36376533356664653065633362383835353837383939616633376362623236313264366165346434
+35653963653030653233316134393037383433613363373863626633313362636238393432316432
+30323338346439363264646230346636646665303333363762633462333662336330336237623164
+65396262623230373438353539663138616333383036353832323062313736616338393633323435
+64303031333531363830363862343665313763396534653931653930353963623666613433306335
+63656331616264666462633663333461646333353362313033636361373036623165383032306164
+62313330356665303765363931346635643166316263386531313137323737383334343238363162
+65336333353766636466666630326233613166626538646238393337663138383864373339313265
+39326339333932346364663737623430363031393733323338396533316165643334626535626338
+61376664363163316261633366663238356439373036633866623337326138393531386631643732
+66353731623362663565303039623234373938346632663732353161613838373935303062666333
+35623732386330303335633065383539326435313234396463653434396462616665376130633332
+61303864343763383531623565383836366435373261616134623335343034343562363866663439
+62353335306565346331353431333837373931333631636663613963653035383061383066623765
+36376639373664303961613462383464393764313234663530383236333262306164653566303832
+63356234333534393264613163303732613264333962613864353664636338656163633333613432
+66313039653936643936633161366135346432623238356438316539343031333765643039646131
+62326361386132646439633666336433393162383231653030393531666439303862333364623139
+31633538343431333565626235626564626663663432326336643365656630626266306238666266
+39393239613866383966386364353364386533306334373361363763393639663465373863353635
+30383736646633313765613935363864306665376131633734326237656637353363316165373765
+64353138646566376532323036306238616637643435386535653237356365386633303435313038
+62313036326631303231626535373837613861623133623763333030616562356633636562383530
+38386530626530323832623636313363343734393865363830613661343431323935313862356531
+32623064663164356662613736643562663434306339373836343331663266366664646264373465
+36656162316662663030663161373632346263326265393830633064346333646139656330663332
+64333033393834336265373763353236666536353466643331376531383461636362373632646661
+31663739396239383538303338336133663237336439326565316466383538306632663034613238
+31333930613963323031383933333962663066306664313365386531643666666232343165346332
+32616566323538663031653338623062353031343239303265313161626361646630346630306634
+61636133343636303463663966373839393164653135363236366666343330363632643466653632
+34333431663039376531663733653138336136663466363861313664383563303031323764613437
+62656261643634336664323563316130343036623466386335396561383361306337333231666133
+36326130643132633030626263633766616266643237613438373137653763653764366334386365
+64643636326263366533623565383136326339636331386162626661666539626465343038626539
+35623536623736303930313738623631306563373366616665303565386133613339343062623335
+66613030333838306265383138653761643763323064663937653461616564646637666263613635
+38396664636139333037633965643730646538633565343862363763323530616563643439616463
+65363436656533663630643938633466386565363761373239386337323434386337636235346562
+65613731396265363239653632386566633863663735366339646438666536633930323031376565
+62323663663138373633666539306333323535376638346566326463343135663339643831383232
+35356164323932633937373064316332616135343339613238373330666535313965336433346565
+37343862346530656365363466626434343066663265303330646237316161343733353861633365
+30383035306165353365623164363462353964663332316366356162373337613533323533663634
+38303631316565343535633631663837623433643362656161316532383165363731653633616531
+32653733343439386232663362653332373430633261333566653333383930316161353031613436
+63373261333035313461356562366133613034363239363338636337313737326265663931353266
+30656264386139363331623630303932393631333238393266326263323437386136613663326637
+32373931353733313564343730653135633164353636663564343330623232313934356132643062
+62636561346232313766633630636134626362646130303637353136336131333130356537623933
+62363633336564313563643938376364336139623261373130656334336565343035343632633035
+30373030386432626636316662393766383462666635653464393066303166393133343666666437
+30646664343331653362663131306263383937626235346362656262633237303733366364373165
+34356334353366626432343038326634323864323762373036393263613533376330366532393735
+64323263303964376236343538306166616364663663643062316436373536653533633761363437
+31333231326366653531356530333335626537613238396430353430643338333064313131373533
+62643164613062353536376337663765636664343365376335666230663339623738623630316433
+34393161303166373333613434396439363332383935363038633131356163383833366535373838
+38363464323137343565663461383265326432336461326431313964386535303763653636353636
+35616561393334353863303435643033623935613836346439663932323466363462393064663135
+31623135653732383930666462613465366637333234343530616532643238643766623866396337
+30656137666235353235623261653762333330663738633630636138353230383966353330613765
+3837
diff --git a/coreos-config/playbook.yaml b/coreos-config/playbook.yaml
index 673bc50..a99b76d 100644
--- a/coreos-config/playbook.yaml
+++ b/coreos-config/playbook.yaml
@@ -106,9 +106,11 @@
- { role: compose_project, service: minio }
- { role: compose_project, service: registry }
- { role: compose_project, service: gitea }
+ - { role: compose_project, service: ba-gitlab-runner }
- { role: compose_project, service: wireguard }
- { role: compose_project, service: hedgedoc }
- { role: compose_project, service: miniflux }
+ - { role: compose_project, service: matrix }
- { role: compose_project, service: nextcloud }
- { role: compose_project, service: search }
- { role: compose_project, service: syncthing }
@@ -118,5 +120,4 @@
- { role: compose_project, service: thelounge }
- { role: compose_project, service: tubearchivist }
- { role: compose_project, service: watchtower }
- - { role: compose_project, service: matrix }
...
diff --git a/coreos-config/roles/compose_project/templates/matrix/docker-compose.yaml b/coreos-config/roles/compose_project/templates/matrix/docker-compose.yaml
index 7d2d5ef..0e16ce6 100644
--- a/coreos-config/roles/compose_project/templates/matrix/docker-compose.yaml
+++ b/coreos-config/roles/compose_project/templates/matrix/docker-compose.yaml
@@ -5,6 +5,7 @@ services:
synapse:
image: matrixdotorg/synapse:latest
+ user: "1000:1000"
# Since synapse does not retry to connect to the database, restart upon
# failure
restart: unless-stopped
@@ -17,16 +18,26 @@ services:
volumes:
- synapse_data:/data
- ./synapse-config:/config:ro,Z
+ - ./mautrix-telegram/registration.yaml:/data/reg-mautrix-tg.yaml:ro,Z
+ - ./mautrix-slack/registration.yaml:/data/reg-mautrix-slack.yaml:ro,Z
+ - ./shared_secret_authenticator.py:/usr/local/lib/python3.9/site-packages/shared_secret_authenticator.py:ro,Z
depends_on:
- db
+ - redis
networks:
- default
- gateway
- backend
labels:
+ # FIXME: /_synapse/admin is exposed.
