diff --git a/PORT_MAP.md b/PORT_MAP.md index e15cfec..003339b 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 6667 | | bitlbee | | 8010 | | matrix-media-repo | | 8086 | influxdb2 | influx | -| 8184 | | matrix-dimension | | 11332-11334 | rspamd | rspamd | | 20000 | mx-puppet-discord | Bridge | | 20010 | mautrix-telegram | Bridge | | 20020 | mautrix-whatsapp | Bridge | +| 20030 | matrix-dimension | Matrix Integrations Manager| | 20080 | matrix-synapse | client, federation | | 20081 | matrix-synapse | prometheus metrics | | 20090 | matrix-media-repo | media_repo | diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service new file mode 100644 index 0000000..9d2bebc --- /dev/null +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -0,0 +1,14 @@ +[Unit] +Description=Matrix Dimension +After=network.target + +[Service] +User=matrix-dimension +Group=matrix-dimension +Environment="NODE_ENV=production" +ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js +WorkingDirectory=${config['install_dir']} +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml new file mode 100644 index 0000000..321f6d2 --- /dev/null +++ b/bundles/matrix-dimension/files/production.yaml @@ -0,0 +1,93 @@ +# The web settings for the service (API and UI). +# It is best to have this run on localhost and use a reverse proxy to access Dimension. +web: + port: 20030 + address: '127.0.0.1' + +# Homeserver configuration +homeserver: + # The domain name of the homeserver. This is used in many places, such as with go-neb + # setups, to identify the homeserver. + name: "${config['homeserver']['name']}" + + # The URL that Dimension, go-neb, and other services provisioned by Dimension should + # use to access the homeserver with. + clientServerUrl: "${config['homeserver']['clientServerUrl']}" + + # The URL that Dimension should use when trying to communicate with federated APIs on + # the homeserver. If not supplied or left empty Dimension will try to resolve the address + # through the normal federation process. + #federationUrl: "https://t2bot.io:8448" + + # The URL that Dimension will redirect media requests to for downloading media such as + # stickers. If not supplied or left empty Dimension will use the clientServerUrl. + #mediaUrl: "https://t2bot.io" + + # The access token Dimension should use for miscellaneous access to the homeserver, and + # for tracking custom sticker pack updates. This should be a user configured on the homeserver + # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For + # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens + accessToken: "${config['homeserver']['accessToken']}" + +# These users can modify the integrations this Dimension supports. +# To access the admin interface, open Dimension in Riot and click the settings icon. +admins: +% for i in config['admins']: + - "${i}" +% endfor +# IPs and CIDR ranges listed here will be blocked from being widgets. +# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. +widgetBlacklist: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 127.0.0.0/8 + +database: + # Where the database for Dimension is + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + + # Where to store misc information for the utility bot account. + botData: "${config['data_dir']}/dimension.bot.json" + +# Display settings that apply to self-hosted go-neb instances +goneb: + # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver + # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, + # make the bot's avatar an empty string. + avatars: + giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" + imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" + github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" + wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" + travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" + rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" + google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" + guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" + echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" + circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" + jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" + +# Settings for interacting with Telegram. Currently only applies for importing +# sticker packs from Telegram. +telegram: + # Talk to @BotFather on Telegram to get a token + botToken: "${config['telegram']['botToken']}" + +# Custom sticker pack options. +# Largely based on https://github.com/turt2live/matrix-sticker-manager +stickers: + # Whether or not to allow people to add custom sticker packs + enabled: true + + # The sticker manager bot to promote + stickerBot: "@stickers:t2bot.io" + + # The sticker manager URL to promote + managerUrl: "https://stickers.t2bot.io" + + +# Settings for controlling how logging works +logging: + console: true + consoleLevel: info diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py new file mode 100644 index 0000000..a8a9a5c --- /dev/null +++ b/bundles/matrix-dimension/items.py @@ -0,0 +1,74 @@ +repo.libs.tools.require_bundle(node, 'nodejs') + + +directories = { + node.metadata['matrix-dimension']['install_dir']: { + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', + }, +} + +git_deploy = { + node.metadata['matrix-dimension']['install_dir']: { + 'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet + 'repo': 