bw/bundle matrix-dimension add first draft

2021-07-04 16:36:43 +02:00 · 2021-07-04 16:36:43 +02:00 · 3b79f3973f
commit 3b79f3973f
parent 3c23de4dfa
6 changed files with 288 additions and 15 deletions
--- a/bundles/matrix-dimension/files/matrix-dimension.service
+++ b/bundles/matrix-dimension/files/matrix-dimension.service
@ -0,0 +1,14 @@
+[Unit]
+Description=Matrix Dimension
+After=network.target
+
+[Service]
+User=matrix-support
+Group=matrix-support
+Environment="NODE_ENV=production"
+ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js
+WorkingDirectory=${config['install_dir']}
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/bundles/matrix-dimension/files/production.yaml
+++ b/bundles/matrix-dimension/files/production.yaml
@ -0,0 +1,98 @@
+# The web settings for the service (API and UI).
+# It is best to have this run on localhost and use a reverse proxy to access Dimension.
+web:
+  port: 8184
+  address: '127.0.0.1'
+
+# Homeserver configuration
+homeserver:
+  # The domain name of the homeserver. This is used in many places, such as with go-neb
+  # setups, to identify the homeserver.
+  name: "${config['homserver']['name']}"
+
+  # The URL that Dimension, go-neb, and other services provisioned by Dimension should
+  # use to access the homeserver with.
+  clientServerUrl: "${config['homserver']['clientServeUrl']}"
+
+  # The URL that Dimension should use when trying to communicate with federated APIs on
+  # the homeserver. If not supplied or left empty Dimension will try to resolve the address
+  # through the normal federation process.
+  #federationUrl: "https://t2bot.io:8448"
+
+  # The URL that Dimension will redirect media requests to for downloading media such as
+  # stickers. If not supplied or left empty Dimension will use the clientServerUrl.
+  #mediaUrl: "https://t2bot.io"
+  
+  # The access token Dimension should use for miscellaneous access to the homeserver, and
+  # for tracking custom sticker pack updates. This should be a user configured on the homeserver
+  # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
+  # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
+  accessToken: "${config['homserver']['accessToken']}"
+
+# These users can modify the integrations this Dimension supports.
+# To access the admin interface, open Dimension in Riot and click the settings icon.
+admins:
+% for i in config['admins']:
+  - "${i}"
+% endfor
+# IPs and CIDR ranges listed here will be blocked from being widgets.
+# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
+widgetBlacklist:
+  - 10.0.0.0/8
+  - 172.16.0.0/12
+  - 192.168.0.0/16
+  - 127.0.0.0/8
+
+database:
+  # Where the database for Dimension is
+    uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
+
+  # Where to store misc information for the utility bot account.
+  botData: "${config['data_dir']}/dimension.bot.json"
+
+# Display settings that apply to self-hosted go-neb instances
+goneb:
+  # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
+  # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
+  # make the bot's avatar an empty string.
+  avatars:
+    giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
+    imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
+    github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
+    wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
+    travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
+    rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
+    google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
+    guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
+    echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
+    circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
+    jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
+
+# Settings for interacting with Telegram. Currently only applies for importing
+# sticker packs from Telegram.
+telegram:
+  # Talk to @BotFather on Telegram to get a token
+  botToken: "${config['telegram']['botToken']}"
+
+# Custom sticker pack options.
+# Largely based on https://github.com/turt2live/matrix-sticker-manager
+stickers:
+  # Whether or not to allow people to add custom sticker packs
+  enabled: true
+
+  # The sticker manager bot to promote
+  stickerBot: "@stickers:t2bot.io"
+
+  # The sticker manager URL to promote
+  managerUrl: "https://stickers.t2bot.io"
+
+
+# Settings for controlling how logging works
+logging:
+  file: "${config['data_dir']}/logs/dimension.log"
+  console: true
+  consoleLevel: info
+  fileLevel: verbose
+  rotate:
+    size: 52428800 # bytes, default is 50mb
+    count: 5
--- a/bundles/matrix-dimension/items.py
+++ b/bundles/matrix-dimension/items.py
@ -0,0 +1,68 @@
+repo.libs.tools.require_bundle(node, 'nodejs')
+
+
+directories = {
+    node.metadata['matrix-dimension']['install_dir']: {},
+    node.metadata['matrix-dimension']['data_dir']: {},
+}
+
+git_deploy = {
+    node.metadata['matrix-dimension']['install_dir']: {
+        'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet
+        'repo': 'https://github.com/turt2live/matrix-dimension.git',
+        'triggers': {
+            'action:matrix_dimension_build',
+        },
+        'needs': {
+            'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']),
+            'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']),
+        },
+    },
+}
+
+files = {
+    '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): {
+        'content_type': 'mako',
+        'context': {
+            'config': node.metadata.get('matrix-dimension', {}),
+        },
+        'needs': {
+            'action:element-web_yarn',
+            'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']),
+        },
+    },
+    '/etc/systemd/system/matrix-dimension.service': {
+        'content_type': 'mako',
+        'context': {
+            'config': node.metadata.get('matrix-dimension', {}),
+        },
+        'triggers': {
+            'action:systemd-reload',
+            'svc_systemd:matrix-dimension:restart',
+        },
+    },
+}
+
+actions = {
+    'matrix_dimenson_build': {