- "traefik.enable=true"
+ - "traefik.http.routers.http-synapse.rule=Host(`synapse.{{ matrix.baseurl }}`)"
+ - "traefik.http.routers.http-synapse.entryPoints=websecure"
+ - "traefik.http.routers.http-synapse.service=matrix-synapse"
+
- "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/_{path:(matrix|synapse/client)}/`)"
- "traefik.http.routers.matrix-synapse.entryPoints=websecure"
+ - "traefik.http.routers.matrix-synapse.service=matrix-synapse"
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
db:
@@ -37,10 +48,10 @@ services:
- POSTGRES_DB={{ matrix.db.database }}
- POSTGRES_PASSWORD={{ matrix.db.password }}
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
- volumes:
- - db_data:/var/lib/postgresql/data
networks:
- backend
+ volumes:
+ - db_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
@@ -61,12 +72,98 @@ services:
networks:
- gateway
+ element:
+ image: vectorim/element-web:latest
+ restart: unless-stopped
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.matrix-element.rule=Host(`element.{{ matrix.baseurl }}`)"
+ - "traefik.http.routers.matrix-element.entryPoints=websecure"
+ - "traefik.http.services.matrix-element.loadbalancer.server.port=80"
+ volumes:
+ - ./element-config.json:/app/config.json:ro,Z
+ networks:
+ - gateway
+ - default
+
redis:
- image: redis:6.2.1
+ image: redis:latest
restart: unless-stopped
networks:
- backend
+### BRIDGES
+
+ mautrix-telegram:
+ image: dock.mau.dev/mautrix/telegram:latest
+ user: "1000:1000"
+ restart: unless-stopped
+ environment:
+ - "MAUTRIX_DIRECT_STARTUP=1"
+ volumes:
+ - bridge_tg_data:/data
+ - ./mautrix-telegram/config.yaml:/data/config.yaml:ro,Z
+ - ./mautrix-telegram/registration.yaml:/data/registration.yaml:ro,Z
+ networks:
+ - backend
+ - default # Needs to contact UFOs in the sky
+ depends_on:
+ - db-bridge-tg
+ - synapse
+
+ db-bridge-tg:
+ image: postgres:15
+ restart: always
+ environment:
+ - POSTGRES_USER={{ matrix.bridge.tg.dbuser }}
+ - POSTGRES_DB={{ matrix.bridge.tg.dbname }}
+ - POSTGRES_PASSWORD={{ matrix.bridge.tg.dbpass }}
+ - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+ networks:
+ - backend
+ volumes:
+ - bridge_tg_db:/var/lib/postgresql/data
+ healthcheck:
+ test: ["CMD-SHELL", "pg_isready"]
+ interval: 10s
+ timeout: 5s
+ retries: 5
+
+ mautrix-slack:
+ image: dock.mau.dev/mautrix/slack:latest
+ environment:
+ - "UID=1000"
+ - "GID=1000"
+ restart: unless-stopped
+ volumes:
+ - bridge_slack_data:/data
+ - ./mautrix-slack/config.yaml:/data/config.yaml:ro,Z
+ - ./mautrix-slack/registration.yaml:/data/registration.yaml:ro,Z
+ networks:
+ - backend
+ - default # Needs to contact UFOs in the sky
+ depends_on:
+ - db-bridge-slack
+ - synapse
+
+ db-bridge-slack:
+ image: postgres:15
+ restart: always
+ environment:
+ - POSTGRES_USER={{ matrix.bridge.slack.dbuser }}
+ - POSTGRES_DB={{ matrix.bridge.slack.dbname }}
+ - POSTGRES_PASSWORD={{ matrix.bridge.slack.dbpass }}
+ - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+ networks:
+ - backend
+ volumes:
+ - bridge_slack_db:/var/lib/postgresql/data
+ healthcheck:
+ test: ["CMD-SHELL", "pg_isready"]
+ interval: 10s
+ timeout: 5s
+ retries: 5
+
networks:
backend:
internal: true
@@ -75,5 +172,9 @@ networks:
volumes:
synapse_data:
+ bridge_tg_data:
+ bridge_tg_db:
+ bridge_slack_data:
+ bridge_slack_db:
db_data:
...
diff --git a/coreos-config/roles/compose_project/templates/matrix/element-config.json b/coreos-config/roles/compose_project/templates/matrix/element-config.json
new file mode 100644
index 0000000..dc1294f
--- /dev/null
+++ b/coreos-config/roles/compose_project/templates/matrix/element-config.json
@@ -0,0 +1,74 @@
+{
+ "default_server_config": {
+ "m.homeserver": {
+ "base_url": "https://synapse.{{ matrix.baseurl }}",
+ "server_name": "{{ matrix.baseurl }}"
+ },
+ "m.identity_server": {
+ "base_url": "https://vector.im"
+ }
+ },
+ "brand": "Element",
+ "integrations_ui_url": "https://scalar.vector.im/",
+ "integrations_rest_url": "https://scalar.vector.im/api",
+ "integrations_widgets_urls": [
+ "https://scalar.vector.im/_matrix/integrations/v1",
+ "https://scalar.vector.im/api",
+ "https://scalar-staging.vector.im/_matrix/integrations/v1",
+ "https://scalar-staging.vector.im/api",
+ "https://scalar-staging.riot.im/scalar/api"
+ ],
+ "hosting_signup_link": "https://element.io/matrix-services?utm_source=element-web&utm_medium=web",
+ "bug_report_endpoint_url": "https://element.io/bugreports/submit",
+ "uisi_autorageshake_app": "element-auto-uisi",
+ "showLabsSettings": true,
+ "roomDirectory": {
+ "servers": [
+ "{{ matrix.baseurl }}",
+ "matrix.org",
+ "entropia.de"
+ ]
+ },
+ "enable_presence_by_hs_url": {
+ "https://matrix.org": false,
+ "https://matrix-client.matrix.org": false
+ },
+ "terms_and_conditions_links": [
+ {
+ "url": "https://element.io/privacy",
+ "text": "Privacy Policy"
+ },
+ {
+ "url": "https://element.io/cookie-policy",
+ "text": "Cookie Policy"
+ }
+ ],
+ "hostSignup": {
+ "brand": "Element Home",
+ "cookiePolicyUrl": "https://element.io/cookie-policy",
+ "domains": [
+ "matrix.org"
+ ],
+ "privacyPolicyUrl": "https://element.io/privacy",
+ "termsOfServiceUrl": "https://element.io/terms-of-service",
+ "url": "https://ems.element.io/element-home/in-app-loader"
+ },
+ "sentry": {
+ "dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6",
+ "environment": "develop"
+ },
+ "posthog": {
+ "projectApiKey": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO",
+ "apiHost": "https://posthog.element.io"
+ },
+ "privacy_policy_url": "https://element.io/cookie-policy",
+ "features": {
+ "feature_spotlight": true,
+ "feature_video_rooms": true
+ },
+ "element_call": {
+ "url": "https://element-call.netlify.app"
+ },
+ "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
+}
+
diff --git a/coreos-config/roles/compose_project/templates/matrix/mautrix-slack/config.yaml b/coreos-config/roles/compose_project/templates/matrix/mautrix-slack/config.yaml
new file mode 100644
index 0000000..ed775de
--- /dev/null
+++ b/coreos-config/roles/compose_project/templates/matrix/mautrix-slack/config.yaml
@@ -0,0 +1,231 @@
+# Homeserver details.
+homeserver:
+ # The address that this appservice can use to connect to the homeserver.
+ address: https://synapse.{{ matrix.baseurl }}
+ # The domain of the homeserver (for MXIDs, etc).
+ domain: {{ matrix.baseurl }}
+ # What software is the homeserver running?
+ # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+ software: standard
+ # The URL to push real-time bridge status to.
+ # If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
+ # The bridge will use the appservice as_token to authorize requests.
+ status_endpoint: null
+ # Endpoint for reporting per-message status.
+ message_send_checkpoint_endpoint: null
+ # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+ async_media: false
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration.
+appservice:
+ # The address that the homeserver can use to connect to this appservice.
+ address: http://mautrix-slack:29335
+ # The hostname and port where this appservice should listen.