'https://github.com/turt2live/matrix-dimension.git', + 'triggers': { + 'action:matrix_dimension_build', + }, + 'needs': { + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')), + }, + }, +} + +files = { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): { + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'needs': { + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), + }, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, + }, + '/etc/systemd/system/matrix-dimension.service': { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +actions = { + 'matrix_dimension_build': { + 'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', + 'needs': { + 'pkg_apt:nodejs', + }, + 'triggered': True, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +svc_systemd = { + 'matrix-dimension': { + 'needs': { + 'action:matrix_dimension_build', + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')), + 'postgres_db:matrix-dimension', + 'postgres_role:matrix-dimension', + }, + }, +} diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py new file mode 100644 index 0000000..2d41180 --- /dev/null +++ b/bundles/matrix-dimension/metadata.py @@ -0,0 +1,77 @@ +defaults = { + 'backups': { + 'paths': { + '/opt/matrix-dimension', + '/var/opt/matrix-dimension', + }, + }, + 'matrix-dimension': { + 'install_dir': '/opt/matrix-dimension', + 'data_dir': '/var/opt/matrix-dimension', + 'database': { + 'user': 'matrix-dimension', + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + 'database': 'matrix-dimension', + }, + }, + 'postgresql': { + 'roles': { + 'matrix-dimension': { + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + }, + }, + 'databases': { + 'matrix-dimension': { + 'owner': 'matrix-dimension', + }, + }, + }, + 'users': { + 'matrix-dimension': { + 'home': '/var/opt/matrix-dimension', + }, + }, +} + +@metadata_reactor.provides( + 'nginx/vhosts/matrix-dimension', +) +def nginx_config(metadata): + return { + 'nginx': { + 'vhosts': { + 'matrix-dimension': { + 'domain': metadata.get('matrix-dimension/url'), + 'do_not_set_content_security_headers': True, + 'max_body_size': '50M', + 'locations': { + '/': { + 'target': 'http://127.0.0.1:20030', + }, + }, + }, + }, + }, + } + + +@metadata_reactor.provides( + 'icinga2_api/matrix-dimension/services', +) +def icinga_check_for_new_release(metadata): + return { + 'icinga2_api': { + 'matrix-dimension': { + 'services': { + 'MATRIX-DIMENSION UPDATE': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')), + 'vars.notification.mail': True, + 'check_interval': '60m', + }, + 'MATRIX-DIMENSION PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:', + }, + }, + }, + }, + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu deleted file mode 100644 index aa5cff2..0000000 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ /dev/null @@ -1,6 +0,0 @@ - add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - - location /.well-known/matrix/ { - alias /etc/matrix-synapse/wellknown/; - add_header Access-Control-Allow-Origin *; - } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension b/data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension new file mode 100644 index 0000000..e13c482 --- /dev/null +++ b/data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension @@ -0,0 +1 @@ +add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 1085b16..cb2ec71 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -4,6 +4,7 @@ nodes['htz-cloud.miniserver'] = { 'bundles': { 'element-web', + 'matrix-dimension', 'matrix-media-repo', 'matrix-synapse', 'nodejs', @@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = { }, 'brand': 'sophies-kitchen.eu', 'showLabsSettings': True, - 'integrations_ui_url': 'https://dimension.franzi.business/riot', - 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', + 'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot', + 'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar', 'integrations_widgets_urls': { - 'https://dimension.franzi.business/widgets' + 'https://dimension.sophies-kitchen.eu/widgets' }, 'default_theme': 'dark', 'defaultCountryCode': 'DE', @@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = { }, }, }, + 'matrix-dimension': { + 'url': 'dimension.sophies-kitchen.eu', + 'version': 'master', # doesn't have releases yet + 'homeserver': { + 'name': 'sophies-kitchen.eu', + 'clientServerUrl': 'https://matrix.sophies-kitchen.eu', + 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), + }, + 'admins': [ + '@sophie:sophies-kitchen.eu', + ], + 'telegram': { + 'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'), + }, + }, 'matrix-media-repo': { 'version': 'v1.2.8', 'homeservers': { @@ -144,6 +160,14 @@ nodes['htz-cloud.miniserver'] = { 'bot_token': '""', }, }, + 'nameservers': { + '213.133.98.98', + '213.133.99.99', + '213.133.100.100', + '2a01:4f8:0:1::add:1010', + '2a01:4f8:0:1::add:9999', + '2a01:4f8:0:1::add:9898', + }, 'nftables': { 'rules': { 'input': { @@ -156,16 +180,9 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - #'dimension.sophies-kitchen.eu': { - # 'extras': True, - # 'do_not_set_content_security_headers': True, - # 'max_body_size': '50M', - # 'locations': { - # '/': { - # 'target': 'http://127.0.0.1:8184', - # }, - # }, - #}, + 'matrix-dimension': { + 'extras': True, + }, 'sophies-kitchen.eu': { 'webroot': '/var/www/sophies-kitchen.eu/_site/', 'extras': True,