replace matrix-dimension on rx300 with matrix-stickerpicker on carlene

This commit is contained in:
Franzi 2023-09-02 13:35:04 +02:00
parent fc75e92a78
commit b08c9fb5a4
Signed by: kunsi
GPG key ID: 12E3D2136B818350
9 changed files with 98 additions and 330 deletions

View file

@ -1,14 +0,0 @@
[Unit]
Description=Matrix Dimension
After=network.target
[Service]
User=matrix-dimension
Group=matrix-dimension
Environment="NODE_ENV=production"
ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js
WorkingDirectory=${config['install_dir']}
Restart=on-failure
[Install]
WantedBy=multi-user.target

View file

@ -1,93 +0,0 @@
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 20030
address: '127.0.0.1'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "${config['homeserver']['name']}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "${config['homeserver']['clientServerUrl']}"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
#federationUrl: "https://t2bot.io:8448"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
#mediaUrl: "https://t2bot.io"
# The access token Dimension should use for miscellaneous access to the homeserver, and
# for tracking custom sticker pack updates. This should be a user configured on the homeserver
# and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
# information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "${config['homeserver']['accessToken']}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins:
% for i in config['admins']:
- "${i}"
% endfor
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
database:
# Where the database for Dimension is
uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
# Where to store misc information for the utility bot account.
botData: "${config['data_dir']}/dimension.bot.json"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for interacting with Telegram. Currently only applies for importing
# sticker packs from Telegram.
telegram:
# Talk to @BotFather on Telegram to get a token
botToken: "${config['telegram']['botToken']}"
# Custom sticker pack options.
# Largely based on https://github.com/turt2live/matrix-sticker-manager
stickers:
# Whether or not to allow people to add custom sticker packs
enabled: true
# The sticker manager bot to promote
stickerBot: "@stickers:t2bot.io"
# The sticker manager URL to promote
managerUrl: "https://stickers.t2bot.io"
# Settings for controlling how logging works
logging:
console: true
consoleLevel: info

View file

@ -1,78 +0,0 @@
repo.libs.tools.require_bundle(node, 'nodejs')
directories = {
node.metadata['matrix-dimension']['install_dir']: {
'owner': 'matrix-dimension',
'group': 'matrix-dimension',
},
}
git_deploy = {
node.metadata['matrix-dimension']['install_dir']: {
'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet
'repo': 'https://github.com/turt2live/matrix-dimension.git',
'triggers': {
'action:matrix_dimension_build',
},
'needs': {
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')),
},
},
}
files = {
'{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): {
'owner': 'matrix-dimension',
'group': 'matrix-dimension',
'content_type': 'mako',
'context': {
'config': node.metadata.get('matrix-dimension', {}),
},
'needs': {
'git_deploy:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
},
'triggers': {
'svc_systemd:matrix-dimension:restart',
},
},
'/etc/systemd/system/matrix-dimension.service': {
'content_type': 'mako',
'context': {
'config': node.metadata.get('matrix-dimension', {}),
},
'triggers': {
'action:systemd-reload',
'svc_systemd:matrix-dimension:restart',
},
},
}
actions = {
'matrix_dimension_build': {
'command': ' && '.join([
'cd ' + node.metadata.get('matrix-dimension/install_dir'),
'sudo -u matrix-dimension npm install --legacy-peer-deps',
'sudo -u matrix-dimension NODE_OPTIONS=--openssl-legacy-provider npm run build',
]),
'needs': {
'pkg_apt:nodejs',
},
'triggered': True,
'triggers': {
'svc_systemd:matrix-dimension:restart',
},
},
}
svc_systemd = {
'matrix-dimension': {
'needs': {
'action:matrix_dimension_build',
'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')),
'postgres_db:matrix-dimension',
'postgres_role:matrix-dimension',
},
},
}