+ hostname: 0.0.0.0
+ port: 29335
+
+ # Database config.
+ database:
+ # The database type. "sqlite3" and "postgres" are supported.
+ type: postgres
+ # The database URI.
+ # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
+ # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+ # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+ uri: postgres://{{ matrix.bridge.slack.dbuser }}:{{ matrix.bridge.slack.dbpass }}@db-bridge-slack/{{ matrix.bridge.slack.dbname }}?sslmode=disable
+ # Maximum number of connections. Mostly relevant for Postgres.
+ max_open_conns: 20
+ max_idle_conns: 2
+ # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+ # Parsed with https://pkg.go.dev/time#ParseDuration
+ max_conn_idle_time: null
+ max_conn_lifetime: null
+
+ # The unique ID of this appservice.
+ id: slack
+ # Appservice bot details.
+ bot:
+ # Username of the appservice bot.
+ username: slackbot
+ # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+ # to leave display name/avatar as-is.
+ displayname: Slack bridge bot
+ avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
+ # Whether or not to receive ephemeral events via appservice transactions.
+ # Requires MSC2409 support (i.e. Synapse 1.22+).
+ # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+ ephemeral_events: true
+
+ # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+ as_token: "{{ matrix.bridge.slack.as_token }}"
+ hs_token: "{{ matrix.bridge.slack.hs_token }}"
+
+# Bridge config
+bridge:
+{% raw %}
+ # Localpart template of MXIDs for Slack users.
+ # {{.}} is replaced with the internal ID of the Slack user.
+ username_template: slack_{{.}}
+ # Displayname template for Slack users.
+ # TODO: document variables
+ displayname_template: '{{.RealName}} (Slack)'
+ bot_displayname_template: '{{.Name}} (bot)'
+ channel_name_template: '#{{.Name}}'
+{% endraw %}
+ portal_message_buffer: 128
+ # Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
+ delivery_receipts: true
+ # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+ message_status_events: false
+ # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+ message_error_notices: true
+ # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
+ sync_with_custom_puppets: false
+ # Should the bridge update the m.direct account data event when double puppeting is enabled.
+ # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+ # and is therefore prone to race conditions.
+ sync_direct_chat_list: false
+ # Servers to always allow double puppeting from
+ double_puppet_server_map:
+ {{ matrix.baseurl }}: https://{{ matrix.baseurl }}
+ # Allow using double puppeting from any server with a valid client .well-known file.
+ double_puppet_allow_discovery: false
+ # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+ #
+ # If set, double puppeting will be enabled automatically for local users
+ # instead of users having to find an access token and run `login-matrix`
+ # manually.
+ login_shared_secret_map:
+ {{ matrix.baseurl }}: "{{ matrix.authenticator.shared_secret }}"
+ message_handling_timeout:
+ # Send an error message after this timeout, but keep waiting for the response until the deadline.
+ # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
+ # If the message is older than this when it reaches the bridge, the message won't be handled at all.
+ error_after: 10s
+ # Drop messages after this timeout. They may still go through if the message got sent to the servers.
+ # This is counted from the time the bridge starts handling the message.
+ deadline: 60s
+
+ # The prefix for commands. Only required in non-management rooms.
+ command_prefix: '!slack'
+
+ # Messages sent upon joining a management room.
+ # Markdown is supported. The defaults are listed below.
+ management_room_text:
+ # Sent when joining a room.
+ welcome: "Hello, I'm a Slack bridge bot."
+ # Sent when joining a management room and the user is already logged in.
+ welcome_connected: "Use `help` for help."
+ # Sent when joining a management room and the user is not logged in.
+ welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
+ # Optional extra text sent when joining a management room.
+ additional_help: ""
+ backfill:
+ # Allow backfilling at all? Requires MSC2716 support on homeserver.
+ enable: true
+ # If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
+ # Set to -1 to let any chat be unread.
+ unread_hours_threshold: 720
+ # Number of messages to immediately backfill when creating a portal.
+ immediate_messages: 10
+ # Settings for incremental backfill of history.
+ incremental:
+ # Maximum number of messages to backfill per batch.
+ messages_per_batch: 100
+ # The number of seconds to wait after backfilling the batch of messages.
+ post_batch_delay: 20
+ # The maximum number of messages to backfill per portal, split by the chat type.
+ # If set to -1, all messages in the chat will eventually be backfilled.
+ max_messages:
+ # Channels
+ channel: -1
+ # Group direct messages
+ group_dm: -1
+ # 1:1 direct messages
+ dm: -1
+
+ # End-to-bridge encryption support options.
+ #
+ # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+ encryption:
+ # Allow encryption, work in group chat rooms with e2ee enabled
+ allow: true
+ # Default to encryption, force-enable encryption in all portals the bridge creates
+ # This will cause the bridge bot to be in private chats for the encryption to work properly.
+ default: true
+ # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+ appservice: false
+ # Require encryption, drop any unencrypted messages.
+ require: false
+ # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+ # You must use a client that supports requesting keys from other users to use this feature.
+ allow_key_sharing: true
+ # What level of device verification should be required from users?
+ #
+ # Valid levels:
+ # unverified - Send keys to all device in the room.
+ # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+ # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+ # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+ # Note that creating user signatures from the bridge bot is not currently possible.
+ # verified - Require manual per-device verification
+ # (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+ verification_levels:
+ # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+ receive: unverified
+ # Minimum level that the bridge should accept for incoming Matrix messages.
+ send: unverified
+ # Minimum level that the bridge should require for accepting key requests.
+ share: cross-signed-tofu
+ # Options for Megolm room key rotation. These options allow you to
+ # configure the m.room.encryption event content. See:
+ # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+ # more information about that event.
+ rotation:
+ # Enable custom Megolm room key rotation settings. Note that these
+ # settings will only apply to rooms created after this option is
+ # set.
+ enable_custom: false
+ # The maximum number of milliseconds a session should be used
+ # before changing it. The Matrix spec recommends 604800000 (a week)
+ # as the default.
+ milliseconds: 604800000
+ # The maximum number of messages that should be sent with a given a
+ # session before changing it. The Matrix spec recommends 100 as the
+ # default.
+ messages: 100
+
+ # Settings for provisioning API
+ provisioning:
+ # Prefix for the provisioning API paths.
+ prefix: /_matrix/provision
+ # Shared secret for authentication. If set to "generate", a random secret will be generated,
+ # or if set to "disable", the provisioning API will be disabled.
+ shared_secret: disable
+
+ # Permissions for using the bridge.
+ # Permitted values:
+ # relay - Talk through the relaybot (if enabled), no access otherwise
+ # user - Access to use the bridge to chat with a Slack account.
