🌞 Initial commit of Matterbridge Ansible role

Imported from the existing Matterbridge role in the
FOSSRIT/infrastructure repository on GitHub:

    39d4cb5ca1/roles/matterbridge

Signed-off-by: Justin W. Flory <git@jwf.io>

.travis.yml

@@ -0,0 +1,31 @@
+---
+# TODO
+
+language: python
+python: "3.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

LICENSE.txt

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2019-2020, Justin W. Flory
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,59 @@
+Ansible Role: Matterbridge
+==========================
+
+Ansible role to deploy [Matterbridge](https://github.com/42wim/matterbridge) server on CentOS/RHEL 7.x systems
+
+
+Requirements
+------------
+
+No special requirements.
+Note this role requires root access; either run it in a playbook with a global `become: yes` or invoke the role in your playbook:
+
+```yaml
+- hosts: servers
+  roles:
+    - role: jwflory.matterbridge
+      become: yes
+```
+
+
+Role Variables
+--------------
+
+### main.yml
+
+To be written once this role is more stable.
+
+### vault.yml
+
+To be written once this role is more stable.
+
+
+Dependencies
+------------
+
+None.
+
+
+Example Playbook
+----------------
+
+```yaml
+- hosts: matterbridge-host
+  roles:
+     - role: jwflory.matterbridge
+```
+
+
+License
+-------
+
+[BSD-3-Clause](https://opensource.org/licenses/BSD-3-Clause "The 3-Clause BSD License")
+
+
+Author Information
+------------------
+
+This role was first created in 2019 by [Justin W. Flory](https://justinwflory.com/).
+Find him on [GitHub](https://github.com/jwflory "Check out other things I'm working on!") and [LinkedIn](https://www.linkedin.com/in/justinwflory/ "See what I'm doing out in the world…").

defaults/main.yml

@@ -0,0 +1,29 @@
+---
+# defaults file for matterbridge
+
+default_irc_bot_nick: slack-myorg
+default_irc_ignore_nicks: "cowsaybot"
+default_irc_network_name: freenode
+default_irc_network_server: chat.freenode.net:6697
+
+default_slack_api_token: "{{ vault_slack_api_token }}"
+default_slack_ignore_nicks: ""
+default_slack_team_name: myorg
+
+matterbridge_config:
+  binary_checksum: "46a85de97e44fe36cc5379566955ac89b632d3138e61ea4aeef216d77187cce9"
+  version: 1.16.3
+
+  my_community:
+    irc:
+      bot_name: mb-community
+      channel: "##my-community"
+    slack:
+      channel: general
+
+  my_other_community:
+    irc:
+      bot_name: mb-othercomm
+      channel: "##my-other-community"
+    slack:
+      channel: random

defaults/vault.yml

@@ -0,0 +1,4 @@
+---
+# encrypted variables to store in Ansible role
+
+vault_slack_api_token: ""

files/matterbridge.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Matterbridge
+Requires=network.target
+After=multi-user.target
+
+[Service]
+Type=simple
+User=matterbridge
+Group=matterbridge
+WorkingDirectory=/etc/matterbridge
+ExecStart=/usr/bin/matterbridge -conf matterbridge.toml
+Restart=always
+RestartSec=60
+
+[Install]
+WantedBy=multi-user.target

handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for matterbridge
+- name: restart matterbridge
+  service:
+    name: matterbridge
+    state: restarted

meta/main.yml

@@ -0,0 +1,39 @@
+---
+galaxy_info:
+  author: "Justin W. Flory"
+  description: Deploy Matterbridge server on CentOS/RHEL 7.x systems
+
+  license: BSD-3-Clause
+
+  min_ansible_version: 2.9
+
+  # Provide a list of supported platforms, and for each platform a list of
+  # versions. If you don't wish to enumerate all versions for a particular
+  # platform, use 'all'. To view available platforms and versions (or
+  # releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  platforms:
+    - name: EL
+      versions:
+        - 7
+
+  galaxy_tags:
+    - communication
+    - discord
+    - discourse
+    - facebook
+    - irc
+    - keybase
+    - matrix
+    - matterbridge
+    - mattermost
+    - minecraft
+    - reddit
+    - slack
+    - steam
+    - telegram
+    - twitch
+    - whatsapp
+    - zulip
+
+dependencies: []

