From 2158c5c6b9cb85f619ce2529547a903e87753ba3 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 1 Apr 2019 17:57:13 +0200 Subject: [PATCH 1/3] Pass Matrix Webhook through reverse proxy --- .../nginx/nginx-sites-available-main.j2 | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/roles/nginx-reverse-proxy/templates/nginx/nginx-sites-available-main.j2 b/roles/nginx-reverse-proxy/templates/nginx/nginx-sites-available-main.j2 index ddb8bc3..f4ebf9a 100644 --- a/roles/nginx-reverse-proxy/templates/nginx/nginx-sites-available-main.j2 +++ b/roles/nginx-reverse-proxy/templates/nginx/nginx-sites-available-main.j2 @@ -82,3 +82,26 @@ server { proxy_set_header X-Forwarded-For $remote_addr; } } + +server { + listen 9442 ssl; + listen [::]:9442 ssl; + + # Set witch server name we define + server_name auro.re; + + # Separate log files + access_log /var/log/nginx/main.access.log; + error_log /var/log/nginx/main.error.log; + + # Use LetsEncrypt SSL + ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem; + + # For Matrix Appservice Webhooks + location / { + proxy_pass http://synapse.adm.auro.re:9000; + proxy_set_header X-Forwarded-For $remote_addr; + } +} From 84694900e45a22eab23999422b41b26050b88de4 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 1 Apr 2019 17:57:43 +0200 Subject: [PATCH 2/3] Annonce the right Webhook URL for Matrix --- roles/matrix-appservice-webhooks/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-appservice-webhooks/templates/config.yaml.j2 b/roles/matrix-appservice-webhooks/templates/config.yaml.j2 index 8be6b99..9355aff 100644 --- a/roles/matrix-appservice-webhooks/templates/config.yaml.j2 +++ b/roles/matrix-appservice-webhooks/templates/config.yaml.j2 @@ -26,7 +26,7 @@ provisioning: # Configuration related to the web portion of the bridge. Handles the inbound webhooks web: - hookUrlBase: 'http://synapse.adm.auro.re:9000/' + hookUrlBase: 'https://auro.re:9442/' logging: file: logs/webhook.log From 1b3a6f7bf8a42ba92b854d79d93d7b2cabac62cc Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 1 Apr 2019 18:53:37 +0200 Subject: [PATCH 3/3] Configure IRC Matrix appservice --- roles/matrix-appservice-irc/tasks/main.yml | 27 ++++++++++--------- .../templates/config.yaml.j2 | 26 +++++------------- .../templates/systemd/appservice.service.j2 | 2 +- 3 files changed, 22 insertions(+), 33 deletions(-) diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix-appservice-irc/tasks/main.yml index 7c77af0..881aaee 100644 --- a/roles/matrix-appservice-irc/tasks/main.yml +++ b/roles/matrix-appservice-irc/tasks/main.yml @@ -40,19 +40,20 @@ notify: Reload systemd daemons # TODO generate registration +# node app.js -r -f irc-registration.yaml -u "http://localhost:9999" -c config.yaml -l ircbot -#- name: Copy appservice registration file -# copy: -# src: "{{ service_path }}/discord-registration.yaml" -# dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml" -# owner: matrix-synapse -# group: nogroup -# mode: 0600 -# remote_src: yes +- name: Copy appservice registration file + copy: + src: "{{ service_path }}/irc-registration.yaml" + dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml" + owner: matrix-synapse + group: nogroup + mode: 0600 + remote_src: yes # Run -#- name: "Ensure that {{ service_name }} is started" -# service: -# name: "{{ service_name }}" -# state: started -# enabled: true +- name: "Ensure that {{ service_name }} is started" + service: + name: "{{ service_name }}" + state: started + enabled: true diff --git a/roles/matrix-appservice-irc/templates/config.yaml.j2 b/roles/matrix-appservice-irc/templates/config.yaml.j2 index 72d1a84..5112d96 100644 --- a/roles/matrix-appservice-irc/templates/config.yaml.j2 +++ b/roles/matrix-appservice-irc/templates/config.yaml.j2 @@ -3,13 +3,13 @@ homeserver: # The URL to the home server for client-server API calls, also used to form the # media URLs as displayed in bridged IRC channels: - url: "https://auro.re" + url: "http://auro.re" # # The URL of the homeserver hosting media files. This is only used to transform # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By # default, this is the homeserver URL, specified above. # - # media_url: "http://media.repo:8008" + media_url: "https://auro.re" # Drop Matrix messages which are older than this number of seconds, according to # the event's origin_server_ts. @@ -62,7 +62,7 @@ ircService: # Whether to use SSL or not. Default: false. ssl: true # Whether or not IRC server is using a self-signed cert or not providing CA Chain - sslselfsign: false + sslselfsign: true # Should the connection attempt to identify via SASL (if a server or user password is given) # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. sasl: false @@ -127,7 +127,7 @@ ircService: # it can service bridge-specific queries from the IRC-side e.g. so # real IRC clients have a way to change their Matrix display name. # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 - enabled: true + enabled: false # The nickname to give the AS bot. nick: "AuroreBot" # The password to give to NickServ or IRC Server for this nick. Optional. @@ -165,7 +165,7 @@ ircService: createAlias: true # Should the AS publish the new Matrix room to the public room list so # anyone can see it? Default: true. - published: false + published: true # What should the join_rule be for the new Matrix room? If 'public', # anyone can join the room. If 'invite', only users with an invite can # join the room. Note that if an IRC channel has +k or +i set on it, @@ -217,7 +217,7 @@ ircService: ircToMatrix: # Get a snapshot of all real IRC users on a channel (via NAMES) and # join their virtual matrix clients to the room. - initial: false + initial: true # Make virtual matrix clients join and leave rooms as their real IRC # counterparts join/part channels. Default: false. incremental: true @@ -225,24 +225,12 @@ ircService: matrixToIrc: # Get a snapshot of all real Matrix users in the room and join all of # them to the mapped IRC channel on startup. Default: false. - initial: false + initial: true # Make virtual IRC clients join and leave channels as their real Matrix # counterparts join/leave rooms. Make sure your 'maxClients' value is # high enough! Default: false. incremental: true - # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. - rooms: - - # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. - channels: - - mappings: - # 1:many mappings from IRC channels to room IDs on this IRC server. - # The matrix room must already exist. Your matrix client should expose - # the room ID in a "settings" page for the room. - # "#thepub": ["!kieouiJuedJoxtVdaG:localhost"] - # Configuration for virtual matrix users. The following variables are # exposed: # $NICK => The IRC nick diff --git a/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 b/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 index 0680720..c686551 100644 --- a/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 +++ b/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 @@ -9,7 +9,7 @@ Conflicts=shutdown.target Type=simple User={{ service_user }} WorkingDirectory={{ service_path }} -ExecStart=/usr/bin/nodejs ./app.js -c config.yaml -f my_registration_file.yaml -p 9999 +ExecStart=/usr/bin/nodejs ./app.js -c config.yaml -f irc-registration.yaml -p 9999 Restart=always RestartSec=3