+ # admin - User level and some additional administration tools
+ # Permitted keys:
+ # * - All Matrix users
+ # domain - All users on that homeserver
+ # mxid - Specific user
+ permissions:
+ "*": relay
+ "{{ matrix.baseurl }}": user
+ "@tobi:{{ matrix.baseurl }}": admin
+
+{% raw %}
+logging:
+ directory: ./logs
+ file_name_format: '{{.Date}}-{{.Index}}.log'
+ file_date_format: "2006-01-02"
+ file_mode: 384
+ timestamp_format: Jan _2, 2006 15:04:05
+ print_level: debug
+ print_json: false
+ file_json: false
+{% endraw %}
diff --git a/coreos-config/roles/compose_project/templates/matrix/mautrix-slack/registration.yaml b/coreos-config/roles/compose_project/templates/matrix/mautrix-slack/registration.yaml
new file mode 100644
index 0000000..72a624e
--- /dev/null
+++ b/coreos-config/roles/compose_project/templates/matrix/mautrix-slack/registration.yaml
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.2;AES256;secrets
+63643764313434366534636536373233613163353932353332353034386638623463323265356366
+3033666637643563393537636263366338643736303663620a376138656235653238386131623864
+33356331386265613436626337356436373439376434633135626339373931346166313834323938
+3833636339306137360a383230386236333632613037363139356230663563333266353030616133
+39343037343234386465646433613465646363343237346432373934623431336163303233323263
+65356133373264323664663238306266336332353632643533373038653938623939353931613964
+33383638653061313961363033343435316130666337393034356664653933626466623734643239
+63663864316464343631313533653931376561303830366665333635613666346139623937373663
+65393234326533623364626666353763396437386330386563333432306566316161626561363836
+62613630623864323163616639396233393031373734373332383064626562623563363266383065
+61613738323034313431333333656530346566333165363430333962373930363736396265636663
+65646632356265633665633930343231636138366364653038336563333234326139333437643063
+39653437303565343739306237653832616265323138643234313731343339353161333363366538
+35373864666436306438303037363766373532633533666335303137346337633265613630653637
+39356237663665333533363030653735333535653861353866363362343830366562383661666137
+37623436336531363230356233656235666238663537616437353636353732643639386534616561
+30656264316535636437653032343634643036363838626234303837393935393430323537643231
+64363534313033396362326530663430373661613362346364356262386433663731313866363438
+30653966343436656430326434646337386230333432383861333635326431346332663332313437
+35636162323834616437383563353932333137653639616532363162663365393437386333613439
+35343937333034303934623962653132323837643430303230383163393833316233636233643736
+33666530653033613762313364653734633765326432613032386535333335633834633430356165
+64396132386133326464376163326236373131316266343634306163313235616236383239366639
+38373235643763616236356266663534356230643131653130323338393262616337346635633835
+39386236643562653738383037376334303138623966316637386464386139613431
diff --git a/coreos-config/roles/compose_project/templates/matrix/mautrix-telegram/config.yaml b/coreos-config/roles/compose_project/templates/matrix/mautrix-telegram/config.yaml
new file mode 100644
index 0000000..10c7ba5
--- /dev/null
+++ b/coreos-config/roles/compose_project/templates/matrix/mautrix-telegram/config.yaml
@@ -0,0 +1,593 @@
+# Homeserver details
+homeserver:
+ # The address that this appservice can use to connect to the homeserver.
+ address: https://synapse.{{ matrix.baseurl }}
+ # The domain of the homeserver (for MXIDs, etc).
+ domain: {{ matrix.baseurl }}
+ # Whether or not to verify the SSL certificate of the homeserver.
+ # Only applies if address starts with https://
+ verify_ssl: true
+ # What software is the homeserver running?
+ # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+ software: standard
+ # Number of retries for all HTTP requests if the homeserver isn't reachable.
+ http_retry_count: 4
+ # The URL to push real-time bridge status to.
+ # If set, the bridge will make POST requests to this URL whenever a user's Telegram connection state changes.
+ # The bridge will use the appservice as_token to authorize requests.
+ status_endpoint: null
+ # Endpoint for reporting per-message status.
+ message_send_checkpoint_endpoint: null
+ # Whether asynchronous uploads via MSC2246 should be enabled for media.
+ # Requires a media repo that supports MSC2246.
+ async_media: false
+# Application service host/registration related details
+# Changing these values requires regeneration of the registration.
+appservice:
+ # The address that the homeserver can use to connect to this appservice.
+ address: http://mautrix-telegram:29317
+ # When using https:// the TLS certificate and key files for the address.
+ tls_cert: false
+ tls_key: false
+ # The hostname and port where this appservice should listen.
+ hostname: 0.0.0.0
+ port: 29317
+ # The maximum body size of appservice API requests (from the homeserver) in mebibytes
+ # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
+ max_body_size: 1
+ # The full URI to the database. SQLite and Postgres are supported.
+ # Format examples:
+ # SQLite: sqlite:///filename.db
+ # Postgres: postgres://username:password@hostname/dbname
+ database: postgres://{{ matrix.bridge.tg.dbuser }}:{{ matrix.bridge.tg.dbpass }}@db-bridge-tg/{{ matrix.bridge.tg.dbname }}
+ # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
+ # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
+ # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
+ # For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
+ # Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
+ database_opts:
+ min_size: 1
+ max_size: 10
+ # Public part of web server for out-of-Matrix interaction with the bridge.
+ # Used for things like login if the user wants to make sure the 2FA password isn't stored in
+ # the HS database.
+ public:
+ # Whether or not the public-facing endpoints should be enabled.
+ enabled: false
+ # The prefix to use in the public-facing endpoints.
+ prefix: /public
+ # The base URL where the public-facing endpoints are available. The prefix is not added
+ # implicitly.
+ external: https://example.com/public
+ # Provisioning API part of the web server for automated portal creation and fetching information.
+ # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
+ provisioning:
+ # Whether or not the provisioning API should be enabled.
+ enabled: false
+ # The prefix to use in the provisioning API endpoints.
+ prefix: /_matrix/provision
+ # The shared secret to authorize users of the API.
+ # Set to "generate" to generate and save a new token.
+ shared_secret: generate
+ # The unique ID of this appservice.
+ id: telegram
+ # Username of the appservice bot.
+ bot_username: telegrambot
+ # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+ # to leave display name/avatar as-is.
+ bot_displayname: Telegram bridge bot
+ bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
+ # Whether or not to receive ephemeral events via appservice transactions.
+ # Requires MSC2409 support (i.e. Synapse 1.22+).
+ # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+ ephemeral_events: true
+ # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+ as_token: "{{ matrix.bridge.tg.as_token }}"
+ hs_token: "{{ matrix.bridge.tg.hs_token }}"
+# Prometheus telemetry config. Requires prometheus-client to be installed.
+metrics:
+ enabled: false
+ listen_port: 8000
+# Manhole config.
+manhole:
+ # Whether or not opening the manhole is allowed.
+ enabled: false
+ # The path for the unix socket.
+ path: /var/tmp/mautrix-telegram.manhole
+ # The list of UIDs who can be added to the whitelist.
+ # If empty, any UIDs can be specified in the open-manhole command.
+ whitelist:
+ - 0
+# Bridge config
+bridge:
+ # Localpart template of MXIDs for Telegram users.
+ # {userid} is replaced with the user ID of the Telegram user.
+ username_template: "telegram_{userid}"
+ # Localpart template of room aliases for Telegram portal rooms.
+ # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
+ alias_template: "telegram_{groupname}"
+ # Displayname template for Telegram users.
+ # {displayname} is replaced with the display name of the Telegram user.
+ displayname_template: "{displayname} (Telegram)"
+ # Set the preferred order of user identifiers which to use in the Matrix puppet display name.
+ # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
+ # ID is used.
+ #
+ # If the bridge is working properly, a phone number or an username should always be known, but
+ # the other one can very well be empty.
