From 7f5abe28447b5b86c371296cc61264241ac850ce Mon Sep 17 00:00:00 2001 From: "Justin W. Flory" Date: Tue, 31 Dec 2019 13:41:23 -0500 Subject: [PATCH] :sun_with_face: Initial commit of Matterbridge Ansible role Imported from the existing Matterbridge role in the FOSSRIT/infrastructure repository on GitHub: https://github.com/FOSSRIT/infrastructure/tree/39d4cb5ca17afbe362ebcdddd2ec8fb2ab015222/roles/matterbridge Signed-off-by: Justin W. Flory --- .travis.yml | 31 +++++++ LICENSE.txt | 29 +++++++ README.md | 59 ++++++++++++++ defaults/main.yml | 29 +++++++ defaults/vault.yml | 4 + files/matterbridge.service | 16 ++++ handlers/main.yml | 6 ++ meta/main.yml | 39 +++++++++ tasks/main.yml | 74 +++++++++++++++++ templates/matterbridge.toml | 158 ++++++++++++++++++++++++++++++++++++ tests/inventory | 2 + tests/test.yml | 7 ++ vars/.gitkeep | 0 13 files changed, 454 insertions(+) create mode 100644 .travis.yml create mode 100644 LICENSE.txt create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 defaults/vault.yml create mode 100644 files/matterbridge.service create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/matterbridge.toml create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/.gitkeep diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..644464a --- /dev/null +++ b/.travis.yml @@ -0,0 +1,31 @@ +--- +# TODO + +language: python +python: "3.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000..b1dd3de --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,29 @@ +BSD 3-Clause License + +Copyright (c) 2019-2020, Justin W. Flory +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1c89494 --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +Ansible Role: Matterbridge +========================== + +Ansible role to deploy [Matterbridge](https://github.com/42wim/matterbridge) server on CentOS/RHEL 7.x systems + + +Requirements +------------ + +No special requirements. +Note this role requires root access; either run it in a playbook with a global `become: yes` or invoke the role in your playbook: + +```yaml +- hosts: servers + roles: + - role: jwflory.matterbridge + become: yes +``` + + +Role Variables +-------------- + +### main.yml + +To be written once this role is more stable. + +### vault.yml + +To be written once this role is more stable. + + +Dependencies +------------ + +None. + + +Example Playbook +---------------- + +```yaml +- hosts: matterbridge-host + roles: + - role: jwflory.matterbridge +``` + + +License +------- + +[BSD-3-Clause](https://opensource.org/licenses/BSD-3-Clause "The 3-Clause BSD License") + + +Author Information +------------------ + +This role was first created in 2019 by [Justin W. Flory](https://justinwflory.com/). +Find him on [GitHub](https://github.com/jwflory "Check out other things I'm working on!") and [LinkedIn](https://www.linkedin.com/in/justinwflory/ "See what I'm doing out in the world…"). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..133970a --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,29 @@ +--- +# defaults file for matterbridge + +default_irc_bot_nick: slack-myorg +default_irc_ignore_nicks: "cowsaybot" +default_irc_network_name: freenode +default_irc_network_server: chat.freenode.net:6697 + +default_slack_api_token: "{{ vault_slack_api_token }}" +default_slack_ignore_nicks: "" +default_slack_team_name: myorg + +matterbridge_config: + binary_checksum: "46a85de97e44fe36cc5379566955ac89b632d3138e61ea4aeef216d77187cce9" + version: 1.16.3 + + my_community: + irc: + bot_name: mb-community + channel: "##my-community" + slack: + channel: general + + my_other_community: + irc: + bot_name: mb-othercomm + channel: "##my-other-community" + slack: + channel: random diff --git a/defaults/vault.yml b/defaults/vault.yml new file mode 100644 index 0000000..a4cf6de --- /dev/null +++ b/defaults/vault.yml @@ -0,0 +1,4 @@ +--- +# encrypted variables to store in Ansible role + +vault_slack_api_token: "" diff --git a/files/matterbridge.service b/files/matterbridge.service new file mode 100644 index 0000000..c1408ac --- /dev/null +++ b/files/matterbridge.service @@ -0,0 +1,16 @@ +[Unit] +Description=Matterbridge +Requires=network.target +After=multi-user.target + +[Service] +Type=simple +User=matterbridge +Group=matterbridge +WorkingDirectory=/etc/matterbridge +ExecStart=/usr/bin/matterbridge -conf matterbridge.toml +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..113ad4b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# handlers file for matterbridge +- name: restart matterbridge + service: + name: matterbridge + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..f6a1e5f --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,39 @@ +--- +galaxy_info: + author: "Justin W. Flory" + description: Deploy Matterbridge server on CentOS/RHEL 7.x systems + + license: BSD-3-Clause + + min_ansible_version: 2.9 + + # Provide a list of supported platforms, and for each platform a list of + # versions. If you don't wish to enumerate all versions for a particular + # platform, use 'all'. To view available platforms and versions (or + # releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + platforms: + - name: EL + versions: + - 7 + + galaxy_tags: + - communication + - discord + - discourse + - facebook + - irc + - keybase + - matrix + - matterbridge + - mattermost + - minecraft + - reddit + - slack + - steam + - telegram + - twitch + - whatsapp + - zulip + +dependencies: [] diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..cc5a15a --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,74 @@ +--- +# tasks file for matterbridge +- name: import Vault-encrypted variables + include_vars: vault.yml + +- name: install golang (v1.8+ required) + package: + state: present + name: golang + +- name: create matterbridge system user + user: + name: matterbridge + comment: "system user to run 42wim/matterbridge - do not use" + system: yes + home: "/etc/matterbridge" + create_home: no + +# target_user is a global variable I define in an Ansible VCS repository. This +# task will be skipped if the `target_user` variable is not defined. +- name: add target user to matterbridge group + user: + name: "{{ target_user }}" + groups: matterbridge + append: yes + when: target_user is defined + +- name: create/set permissions on /etc/matterbridge static config directory + file: + state: directory + recurse: yes + path: "/etc/matterbridge" + mode: 0755 + owner: matterbridge + group: matterbridge + setype: etc_t + seuser: system_u + +# Manually retrieve a sha512sum hash for a new release when updating this task. +- name: download matterbridge binary + get_url: + url: "https://github.com/42wim/matterbridge/releases/download/v{{ matterbridge_config.version }}/matterbridge-{{ matterbridge_config.version }}-linux-64bit" + checksum: "sha256:{{ matterbridge_config.binary_checksum }}" + backup: yes + dest: /usr/bin/matterbridge + mode: 0755 + setype: bin_t + seuser: system_u + notify: restart matterbridge + +- name: install /etc/matterbridge/matterbridge.toml + template: + src: matterbridge.toml + dest: "/etc/matterbridge/matterbridge.toml" + mode: 0640 + owner: matterbridge + group: matterbridge + setype: etc_t + seuser: system_u + notify: restart matterbridge + +- name: add /usr/lib/systemd/system/matterbridge.service (systemd unit file) + copy: + src: matterbridge.service + dest: "/usr/lib/systemd/system/matterbridge.service" + mode: 0644 + seuser: system_u + setype: systemd_unit_file_t + +- name: start/enable matterbridge.service + service: + name: matterbridge + state: started + enabled: yes diff --git a/templates/matterbridge.toml b/templates/matterbridge.toml new file mode 100644 index 0000000..99b9edf --- /dev/null +++ b/templates/matterbridge.toml @@ -0,0 +1,158 @@ +################################################################### +#IRC section +################################################################### + +[irc] +[irc.{{ default_irc_network_name }}] +Server="{{ default_irc_network_server }}" +UseTLS=true +SkipTLSVerify=false +UseSASL=false + +Nick="{{ default_irc_bot_nick }}" +#UseSASL=true +#NickServNick="" +#NickServPassword="" + +## RELOADABLE SETTINGS +## Settings below can be reloaded by editing the file + +#Split messages on MessageLength instead of showing the +#WARNING: this could lead to flooding +#OPTIONAL (default false) +MessageSplit=true + +#ColorNicks will show each nickname in a different color. +#Only works in IRC right now. +ColorNicks=true + +#Nicks you want to ignore. +#Messages from those users will not be sent to other bridges. +#OPTIONAL +IgnoreNicks="{{ default_irc_ignore_nicks }}" + +#RemoteNickFormat defines how remote users appear on this bridge +RemoteNickFormat="<{NOPINGNICK}> " + +#Enable to show users joins/parts from other bridges +#Currently works for messages from the following bridges: irc, mattermost, slack +#OPTIONAL (default false) +ShowJoinPart=true + +#Enable to show topic changes from other bridges +#Only works hiding/show topic changes from slack bridge for now +#OPTIONAL (default false) +ShowTopicChange=true + + +################################################################### +#slack section +################################################################### +[slack] +[slack.