+        'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build',
+        'needs': {
+            'pkg_apt:nodejs',
+        },
+        'triggered': True,
+        'triggers': {
+            'svc_systemd:matrix-dimension:restart',
+        },
+    },
+}
+
+svc_systemd = {
+    'matrix-dimension': {
+        'needs': {
+            'action:matrix-dimension_build',
+            'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']),
+            'postgres_db:matrix-dimension',
+            'postgres_role:matrix-dimension',
+        },
+    },
+}
--- a/bundles/matrix-dimension/metadata.py
+++ b/bundles/matrix-dimension/metadata.py
@ -0,0 +1,75 @@
+defaults = {
+    'matrix-dimension': {
+        'install_dir': '/opt/matrix-dimension',
+        'data_dir': '/var/opt/dimension',
+        'database': {
+            'user': 'matrix-dimension',
+            'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
+            'database': 'matrix-dimension',
+        },
+    },
+    'postgresql': {
+        'roles': {
+            'matrix-dimension': {
+                'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
+            },
+        },
+        'databases': {
+            'matrix-dimension': {
+                'owner': 'matrix-dimension',
+            },
+        },
+    },
+    'icinga2_api': {
+        'mautrix-telegram': {
+            'services': {
+                'MAUTRIX-TELEGRAM PROCESS': {
+                    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:',
+                },
+            },
+        },
+    },
+}
+
+@metadata_reactor.provides(
+    'nginx/vhosts',
+)
+def nginx_config(metadata):
+    return {
+        'nginx': {
+            'vhosts': {
+                metadata.get('matrix-dimension/url'): {
+                    'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')),
+                    'do_not_set_content_security_headers': True,
+                    'max_body_size': '50M',
+                    'proxy': {
+                        '/': {
+                            'target': 'http://127.0.0.1:8184',
+                        },
+                    },
+                },
+            },
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'icinga2_api/matrix-dimension/services',
+)
+def icinga_check_for_new_release(metadata):
+    return {
+        'icinga2_api': {
+            'matrix-dimension': {
+                'services': {
+                    'MATRIX-DIMENSION UPDATE': {
+                        'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
+                        'vars.notification.mail': True,
+                        'check_interval': '60m',
+                    },
+                    #'MATRIX-DIMENSION PROCESS': {
+                    #    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:',
+                    #},
+                },
+            },
+        },
+    }
--- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu
+++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu
@ -1,6 +1,15 @@
+
    add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";

-    location /.well-known/matrix/ {
-        alias /etc/matrix-synapse/wellknown/;
+    location /.well-known/matrix/client {
+        return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
+        default_type application/json;
        add_header Access-Control-Allow-Origin *;
    }
+
+    location /.well-known/matrix/server {
+        return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}';
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+    }
+
--- a/nodes/htz-cloud/miniserver.py
+++ b/nodes/htz-cloud/miniserver.py
@ -4,6 +4,7 @@
 nodes['htz-cloud.miniserver'] = {
    'bundles': {
        'element-web',
+        'matrix-dimension',
        'matrix-media-repo',
        'matrix-synapse',
        'nodejs',
@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = {
                },
                'brand': 'sophies-kitchen.eu',
                'showLabsSettings': True,
-                'integrations_ui_url': 'https://dimension.franzi.business/riot',
-                'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
+                'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
+                'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
                'integrations_widgets_urls': {
-                    'https://dimension.franzi.business/widgets'
+                    'https://dimension.sophies-kitchen.eu/widgets'
                },
                'default_theme': 'dark',
                'defaultCountryCode': 'DE',
@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = {
                },
            },
        },
+        'matrix-dimension': {
+            'url': 'dimension.sophies-kitchen.eu',
+            'version': 'master', # doesn't have releases yet
+            'homserver': {
+                'name': 'sophies-kitchen.eu',
+                'clientServeUrl': 'https://matrix.sophies-kitchen.eu',
+                'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
+            },
+            'admins': [
+                '@sophie:sophies-kitchen.eu',
+            ],
+            'telegram': {
+                'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
+            },
+        },
        'matrix-media-repo': {
            'version': 'v1.2.8',
            'homeservers': {
@ -156,16 +172,9 @@ nodes['htz-cloud.miniserver'] = {
        },
        'nginx': {
            'vhosts': {
-                #'dimension.sophies-kitchen.eu': {
-                #    'extras': True,
-                #    'do_not_set_content_security_headers': True,
-                #    'max_body_size': '50M',
-                #    'locations': {
-                #        '/': {
-                #            'target': 'http://127.0.0.1:8184',
-                #        },
-                #    },
-                #},
+                'dimension.sophies-kitchen.eu': {
+                    'extras': True,
+                },
                'sophies-kitchen.eu': {
                    'webroot': '/var/www/sophies-kitchen.eu/_site/',
                    'extras': True,