From 3b79f3973f450bb18da2a4c5b8b05758aa9d0fe4 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 16:36:43 +0200 Subject: [PATCH] bw/bundle matrix-dimension add first draft --- .../files/matrix-dimension.service | 14 +++ .../matrix-dimension/files/production.yaml | 98 +++++++++++++++++++ bundles/matrix-dimension/items.py | 68 +++++++++++++ bundles/matrix-dimension/metadata.py | 75 ++++++++++++++ .../dimension.sophies-kitchen.eu | 13 ++- nodes/htz-cloud/miniserver.py | 35 ++++--- 6 files changed, 288 insertions(+), 15 deletions(-) create mode 100644 bundles/matrix-dimension/files/matrix-dimension.service create mode 100644 bundles/matrix-dimension/files/production.yaml create mode 100644 bundles/matrix-dimension/items.py create mode 100644 bundles/matrix-dimension/metadata.py diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service new file mode 100644 index 0000000..1b9333f --- /dev/null +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -0,0 +1,14 @@ +[Unit] +Description=Matrix Dimension +After=network.target + +[Service] +User=matrix-support +Group=matrix-support +Environment="NODE_ENV=production" +ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +WorkingDirectory=${config['install_dir']} +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml new file mode 100644 index 0000000..bb67228 --- /dev/null +++ b/bundles/matrix-dimension/files/production.yaml @@ -0,0 +1,98 @@ +# The web settings for the service (API and UI). +# It is best to have this run on localhost and use a reverse proxy to access Dimension. +web: + port: 8184 + address: '127.0.0.1' + +# Homeserver configuration +homeserver: + # The domain name of the homeserver. This is used in many places, such as with go-neb + # setups, to identify the homeserver. + name: "${config['homserver']['name']}" + + # The URL that Dimension, go-neb, and other services provisioned by Dimension should + # use to access the homeserver with. + clientServerUrl: "${config['homserver']['clientServeUrl']}" + + # The URL that Dimension should use when trying to communicate with federated APIs on + # the homeserver. If not supplied or left empty Dimension will try to resolve the address + # through the normal federation process. + #federationUrl: "https://t2bot.io:8448" + + # The URL that Dimension will redirect media requests to for downloading media such as + # stickers. If not supplied or left empty Dimension will use the clientServerUrl. + #mediaUrl: "https://t2bot.io" + + # The access token Dimension should use for miscellaneous access to the homeserver, and + # for tracking custom sticker pack updates. This should be a user configured on the homeserver + # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For + # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens + accessToken: "${config['homserver']['accessToken']}" + +# These users can modify the integrations this Dimension supports. +# To access the admin interface, open Dimension in Riot and click the settings icon. +admins: +% for i in config['admins']: + - "${i}" +% endfor +# IPs and CIDR ranges listed here will be blocked from being widgets. +# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. +widgetBlacklist: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 127.0.0.0/8 + +database: + # Where the database for Dimension is + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + + # Where to store misc information for the utility bot account. + botData: "${config['data_dir']}/dimension.bot.json" + +# Display settings that apply to self-hosted go-neb instances +goneb: + # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver + # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, + # make the bot's avatar an empty string. + avatars: + giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" + imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" + github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" + wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" + travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" + rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" + google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" + guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" + echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" + circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" + jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" + +# Settings for interacting with Telegram. Currently only applies for importing +# sticker packs from Telegram. +telegram: + # Talk to @BotFather on Telegram to get a token + botToken: "${config['telegram']['botToken']}" + +# Custom sticker pack options. +# Largely based on https://github.com/turt2live/matrix-sticker-manager +stickers: + # Whether or not to allow people to add custom sticker packs + enabled: true + + # The sticker manager bot to promote + stickerBot: "@stickers:t2bot.io" + + # The sticker manager URL to promote + managerUrl: "https://stickers.t2bot.io" + + +# Settings for controlling how logging works +logging: + file: "${config['data_dir']}/logs/dimension.log" + console: true + consoleLevel: info + fileLevel: verbose + rotate: + size: 52428800 # bytes, default