View file

@ -1,110 +0,0 @@
defaults = {
'backups': {
'paths': {
'/opt/matrix-dimension',
'/var/opt/matrix-dimension',
},
},
'icinga2_api': {
'matrix-dimension': {
'services': {
'MATRIX-DIMENSION PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:',
},
},
},
},
'matrix-dimension': {
'install_dir': '/opt/matrix-dimension',
'data_dir': '/var/opt/matrix-dimension',
'database': {
'user': 'matrix-dimension',
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
'database': 'matrix-dimension',
},
},
'postgresql': {
'roles': {
'matrix-dimension': {
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
},
},
'databases': {
'matrix-dimension': {
'owner': 'matrix-dimension',
},
},
},
'users': {
'matrix-dimension': {
'home': '/var/opt/matrix-dimension',
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/matrix-dimension',
)
def nginx_config(metadata):
return {
'nginx': {
'vhosts': {
'matrix-dimension': {
'domain': metadata.get('matrix-dimension/url'),
'do_not_set_content_security_headers': True,
'max_body_size': '50M',
'locations': {
'/': {
'target': 'http://127.0.0.1:20030',
},
},
},
},
},
}
@metadata_reactor.provides(
'zfs/datasets',
)
def zfs(metadata):
return {
'zfs': {
'datasets': {
'tank/matrix-dimension': {},
'tank/matrix-dimension/install': {
'mountpoint': metadata.get('matrix-dimension/install_dir'),
'needed_by': {
'directory:{}'.format(metadata.get('matrix-dimension/install_dir')),
},
},
'tank/matrix-dimension/var': {
'mountpoint': metadata.get('matrix-dimension/data_dir'),
'needed_by': {
'directory:{}'.format(metadata.get('matrix-dimension/data_dir')),
},
},
},
},
}
# XXX enable this once there are releases for matrix-dimension
#@metadata_reactor.provides(
# 'icinga2_api/matrix-dimension/services',
#)
#def icinga_check_for_new_release(metadata):
# return {
# 'icinga2_api': {
# 'matrix-dimension': {
# 'services': {
# 'MATRIX-DIMENSION UPDATE': {
# 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
# 'vars.notification.mail': True,
# 'check_interval': '60m',
# },
# },
# },
# },
# }

View file

@ -0,0 +1,7 @@
#!/bin/bash
/opt/matrix-stickerpicker/venv/bin/sticker-import \
--config /opt/matrix-stickerpicker/config.json \
--session /opt/matrix-stickerpicker/sticker-import.session \
--output-dir /var/opt/matrix-stickerpicker/ \
"$@"

View file

@ -0,0 +1,47 @@
actions['matrix-stickerpicker_create_virtualenv'] = {
'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/matrix-stickerpicker/venv/',
'unless': 'test -d /opt/matrix-stickerpicker/venv/',
'needs': {
# actually /opt/matrix-stickerpicker, but we don't create that
'directory:/opt/matrix-stickerpicker/src',
},
}
actions['matrix-stickerpicker_install'] = {
'command': 'cd /opt/matrix-stickerpicker/src && /opt/matrix-stickerpicker/venv/bin/pip install --upgrade pip .',
'needs': {
'action:matrix-stickerpicker_create_virtualenv',
},
'triggered': True,
}
users['matrix-stickerpicker'] = {
'home': '/opt/matrix-stickerpicker',
}
files['/usr/local/bin/sticker-import'] = {
'mode': '0700',
}
files['/opt/matrix-stickerpicker/config.json'] = {
'content': repo.libs.faults.dict_as_json(node.metadata.get('matrix-stickerpicker/config')),
}
directories['/opt/matrix-stickerpicker/src'] = {}
directories['/var/opt/matrix-stickerpicker'] = {}
git_deploy['/opt/matrix-stickerpicker/src'] = {
'repo': 'https://github.com/maunium/stickerpicker.git',
'rev': node.metadata.get('matrix-stickerpicker/version', 'master'),
'triggers': {
'action:matrix-stickerpicker_install',
},
}
symlinks['/opt/matrix-stickerpicker/src/web/packs'] = {
'target': '/var/opt/matrix-stickerpicker',
'after': {
'git_deploy:/opt/matrix-stickerpicker/src',
},
}

View file

@ -0,0 +1,35 @@
defaults = {
'backups': {
'paths': '/var/opt/matrix-stickerpicker',
},
'zfs': {
'datasets': {
'tank/matrix-stickerpicker': {
'mountpoint': '/var/opt/matrix-stickerpicker',
'needed_by': {
'directory:/var/opt/matrix-stickerpicker',
},
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/matrix-stickerpicker',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'matrix-stickerpicker': {
'domain': metadata.get('matrix-stickerpicker/domain'),
'do_not_set_content_security_headers': True,
'webroot': '/opt/matrix-stickerpicker/src/web/',
},
},
},
}