+ #
+ # Valid keys:
+ # "full name" (First and/or last name)
+ # "full name reversed" (Last and/or first name)
+ # "first name"
+ # "last name"
+ # "username"
+ # "phone number"
+ displayname_preference:
+ - full name
+ - username
+ - phone number
+ # Maximum length of displayname
+ displayname_max_length: 100
+ # Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default
+ # as there's no way to determine whether an avatar is removed or just hidden from some users. If
+ # you're on a single-user instance, this should be safe to enable.
+ allow_avatar_remove: false
+ # Maximum number of members to sync per portal when starting up. Other members will be
+ # synced when they send messages. The maximum is 10000, after which the Telegram server
+ # will not send any more members.
+ # -1 means no limit (which means it's limited to 10000 by the server)
+ max_initial_member_sync: 100
+ # Maximum number of participants in chats to bridge. Only applies when the portal is being created.
+ # If there are more members when trying to create a room, the room creation will be cancelled.
+ # -1 means no limit (which means all chats can be bridged)
+ max_member_count: -1
+ # Whether or not to sync the member list in channels.
+ # If no channel admins have logged into the bridge, the bridge won't be able to sync the member
+ # list regardless of this setting.
+ sync_channel_members: true
+ # Whether or not to skip deleted members when syncing members.
+ skip_deleted_members: true
+ # Whether or not to automatically synchronize contacts and chats of Matrix users logged into
+ # their Telegram account at startup.
+ startup_sync: true
+ # Number of most recently active dialogs to check when syncing chats.
+ # Set to 0 to remove limit.
+ sync_update_limit: 0
+ # Number of most recently active dialogs to create portals for when syncing chats.
+ # Set to 0 to remove limit.
+ sync_create_limit: 15
+ # Should all chats be scheduled to be created later?
+ # This is best used in combination with MSC2716 infinite backfill.
+ sync_deferred_create_all: false
+ # Whether or not to sync and create portals for direct chats at startup.
+ sync_direct_chats: true
+ # The maximum number of simultaneous Telegram deletions to handle.
+ # A large number of simultaneous redactions could put strain on your homeserver.
+ max_telegram_delete: 10
+ # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
+ # at startup and when creating a bridge.
+ sync_matrix_state: true
+ # Allow logging in within Matrix. If false, users can only log in using login-qr or the
+ # out-of-Matrix login website (see appservice.public config section)
+ allow_matrix_login: true
+ # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
+ public_portals: false
+ # Whether or not to use /sync to get presence, read receipts and typing notifications
+ # when double puppeting is enabled
+ sync_with_custom_puppets: false
+ # Whether or not to update the m.direct account data event when double puppeting is enabled.
+ # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+ # and is therefore prone to race conditions.
+ sync_direct_chat_list: false
+ # Servers to always allow double puppeting from
+ double_puppet_server_map:
+ {{ matrix.baseurl }}: https://{{ matrix.baseurl }}
+ # Allow using double puppeting from any server with a valid client .well-known file.
+ double_puppet_allow_discovery: false
+ # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+ #
+ # If set, custom puppets will be enabled automatically for local users
+ # instead of users having to find an access token and run `login-matrix`
+ # manually.
+ # If using this for other servers than the bridge's server,
+ # you must also set the URL in the double_puppet_server_map.
+ login_shared_secret_map:
+ {{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
+ # Set to false to disable link previews in messages sent to Telegram.
+ telegram_link_preview: true
+ # Whether or not the !tg join command should do a HTTP request
+ # to resolve redirects in invite links.
+ invite_link_resolve: false
+ # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
+ # This is currently not supported in most clients.
+ caption_in_message: false
+ # Maximum size of image in megabytes before sending to Telegram as a document.
+ image_as_file_size: 10
+ # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216.
+ image_as_file_pixels: 16777216
+ # Enable experimental parallel file transfer, which makes uploads/downloads much faster by
+ # streaming from/to Matrix and using many connections for Telegram.
+ # Note that generating HQ thumbnails for videos is not possible with streamed transfers.
+ # This option uses internal Telethon implementation details and may break with minor updates.
+ parallel_file_transfer: false
+ # Whether or not created rooms should have federation enabled.
+ # If false, created portal rooms will never be federated.
+ federate_rooms: false
+ # Should the bridge send all unicode reactions as custom emoji reactions to Telegram?
+ # By default, the bridge only uses custom emojis for unicode emojis that aren't allowed in reactions.
+ always_custom_emoji_reaction: true
+ # Settings for converting animated stickers.
+ animated_sticker:
+ # Format to which animated stickers should be converted.
+ # disable - No conversion, send as-is (gzipped lottie)
+ # png - converts to non-animated png (fastest),
+ # gif - converts to animated gif
+ # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
+ # webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
+ target: gif
+ # Should video stickers be converted to the specified format as well?
+ convert_from_webm: false
+ # Arguments for converter. All converters take width and height.
+ args:
+ width: 256
+ height: 256
+ fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
+ # Settings for converting animated emoji.
+ # Same as animated_sticker, but webm is not supported as the target
+ # (because inline images can only contain images, not videos).
+ animated_emoji:
+ target: webp
+ args:
+ width: 64
+ height: 64
+ fps: 25
+ # End-to-bridge encryption support options.
+ #
+ # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+ encryption:
+ # Allow encryption, work in group chat rooms with e2ee enabled
+ allow: true
+ # Default to encryption, force-enable encryption in all portals the bridge creates
+ # This will cause the bridge bot to be in private chats for the encryption to work properly.
+ default: true
+ # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+ appservice: false
+ # Require encryption, drop any unencrypted messages.
+ require: false
+ # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+ # You must use a client that supports requesting keys from other users to use this feature.
+ allow_key_sharing: true
+ # What level of device verification should be required from users?
+ #
+ # Valid levels:
+ # unverified - Send keys to all device in the room.
+ # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+ # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+ # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+ # Note that creating user signatures from the bridge bot is not currently possible.
+ # verified - Require manual per-device verification
+ # (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+ verification_levels:
+ # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
+ receive: unverified
+ # Minimum level that the bridge should accept for incoming Matrix messages.
+ send: unverified
+ # Minimum level that the bridge should require for accepting key requests.
+ share: cross-signed-tofu
+ # Options for Megolm room key rotation. These options allow you to
+ # configure the m.room.encryption event content. See:
+ # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+ # more information about that event.
+ rotation:
+ # Enable custom Megolm room key rotation settings. Note that these
+ # settings will only apply to rooms created after this option is
+ # set.
+ enable_custom: false
+ # The maximum number of milliseconds a session should be used
+ # before changing it. The Matrix spec recommends 604800000 (a week)
+ # as the default.
+ milliseconds: 604800000
+ # The maximum number of messages that should be sent with a given a
+ # session before changing it. The Matrix spec recommends 100 as the
+ # default.
+ messages: 100
+ # Whether or not to explicitly set the avatar and room name for private
+ # chat portal rooms. This will be implicitly enabled if encryption.default is true.
+ private_chat_portal_meta: false
+ # Whether or not the bridge should send a read receipt from the bridge bot when a message has
+ # been sent to Telegram.
+ delivery_receipts: false
+ # Whether or not delivery errors should be reported as messages in the Matrix room.
+ delivery_error_reports: true
+ # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+ message_status_events: false
+ # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+ # This field will automatically be changed back to false after it,
+ # except if the config file is not writable.
+ resend_bridge_info: false
+ # When using double puppeting, should muted chats be muted in Matrix?
+ mute_bridging: false
+ # When using double puppeting, should pinned chats be moved to a specific tag in Matrix?
+ # The favorites tag is `m.favourite`.