tasks/main.yml

@@ -0,0 +1,74 @@
+---
+# tasks file for matterbridge
+- name: import Vault-encrypted variables
+  include_vars: vault.yml
+
+- name: install golang (v1.8+ required)
+  package:
+    state: present
+    name: golang
+
+- name: create matterbridge system user
+  user:
+    name: matterbridge
+    comment: "system user to run 42wim/matterbridge - do not use"
+    system: yes
+    home: "/etc/matterbridge"
+    create_home: no
+
+# target_user is a global variable I define in an Ansible VCS repository. This
+# task will be skipped if the `target_user` variable is not defined.
+- name: add target user to matterbridge group
+  user:
+    name: "{{ target_user }}"
+    groups: matterbridge
+    append: yes
+  when: target_user is defined
+
+- name: create/set permissions on /etc/matterbridge static config directory
+  file:
+    state: directory
+    recurse: yes
+    path: "/etc/matterbridge"
+    mode: 0755
+    owner: matterbridge
+    group: matterbridge
+    setype: etc_t
+    seuser: system_u
+
+# Manually retrieve a sha512sum hash for a new release when updating this task.
+- name: download matterbridge binary
+  get_url:
+    url: "https://github.com/42wim/matterbridge/releases/download/v{{ matterbridge_config.version }}/matterbridge-{{ matterbridge_config.version }}-linux-64bit"
+    checksum: "sha256:{{ matterbridge_config.binary_checksum }}"
+    backup: yes
+    dest: /usr/bin/matterbridge
+    mode: 0755
+    setype: bin_t
+    seuser: system_u
+  notify: restart matterbridge
+
+- name: install /etc/matterbridge/matterbridge.toml
+  template:
+    src: matterbridge.toml
+    dest: "/etc/matterbridge/matterbridge.toml"
+    mode: 0640
+    owner: matterbridge
+    group: matterbridge
+    setype: etc_t
+    seuser: system_u
+  notify: restart matterbridge
+
+- name: add /usr/lib/systemd/system/matterbridge.service (systemd unit file)
+  copy:
+    src: matterbridge.service
+    dest: "/usr/lib/systemd/system/matterbridge.service"
+    mode: 0644
+    seuser: system_u
+    setype: systemd_unit_file_t
+
+- name: start/enable matterbridge.service
+  service:
+    name: matterbridge
+    state: started
+    enabled: yes