View file

@ -9,6 +9,7 @@ bundles = [
"element-web", "element-web",
"forgejo", "forgejo",
"matrix-media-repo", "matrix-media-repo",
"matrix-stickerpicker",
"matrix-synapse", "matrix-synapse",
"mautrix-telegram", "mautrix-telegram",
"mautrix-whatsapp", "mautrix-whatsapp",
@ -75,6 +76,14 @@ version = "v1.2.13"
api = "synapse" api = "synapse"
domain = "http://[::1]:20080/" domain = "http://[::1]:20080/"
[metadata.matrix-stickerpicker]
# use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q
domain = "matrix-stickers.franzi.business"
[metadata.matrix-stickerpicker.config]
access_token = "!decrypt:encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT"
homeserver = "https://matrix.franzi.business"
user_id = "@dimension:franzi.business"
[metadata.matrix-synapse] [metadata.matrix-synapse]
admin_contact = "mailto:hostmaster@kunbox.net" admin_contact = "mailto:hostmaster@kunbox.net"
baseurl = "matrix.franzi.business" baseurl = "matrix.franzi.business"

View file

@ -12,7 +12,6 @@ nodes['rx300'] = {
'jenkins-ci', 'jenkins-ci',
'jugendhackt_tools', 'jugendhackt_tools',
'lm-sensors', 'lm-sensors',
'matrix-dimension',
'minecraft', 'minecraft',
'nodejs', 'nodejs',
'oidentd', 'oidentd',
@ -72,22 +71,6 @@ nodes['rx300'] = {
'allowed_hosts': ['jh.franzi.business'], 'allowed_hosts': ['jh.franzi.business'],
'timezone': 'Europe/Berlin', 'timezone': 'Europe/Berlin',
}, },
'matrix-dimension': {
'url': 'dimension.franzi.business',
'version': 'c6d047c', # XXX master is broken as of 2021-11-27
'homeserver': {
'name': 'franzi.business',
'clientServerUrl': 'https://matrix.franzi.business',
'accessToken': vault.decrypt('encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT'),
},
'admins': [
'@kunsi:franzi.business',
],
'telegram': {
# same as for mautrix-telegram
'botToken': vault.decrypt('encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q'),
},
},
'minecraft': { 'minecraft': {
'heap_mb': 16*1024, 'heap_mb': 16*1024,
'sha1': '82be5e1bbdfd1bcb001644780562282fd42ee5a9', 'sha1': '82be5e1bbdfd1bcb001644780562282fd42ee5a9',
@ -102,23 +85,6 @@ nodes['rx300'] = {
}, },
'restrict-to': {'*'}, 'restrict-to': {'*'},
}, },
'mx-puppet-discord': {
'homeserver': {
'domain': 'franzi.business',
'url': 'https://matrix.franzi.business',
},
'allowed-users': {
'@.*:franzi\\\\.business',
},
},
'netbox': {
'domain': 'netbox.franzi.business',
'version': 'v3.5.6',
'changelog_retention_days': 360,
'admins': {
'kunsi': 'hostmaster@kunbox.net',
},
},
'nginx': { 'nginx': {
'security.txt': { 'security.txt': {
'contact': 'mailto:security@kunsmann.eu', 'contact': 'mailto:security@kunsmann.eu',
@ -126,7 +92,6 @@ nodes['rx300'] = {
}, },
'vhosts': { 'vhosts': {
'jenkins-ci': {'ssl': '_.franzi.business'}, 'jenkins-ci': {'ssl': '_.franzi.business'},
'matrix-dimension': {'ssl': '_.franzi.business'},
'radicale': {'ssl': '_.franzi.business'}, 'radicale': {'ssl': '_.franzi.business'},
'daskritzelt-redirect': { 'daskritzelt-redirect': {
'domain': 'die-brontosaurier-waren-es.org', 'domain': 'die-brontosaurier-waren-es.org',