+ pinned_tag: "m.favorite"
+ # Same as above for archived chats, the low priority tag is `m.lowpriority`.
+ archive_tag: "m.lowpriority"
+ # Whether or not mute status and tags should only be bridged when the portal room is created.
+ tag_only_on_create: true
+ # Should leaving the room on Matrix make the user leave on Telegram?
+ bridge_matrix_leave: true
+ # Should the user be kicked out of all portals when logging out of the bridge?
+ kick_on_logout: true
+ # Should the "* user joined Telegram" notice always be marked as read automatically?
+ always_read_joined_telegram_notice: true
+ # Should the bridge auto-create a group chat on Telegram when a ghost is invited to a room?
+ # Requires the user to have sufficient power level and double puppeting enabled.
+ create_group_on_invite: true
+ # Settings for backfilling messages from Telegram.
+ backfill:
+ # Allow backfilling at all?
+ enable: true
+ # Use MSC2716 for backfilling?
+ #
+ # This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
+ # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
+ msc2716: false
+ # Use double puppets for backfilling?
+ #
+ # If using MSC2716, the double puppets must be in the appservice's user ID namespace
+ # (because the bridge can't use the double puppet access token with batch sending).
+ #
+ # Even without MSC2716, bridging old messages with correct timestamps requires the double
+ # puppets to be in an appservice namespace, or the server to be modified to allow
+ # overriding timestamps anyway.
+ double_puppet_backfill: false
+ # Whether or not to enable backfilling in normal groups.
+ # Normal groups have numerous technical problems in Telegram, and backfilling normal groups
+ # will likely cause problems if there are multiple Matrix users in the group.
+ normal_groups: false
+ # If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Telegram.
+ # Set to -1 to let any chat be unread.
+ unread_hours_threshold: 720
+ # Forward backfilling limits. These apply to both MSC2716 and legacy backfill.
+ #
+ # Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch.
+ # MSC2716 and the incremental settings are meant for backfilling everything incrementally rather than at once.
+ forward:
+ # Number of messages to backfill immediately after creating a portal.
+ initial_limit: 10
+ # Number of messages to backfill when syncing chats.
+ sync_limit: 100
+ # Settings for incremental backfill of history. These only apply when using MSC2716.
+ incremental:
+ # Maximum number of messages to backfill per batch.
+ messages_per_batch: 100
+ # The number of seconds to wait after backfilling the batch of messages.
+ post_batch_delay: 20
+ # The maximum number of batches to backfill per portal, split by the chat type.
+ # If set to -1, all messages in the chat will eventually be backfilled.
+ max_batches:
+ # Direct chats
+ user: -1
+ # Normal groups. Note that the normal_groups option above must be enabled
+ # for these to be backfilled.
+ normal_group: -1
+ # Supergroups
+ supergroup: 10
+ # Broadcast channels
+ channel: -1
+ # Overrides for base power levels.
+ initial_power_level_overrides:
+ user: {}
+ group: {}
+ # Whether to bridge Telegram bot messages as m.notices or m.texts.
+ bot_messages_as_notices: true
+ bridge_notices:
+ # Whether or not Matrix bot messages (type m.notice) should be bridged.
+ default: false
+ # List of user IDs for whom the previous flag is flipped.
+ # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
+ # notices from users listed here will be bridged.
+ exceptions: []
+ # An array of possible values for the $distinguisher variable in message formats.
+ # Each user gets one of the values here, based on a hash of their user ID.
+ # If the array is empty, the $distinguisher variable will also be empty.
+ relay_user_distinguishers: ["\U0001F7E6", "\U0001F7E3", "\U0001F7E9", "⭕️", "\U0001F536", "⬛️", "\U0001F535", "\U0001F7E2"]
+ # The formats to use when sending messages to Telegram via the relay bot.
+ # Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't.
+ #
+ # Available variables:
+ # $sender_displayname - The display name of the sender (e.g. Example User)
+ # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
+ # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
+ # $distinguisher - A random string from the options in the relay_user_distinguishers array.
+ # $message - The message content
+ message_formats:
+ m.text: "$distinguisher $sender_displayname: $message"
+ m.notice: "$distinguisher $sender_displayname: $message"
+ m.emote: "* $distinguisher $sender_displayname $message"
+ m.file: "$distinguisher $sender_displayname sent a file: $message"
+ m.image: "$distinguisher $sender_displayname sent an image: $message"
+ m.audio: "$distinguisher $sender_displayname sent an audio file: $message"
+ m.video: "$distinguisher $sender_displayname sent a video: $message"
+ m.location: "$distinguisher $sender_displayname sent a location: $message"
+ # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
+ # users are sent to telegram. All fields in message_formats are supported. Additionally, the
+ # Telegram user info is available in the following variables:
+ # $displayname - Telegram displayname
+ # $username - Telegram username (may not exist)
+ # $mention - Telegram @username or displayname mention (depending on which exists)
+ emote_format: "* $mention $formatted_body"
+ # The formats to use when sending state events to Telegram via the relay bot.
+ #
+ # Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
+ # In name_change events, `$prev_displayname` is the previous displayname.
+ #
+ # Set format to an empty string to disable the messages for that event.
+ state_event_formats:
+ join: "$distinguisher $displayname joined the room."
+ leave: "$distinguisher $displayname left the room."
+ name_change: "$distinguisher $prev_displayname changed their name to $distinguisher $displayname"
+ # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
+ # `filter-mode` management commands.
+ #
+ # Filters do not affect direct chats.
+ # An empty blacklist will essentially disable the filter.
+ filter:
+ # Filter mode to use. Either "blacklist" or "whitelist".
+ # If the mode is "blacklist", the listed chats will never be bridged.
+ # If the mode is "whitelist", only the listed chats can be bridged.
+ mode: blacklist
+ # The list of group/channel IDs to filter.
+ list: []
+ # The prefix for commands. Only required in non-management rooms.
+ command_prefix: "!tg"
+ # Messages sent upon joining a management room.
+ # Markdown is supported. The defaults are listed below.
+ management_room_text:
+ # Sent when joining a room.
+ welcome: "Hello, I'm a Telegram bridge bot."
+ # Sent when joining a management room and the user is already logged in.
+ welcome_connected: "Use `help` for help."
+ # Sent when joining a management room and the user is not logged in.
+ welcome_unconnected: "Use `help` for help or `login` to log in."
+ # Optional extra text sent when joining a management room.
+ additional_help: ""
+ # Send each message separately (for readability in some clients)
+ management_room_multiple_messages: false
+ # Permissions for using the bridge.
+ # Permitted values:
+ # relaybot - Only use the bridge via the relaybot, no access to commands.
+ # user - Relaybot level + access to commands to create bridges.
+ # puppeting - User level + logging in with a Telegram account.
+ # full - Full access to use the bridge, i.e. previous levels + Matrix login.
+ # admin - Full access to use the bridge and some extra administration commands.
+ # Permitted keys:
+ # * - All Matrix users
+ # domain - All users on that homeserver
+ # mxid - Specific user
+ permissions:
+ "*": "relaybot"
+ "{{ matrix.baseurl }}": "full"
+ "@tobi:{{ matrix.baseurl }}": "admin"
+ # Options related to the message relay Telegram bot.
+ relaybot:
+ private_chat:
+ # List of users to invite to the portal when someone starts a private chat with the bot.
+ # If empty, private chats with the bot won't create a portal.
+ invite: []
+ # Whether or not to bridge state change messages in relaybot private chats.