{{ default_slack_team_name }}] +Token="{{ default_slack_api_token }}" + +#Icon that will be showed in slack +#The string "{NICK}" (case sensitive) will be replaced by the actual nick / username. +#The string "{BRIDGE}" (case sensitive) will be replaced by the sending bridge +#The string "{LABEL}" (case sensitive) will be replaced by label= field of the sending bridge +#The string "{PROTOCOL}" (case sensitive) will be replaced by the protocol used by the bridge +#OPTIONAL +IconURL="https://robohash.org/{NICK}.png?size=48x48" + +## RELOADABLE SETTINGS +## Settings below can be reloaded by editing the file + +#Message to be appended to every edited message +#OPTIONAL (default empty) +EditSuffix=" (edited)" + +#Whether to prefix messages from other bridges to mattermost with RemoteNickFormat +#Useful if username overrides for incoming webhooks isn't enabled on the +#slack server. If you set PrefixMessagesWithNick to true, each message +#from bridge to Slack will by default be prefixed by "bridge-" + nick. You can, +#however, modify how the messages appear, by setting (and modifying) RemoteNickFormat +#OPTIONAL (default false) +PrefixMessagesWithNick=false + +#Nicks you want to ignore. +#Messages from those users will not be sent to other bridges. +#OPTIONAL +IgnoreNicks="{{ default_slack_ignore_nicks }}" + +#Opportunistically preserve threaded replies between Slack channels. +#This only works if the parent message is still in the cache. +#Cache is flushed between restarts. +#OPTIONAL (default false) +PreserveThreading=true + + +################################################################### +#General configuration +################################################################### +# Settings here are defaults that each protocol can override +[general] + +## RELOADABLE SETTINGS +## Settings below can be reloaded by editing the file + +#RemoteNickFormat defines how remote users appear on this bridge +#The string "{NICK}" (case sensitive) will be replaced by the actual nick / username. +#The string "{BRIDGE}" (case sensitive) will be replaced by the sending bridge +#The string "{LABEL}" (case sensitive) will be replaced by label= field of the sending bridge +#The string "{PROTOCOL}" (case sensitive) will be replaced by the protocol used by the bridge +#The string "{GATEWAY}" (case sensitive) will be replaced by the origin gateway name that is replicating the message. +#The string "{CHANNEL}" (case sensitive) will be replaced by the origin channel name used by the bridge +#OPTIONAL (default empty) +RemoteNickFormat="[{PROTOCOL}] <{NICK}> " + +#MediaServerUpload (or MediaDownloadPath) and MediaServerDownload are used for uploading +#images/files/video to a remote "mediaserver" (a webserver like caddy for example). +#When configured images/files uploaded on bridges like mattermost, slack, telegram will be +#downloaded and uploaded again to MediaServerUpload URL +#MediaDownloadPath is the filesystem path where the media file will be placed, instead of uploaded, +#for if Matterbridge has write access to the directory your webserver is serving. +#It is an alternative to MediaServerUpload. +#The MediaServerDownload will be used so that bridges without native uploading support: +#gitter, irc and xmpp will be shown links to the files on MediaServerDownload +# +#More information https://github.com/42wim/matterbridge/wiki/Mediaserver-setup-%5Badvanced%5D +#OPTIONAL (default empty) +#MediaServerUpload="https://user:pass@yourserver.com/upload" +#OPTIONAL (default empty) +#MediaDownloadPath="/srv/http/yourserver.com/public/download" +#OPTIONAL (default empty) +#MediaServerDownload="https://youserver.com/download" + +#MediaDownloadSize is the maximum size of attachments, videos, images +#matterbridge will download and upload this file to bridges that also support uploading files. +#eg downloading from slack to upload it to mattermost +# +#It will only download from bridges that don't have public links available, which are for the moment +#slack, telegram, matrix and mattermost +# +#OPTIONAL (default 1000000 (1 megabyte)) +#MediaDownloadSize=1000000 + +#MediaDownloadBlacklist allows you to blacklist specific files from being downloaded. +#Filenames matching these regexp will not be download/uploaded to the mediaserver +#You can use regex for this, see https://regex-golang.appspot.com/assets/html/index.html for more regex info +#OPTIONAL (default empty) +#MediaDownloadBlacklist=[".html$",".htm$"] + + +################################################################### +#Gateway configuration +################################################################### + +[[gateway]] +name="gateway_mycommunity" +enable=true + + [[gateway.inout]] + account="irc.{{ default_irc_network_name }}" + channel="{{ matterbridge_config.my_community.irc.channel }}" + + [[gateway.inout]] + account="slack.{{ default_slack_team_name }}" + channel="{{ matterbridge_config.my_community.slack.channel }}" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..be2822e --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,7 @@ +--- +# TODO + +- hosts: localhost + remote_user: root + roles: + - matterbridge diff --git a/vars/.gitkeep b/vars/.gitkeep new file mode 100644 index 0000000..e69de29