templates/matterbridge.toml

@@ -0,0 +1,158 @@
+###################################################################
+#IRC section
+###################################################################
+
+[irc]
+[irc.{{ default_irc_network_name }}]
+Server="{{ default_irc_network_server }}"
+UseTLS=true
+SkipTLSVerify=false
+UseSASL=false
+
+Nick="{{ default_irc_bot_nick }}"
+#UseSASL=true
+#NickServNick=""
+#NickServPassword=""
+
+## RELOADABLE SETTINGS
+## Settings below can be reloaded by editing the file
+
+#Split messages on MessageLength instead of showing the <message clipped>
+#WARNING: this could lead to flooding
+#OPTIONAL (default false)
+MessageSplit=true
+
+#ColorNicks will show each nickname in a different color.
+#Only works in IRC right now.
+ColorNicks=true
+
+#Nicks you want to ignore.
+#Messages from those users will not be sent to other bridges.
+#OPTIONAL
+IgnoreNicks="{{ default_irc_ignore_nicks }}"
+
+#RemoteNickFormat defines how remote users appear on this bridge
+RemoteNickFormat="<{NOPINGNICK}> "
+
+#Enable to show users joins/parts from other bridges
+#Currently works for messages from the following bridges: irc, mattermost, slack
+#OPTIONAL (default false)
+ShowJoinPart=true
+
+#Enable to show topic changes from other bridges
+#Only works hiding/show topic changes from slack bridge for now
+#OPTIONAL (default false)
+ShowTopicChange=true
+
+
+###################################################################
+#slack section
+###################################################################
+[slack]
+[slack.{{ default_slack_team_name }}]
+Token="{{ default_slack_api_token }}"
+
+#Icon that will be showed in slack
+#The string "{NICK}" (case sensitive) will be replaced by the actual nick / username.
+#The string "{BRIDGE}" (case sensitive) will be replaced by the sending bridge
+#The string "{LABEL}" (case sensitive) will be replaced by label= field of the sending bridge
+#The string "{PROTOCOL}" (case sensitive) will be replaced by the protocol used by the bridge
+#OPTIONAL
+IconURL="https://robohash.org/{NICK}.png?size=48x48"
+
+## RELOADABLE SETTINGS
+## Settings below can be reloaded by editing the file
+
+#Message to be appended to every edited message
+#OPTIONAL (default empty)
+EditSuffix=" (edited)"
+
+#Whether to prefix messages from other bridges to mattermost with RemoteNickFormat
+#Useful if username overrides for incoming webhooks isn't enabled on the
+#slack server. If you set PrefixMessagesWithNick to true, each message
+#from bridge to Slack will by default be prefixed by "bridge-" + nick. You can,
+#however, modify how the messages appear, by setting (and modifying) RemoteNickFormat
+#OPTIONAL (default false)
+PrefixMessagesWithNick=false
+
+#Nicks you want to ignore.
+#Messages from those users will not be sent to other bridges.
+#OPTIONAL
+IgnoreNicks="{{ default_slack_ignore_nicks }}"
+
+#Opportunistically preserve threaded replies between Slack channels.
+#This only works if the parent message is still in the cache.
+#Cache is flushed between restarts.
+#OPTIONAL (default false)
+PreserveThreading=true
+
+
+###################################################################
+#General configuration
+###################################################################
+# Settings here are defaults that each protocol can override
+[general]
+
+## RELOADABLE SETTINGS
+## Settings below can be reloaded by editing the file
+
+#RemoteNickFormat defines how remote users appear on this bridge
+#The string "{NICK}" (case sensitive) will be replaced by the actual nick / username.
+#The string "{BRIDGE}" (case sensitive) will be replaced by the sending bridge
+#The string "{LABEL}" (case sensitive) will be replaced by label= field of the sending bridge
+#The string "{PROTOCOL}" (case sensitive) will be replaced by the protocol used by the bridge
+#The string "{GATEWAY}" (case sensitive) will be replaced by the origin gateway name that is replicating the message.
+#The string "{CHANNEL}" (case sensitive) will be replaced by the origin channel name used by the bridge
+#OPTIONAL (default empty)
+RemoteNickFormat="[{PROTOCOL}] <{NICK}> "
+
+#MediaServerUpload (or MediaDownloadPath) and MediaServerDownload are used for uploading
+#images/files/video to a remote "mediaserver" (a webserver like caddy for example).
+#When configured images/files uploaded on bridges like mattermost, slack, telegram will be
+#downloaded and uploaded again to MediaServerUpload URL
+#MediaDownloadPath is the filesystem path where the media file will be placed, instead of uploaded,
+#for if Matterbridge has write access to the directory your webserver is serving.
+#It is an alternative to MediaServerUpload.
+#The MediaServerDownload will be used so that bridges without native uploading support:
+#gitter, irc and xmpp will be shown links to the files on MediaServerDownload
+#
+#More information https://github.com/42wim/matterbridge/wiki/Mediaserver-setup-%5Badvanced%5D
+#OPTIONAL (default empty)
+#MediaServerUpload="https://user:pass@yourserver.com/upload"
+#OPTIONAL (default empty)
+#MediaDownloadPath="/srv/http/yourserver.com/public/download"
+#OPTIONAL (default empty)
+#MediaServerDownload="https://youserver.com/download"
+
+#MediaDownloadSize is the maximum size of attachments, videos, images
+#matterbridge will download and upload this file to bridges that also support uploading files.
+#eg downloading from slack to upload it to mattermost
+#
+#It will only download from bridges that don't have public links available, which are for the moment
+#slack, telegram, matrix and mattermost
+#
+#OPTIONAL (default 1000000 (1 megabyte))
+#MediaDownloadSize=1000000
+
+#MediaDownloadBlacklist allows you to blacklist specific files from being downloaded.
+#Filenames matching these regexp will not be download/uploaded to the mediaserver
+#You can use regex for this, see https://regex-golang.appspot.com/assets/html/index.html for more regex info
+#OPTIONAL (default empty)
+#MediaDownloadBlacklist=[".html$",".htm$"]
+
+
+###################################################################
+#Gateway configuration
+###################################################################
+
+[[gateway]]
+name="gateway_mycommunity"
+enable=true
+
+    [[gateway.inout]]
+    account="irc.{{ default_irc_network_name }}"
+    channel="{{ matterbridge_config.my_community.irc.channel }}"
+
+    [[gateway.inout]]
+    account="slack.{{ default_slack_team_name }}"
+    channel="{{ matterbridge_config.my_community.slack.channel }}"

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,7 @@
+---
+# TODO
+
+- hosts: localhost
+  remote_user: root
+  roles:
+    - matterbridge