is 50mb + count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py new file mode 100644 index 0000000..68375ea --- /dev/null +++ b/bundles/matrix-dimension/items.py @@ -0,0 +1,68 @@ +repo.libs.tools.require_bundle(node, 'nodejs') + + +directories = { + node.metadata['matrix-dimension']['install_dir']: {}, + node.metadata['matrix-dimension']['data_dir']: {}, +} + +git_deploy = { + node.metadata['matrix-dimension']['install_dir']: { + 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'repo': 'https://github.com/turt2live/matrix-dimension.git', + 'triggers': { + 'action:matrix_dimension_build', + }, + 'needs': { + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + }, + }, +} + +files = { + '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'needs': { + 'action:element-web_yarn', + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + }, + }, + '/etc/systemd/system/matrix-dimension.service': { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +actions = { + 'matrix_dimenson_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'needs': { + 'pkg_apt:nodejs', + }, + 'triggered': True, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +svc_systemd = { + 'matrix-dimension': { + 'needs': { + 'action:matrix-dimension_build', + 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'postgres_db:matrix-dimension', + 'postgres_role:matrix-dimension', + }, + }, +} diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py new file mode 100644 index 0000000..6db7c86 --- /dev/null +++ b/bundles/matrix-dimension/metadata.py @@ -0,0 +1,75 @@ +defaults = { + 'matrix-dimension': { + 'install_dir': '/opt/matrix-dimension', + 'data_dir': '/var/opt/dimension', + 'database': { + 'user': 'matrix-dimension', + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + 'database': 'matrix-dimension', + }, + }, + 'postgresql': { + 'roles': { + 'matrix-dimension': { + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + }, + }, + 'databases': { + 'matrix-dimension': { + 'owner': 'matrix-dimension', + }, + }, + }, + 'icinga2_api': { + 'mautrix-telegram': { + 'services': { + 'MAUTRIX-TELEGRAM PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + }, + }, + }, + }, +} + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx_config(metadata): + return { + 'nginx': { + 'vhosts': { + metadata.get('matrix-dimension/url'): { + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'do_not_set_content_security_headers': True, + 'max_body_size': '50M', + 'proxy': { + '/': { + 'target': 'http://127.0.0.1:8184', + }, + }, + }, + }, + }, + } + + +@metadata_reactor.provides( + 'icinga2_api/matrix-dimension/services', +) +def icinga_check_for_new_release(metadata): + return { + 'icinga2_api': { + 'matrix-dimension': { + 'services': { + 'MATRIX-DIMENSION UPDATE': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')), + 'vars.notification.mail': True, + 'check_interval': '60m', + }, + #'MATRIX-DIMENSION PROCESS': { + # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + #}, + }, + }, + }, + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index aa5cff2..b20254d 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,6 +1,15 @@ + add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - location /.well-known/matrix/ { - alias /etc/matrix-synapse/wellknown/; + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; + default_type application/json; add_header Access-Control-Allow-Origin *; } + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 1085b16..06eddd4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -4,6 +4,7 @@ nodes['htz-cloud.miniserver'] = { 'bundles': { 'element-web', + 'matrix-dimension', 'matrix-media-repo', 'matrix-synapse', 'nodejs', @@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = { }, 'brand': 'sophies-kitchen.eu', 'showLabsSettings': True, - 'integrations_ui_url': 'https://dimension.franzi.business/riot', - 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', + 'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot', + 'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar', 'integrations_widgets_urls': { - 'https://dimension.franzi.business/widgets' + 'https://dimension.sophies-kitchen.eu/widgets' }, 'default_theme': 'dark', 'defaultCountryCode': 'DE', @@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = { }, }, }, + 'matrix-dimension': { + 'url': 'dimension.sophies-kitchen.eu', + 'version': 'master', # doesn't have releases yet + 'homserver': { + 'name': 'sophies-kitchen.eu', + 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), + }, + 'admins': [ + '@sophie:sophies-kitchen.eu', + ], + 'telegram': { + 'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'), + }, + }, 'matrix-media-repo': { 'version': 'v1.2.8', 'homeservers': { @@ -156,16 +172,9 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - #'dimension.sophies-kitchen.eu': { - # 'extras': True, - # 'do_not_set_content_security_headers': True, - # 'max_body_size': '50M', - # 'locations': { - # '/': { - # 'target': 'http://127.0.0.1:8184', - # }, - # }, - #}, + 'dimension.sophies-kitchen.eu': { + 'extras': True, + }, 'sophies-kitchen.eu': { 'webroot': '/var/www/sophies-kitchen.eu/_site/', 'extras': True,