+ state_changes: true
+ # When private_chat_invite is empty, this message is sent to users /starting the
+ # relaybot. Telegram's "markdown" is supported.
+ message: This is a Matrix bridge relaybot and does not support direct chats
+ # List of users to invite to all group chat portals created by the bridge.
+ group_chat_invite: []
+ # Whether or not the relaybot should not bridge events in unbridged group chats.
+ # If false, portals will be created when the relaybot receives messages, just like normal
+ # users. This behavior is usually not desirable, as it interferes with manually bridging
+ # the chat to another room.
+ ignore_unbridged_group_chat: true
+ # Whether or not to allow creating portals from Telegram.
+ authless_portals: true
+ # Whether or not to allow Telegram group admins to use the bot commands.
+ whitelist_group_admins: true
+ # Whether or not to ignore incoming events sent by the relay bot.
+ ignore_own_incoming_events: true
+ # List of usernames/user IDs who are also allowed to use the bot commands.
+ whitelist:
+ - myusername
+ - 12345678
+# Telegram config
+telegram:
+ # Get your own API keys at https://my.telegram.org/apps
+ api_id: {{ matrix.bridge.tg.api_id }}
+ api_hash: {{ matrix.bridge.tg.api_hash }}
+ # (Optional) Create your own bot at https://t.me/BotFather
+ bot_token: disabled
+ # Should the bridge request missed updates from Telegram when restarting?
+ catch_up: true
+ # Should incoming updates be handled sequentially to make sure order is preserved on Matrix?
+ sequential_updates: true
+ exit_on_update_error: false
+ # Telethon connection options.
+ connection:
+ # The timeout in seconds to be used when connecting.
+ timeout: 120
+ # How many times the reconnection should retry, either on the initial connection or when
+ # Telegram disconnects us. May be set to a negative or null value for infinite retries, but
+ # this is not recommended, since the program can get stuck in an infinite loop.
+ retries: 5
+ # The delay in seconds to sleep between automatic reconnections.
+ retry_delay: 1
+ # The threshold below which the library should automatically sleep on flood wait errors
+ # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
+ # is 20s, the library will sleep automatically. If the error was for 21s, it would raise
+ # the error instead. Values larger than a day (86400) will be changed to a day.
+ flood_sleep_threshold: 60
+ # How many times a request should be retried. Request are retried when Telegram is having
+ # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
+ # there's a migrate error. May take a negative or null value for infinite retries, but this
+ # is not recommended, since some requests can always trigger a call fail (such as searching
+ # for messages).
+ request_retries: 5
+ # Device info sent to Telegram.
+ device_info:
+ # "auto" = OS name+version.
+ device_model: mautrix-telegram
+ # "auto" = Telethon version.
+ system_version: auto
+ # "auto" = mautrix-telegram version.
+ app_version: auto
+ lang_code: en
+ system_lang_code: en
+ # Custom server to connect to.
+ server:
+ # Set to true to use these server settings. If false, will automatically
+ # use production server assigned by Telegram. Set to false in production.
+ enabled: false
+ # The DC ID to connect to.
+ dc: 2
+ # The IP to connect to.
+ ip: 149.154.167.40
+ # The port to connect to. 443 may not work, 80 is better and both are equally secure.
+ port: 80
+ # Telethon proxy configuration.
+ # You must install PySocks from pip for proxies to work.
+ proxy:
+ # Allowed types: disabled, socks4, socks5, http, mtproxy
+ type: disabled
+ # Proxy IP address and port.
+ address: 127.0.0.1
+ port: 1080
+ # Whether or not to perform DNS resolving remotely. Only for socks/http proxies.
+ rdns: true
+ # Proxy authentication (optional). Put MTProxy secret in password field.
+ username: ""
+ password: ""
+# Python logging configuration.
+#
+# See section 16.7.2 of the Python documentation for more info:
+# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
+logging:
+ version: 1
+ formatters:
+ colored:
+ (): mautrix_telegram.util.ColorFormatter
+ format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+ normal:
+ format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+ handlers:
+ console:
+ class: logging.StreamHandler
+ formatter: colored
+ loggers:
+ mau:
+ level: DEBUG
+ telethon:
+ level: INFO
+ aiohttp:
+ level: INFO
+ root:
+ level: DEBUG
+ handlers: [console]
diff --git a/coreos-config/roles/compose_project/templates/matrix/mautrix-telegram/registration.yaml b/coreos-config/roles/compose_project/templates/matrix/mautrix-telegram/registration.yaml
new file mode 100644
index 0000000..c89279e
--- /dev/null
+++ b/coreos-config/roles/compose_project/templates/matrix/mautrix-telegram/registration.yaml
@@ -0,0 +1,31 @@
+$ANSIBLE_VAULT;1.2;AES256;secrets
+31303639303562306630323132376333316332636534613834326662396237396634313233646364
+6335353833616135373439633136356339333737363437660a316634366334376339656466646437
+39323131363163393931356331306434613035626239356631303032646664303838386635613930
+6232663031663765370a653936623761313937383233313739313166353335346465363265613762
+35643335646637343534373966626632336363646231353732643831346563356464386133393166
+32613134656431656561316335656463653462656166373433386633666338633132663032633461
+66376265633233323662313930323737316166613262383434626264353462386236636139383835
+33613830316361373434623435376162653930616631323764653539306235363530326165353037
+32303432356630376363613839313831363537363735613833306163616130336631386337366234
+33373633306161653163333635366637313266346634656633376237346566663461353962376239
+34386237373565313362383532363931333337366336316363663734343333386663653466396139
+36633735356561346531376337346635383666376635346361333162376339333839306632666562
+63363761623136643031653030666437306361396232383738366533396561373932323563363566
+38306333393662333634613139643930626664666139363039333735363538396339373634356365
+66633637316432323762353964313237396338613834336532636164333564363839353061336636
+63316163626334353231386463313535313866336431613234353533636533343662653933393132
+37353065333431366662363530333863646131313737336538396332396238656239366531366337
+63633563636531616664313930626266323266613466656636636361653731623666636333666164
+39356535363939653232326633383837666262643834326137646363393935613132366663396364
+30666266366163316563613665356535633766626335343762333765643837373034646633336432
+64373366313962333563336535346436346536386633343366336535363236306338343832373763
+36663663353533383939323234333535316162303033313833616533373237613335303662393032
+66316163343938383330663133613333346535393264636264366533343938653730316163366363
+66373866316264656361613935383334323133636164366630333264343931663461333138656131
+31353631393336323166663765613461356437306234653263393030316564363431353566316531
+35336665633133386134656361323063303531336263643764353666636364343537363136666632
+66333033373766336230393131343434666536653061353032663264636565636361336138653931
+34303233613637633165303431626361623132363530666238386336383463656136383965343563
+63616131376239356163353464333864363164363666646435353038323565386536326639366565
+3134646366666134646665366533396466366233343666613761
diff --git a/coreos-config/roles/compose_project/templates/matrix/nginx-well-known.conf b/coreos-config/roles/compose_project/templates/matrix/nginx-well-known.conf
index 4b6cb8c..7e2d96c 100644
--- a/coreos-config/roles/compose_project/templates/matrix/nginx-well-known.conf
+++ b/coreos-config/roles/compose_project/templates/matrix/nginx-well-known.conf
@@ -2,7 +2,7 @@ server {
listen 80;
server_name {{ matrix.baseurl }};
location /.well-known/matrix/client {
- return 200 '{"m.homeserver": {"base_url": "https://{{ matrix.baseurl }}"} }';
+ return 200 '{"m.homeserver": {"base_url": "https://synapse.{{ matrix.baseurl }}"} }';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
diff --git a/coreos-config/roles/compose_project/templates/matrix/shared_secret_authenticator.py b/coreos-config/roles/compose_project/templates/matrix/shared_secret_authenticator.py
new file mode 100644
index 0000000..c24d8dd
--- /dev/null
+++ b/coreos-config/roles/compose_project/templates/matrix/shared_secret_authenticator.py
@@ -0,0 +1,123 @@
+# -*- coding: utf-8 -*-
+#
+# Shared Secret Authenticator module for Matrix Synapse
+# Copyright (C) 2018 Slavi Pantaleev
+#
+# https://devture.com/
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+from typing import Awaitable, Callable, Optional, Tuple
+
+import hashlib
+import hmac
+import logging
+
+import synapse
+from synapse import module_api
+
+logger = logging.getLogger(__name__)
+
+class SharedSecretAuthProvider:
+ def __init__(self, config: dict, api: module_api):
+ for k in ('shared_secret',):
+ if k not in config:
+ raise KeyError('Required `{0}` configuration key not found'.format(k))
+
+ m_login_password_support_enabled = bool(config['m_login_password_support_enabled']) if 'm_login_password_support_enabled' in config else False
+ com_devture_shared_secret_auth_support_enabled = bool(config['com_devture_shared_secret_auth_support_enabled']) if 'com_devture_shared_secret_auth_support_enabled' in config else True
+
+ self.api = api
+ self.shared_secret = config['shared_secret']
+
+ auth_checkers: Optional[Dict[Tuple[str, Tuple], CHECK_AUTH_CALLBACK]] = {}
+ if com_devture_shared_secret_auth_support_enabled:
+ auth_checkers[("com.devture.shared_secret_auth", ("token",))] = self.check_com_devture_shared_secret_auth
+ if m_login_password_support_enabled:
+ auth_checkers[("m.login.password", ("password",))] = self.check_m_login_password
+
+ enabled_login_types = [k[0] for k in auth_checkers]
+
+ if len(enabled_login_types) == 0:
+ raise RuntimeError('At least one login type must be enabled')
+
+ logger.info('Enabled login types: %s', enabled_login_types)
+
+ api.register_password_auth_provider_callbacks(
+ auth_checkers=auth_checkers,
+ )
+
+ async def check_com_devture_shared_secret_auth(
+ self,
+ username: str,
+ login_type: str,
+ login_dict: "synapse.module_api.JsonDict",
+ ) -> Optional[
+ Tuple[
+ str,
+ Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
+ ]
+ ]:
+ if login_type != "com.devture.shared_secret_auth":
+ return None
+ return await self._log_in_username_with_token("com.devture.shared_secret_auth", username, login_dict.get("token"))
+
+ async def check_m_login_password(
+ self,
+ username: str,
+ login_type: str,
+ login_dict: "synapse.module_api.JsonDict",
+ ) -> Optional[
+ Tuple[
+ str,
+ Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
+ ]
+ ]:
+ if login_type != "m.login.password":
+ return None
+ return await self._log_in_username_with_token("m.login.password", username, login_dict.get("password"))
+
+ async def _log_in_username_with_token(
+ self,
+ login_type: str,
+ username: str,
+ token: str,
+ ) -> Optional[
+ Tuple[
+ str,
+ Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
+ ]
+ ]:
+ logger.info('Authenticating user `%s` with login type `%s`', username, login_type)
+
+ full_user_id = self.api.get_qualified_user_id(username)
+
+ # The password (token) is supposed to be an HMAC of the full user id, keyed with the shared secret.
+ given_hmac = token.encode('utf-8')
+
+ h = hmac.new(self.shared_secret.encode('utf-8'), full_user_id.encode('utf-8'), hashlib.sha512)
+ computed_hmac = h.hexdigest().encode('utf-8')
+
+ if not hmac.compare_digest(computed_hmac, given_hmac):
+ logger.info('Bad hmac value for user: %s', full_user_id)
+ return None
+
+ user_info = await self.api.get_userinfo_by_id(full_user_id)
+ if user_info is None:
+ logger.info('Refusing to authenticate missing user: %s', full_user_id)
+ return None
+
+ logger.info('Authenticated user: %s', full_user_id)
+
+ return full_user_id, None
diff --git a/coreos-config/roles/compose_project/templates/matrix/synapse-config/homeserver.yaml b/coreos-config/roles/compose_project/templates/matrix/synapse-config/homeserver.yaml
index c7b914d..7a80921 100644
--- a/coreos-config/roles/compose_project/templates/matrix/synapse-config/homeserver.yaml
+++ b/coreos-config/roles/compose_project/templates/matrix/synapse-config/homeserver.yaml
@@ -9,7 +9,7 @@
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
-server_name: "tobiasmanske.de"
+server_name: "{{ matrix.baseurl }}"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
@@ -47,19 +47,52 @@ oidc_providers:
user_mapping_provider:
config:
{% raw %}
- localpart_template: "{{ user.preferred_username }}"
+ localpart_template: "{{ user.mx_localpart }}"
display_name_template: "{{ user.name }}"
{% endraw %}
backchannel_logout_enabled: true # Optional
enable_registration: false
password_config:
- enabled: false
+ enabled: true
redis:
enabled: true
host: redis
port: 6379
+app_service_config_files:
+ - /data/reg-mautrix-tg.yaml
+ - /data/reg-mautrix-slack.yaml
+
+rc_message:
+ per_second: 100
+ burst_count: 100
+rc_joins:
+ local:
+ per_second: 100
+ burst_count: 100
+
+modules:
+ - module: shared_secret_authenticator.SharedSecretAuthProvider
+ config:
+ shared_secret: "{{ matrix.authenticator.shared_secret }}"
+
+ # By default, only login requests of type `com.devture.shared_secret_auth` are supported.
+ # Below, we explicitly enable support for the old `m.login.password` login type,
+ # which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
+ # If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
+ m_login_password_support_enabled: true
+
+ # By default, only login requests of type `com.devture.shared_secret_auth` are supported.
+ # Advertising support for such an authentication type causes a problem with Element, however.
+ # See: https://github.com/vector-im/element-web/issues/19605
+ #
+ # Uncomment the line below to disable `com.devture.shared_secret_auth` support.
+ # You will then need to:
+ # - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
+ # - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
+ # com_devture_shared_secret_auth_support_enabled: false
+
# vim:ft=yaml
diff --git a/coreos-config/roles/compose_project/templates/matrix/synapse-config/tobiasmanske.de.log.config b/coreos-config/roles/compose_project/templates/matrix/synapse-config/tobiasmanske.de.log.config
index e5cc93a..cbedd45 100644
--- a/coreos-config/roles/compose_project/templates/matrix/synapse-config/tobiasmanske.de.log.config
+++ b/coreos-config/roles/compose_project/templates/matrix/synapse-config/tobiasmanske.de.log.config
@@ -2,9 +2,9 @@ version: 1
formatters:
precise:
-
+
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-
+
handlers:
@@ -23,10 +23,10 @@ loggers:
root:
- level: INFO
+ level: WARNING
handlers: [console]
-disable_existing_loggers: false
\ No newline at end of file
+disable_existing_loggers: false