matrix-dimension #43
8 changed files with 290 additions and 20 deletions
|
@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
|
|||
| 6667 | | bitlbee |
|
||||
| 8010 | | matrix-media-repo |
|
||||
| 8086 | influxdb2 | influx |
|
||||
| 8184 | | matrix-dimension |
|
||||
| 11332-11334 | rspamd | rspamd |
|
||||
| 20000 | mx-puppet-discord | Bridge |
|
||||
| 20010 | mautrix-telegram | Bridge |
|
||||
| 20020 | mautrix-whatsapp | Bridge |
|
||||
| 20030 | matrix-dimension | Matrix Integrations Manager|
|
||||
| 20080 | matrix-synapse | client, federation |
|
||||
| 20081 | matrix-synapse | prometheus metrics |
|
||||
| 20090 | matrix-media-repo | media_repo |
|
||||
|
|
14
bundles/matrix-dimension/files/matrix-dimension.service
Normal file
14
bundles/matrix-dimension/files/matrix-dimension.service
Normal file
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=Matrix Dimension
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=matrix-dimension
|
||||
Group=matrix-dimension
|
||||
Environment="NODE_ENV=production"
|
||||
ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js
|
||||
WorkingDirectory=${config['install_dir']}
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
93
bundles/matrix-dimension/files/production.yaml
Normal file
93
bundles/matrix-dimension/files/production.yaml
Normal file
|
@ -0,0 +1,93 @@
|
|||
# The web settings for the service (API and UI).
|
||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||
web:
|
||||
port: 20030
|
||||
address: '127.0.0.1'
|
||||
|
||||
# Homeserver configuration
|
||||
homeserver:
|
||||
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
||||
# setups, to identify the homeserver.
|
||||
name: "${config['homeserver']['name']}"
|
||||
|
||||
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
||||
# use to access the homeserver with.
|
||||
clientServerUrl: "${config['homeserver']['clientServerUrl']}"
|
||||
|
||||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||
# through the normal federation process.
|
||||
#federationUrl: "https://t2bot.io:8448"
|
||||
|
||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||
#mediaUrl: "https://t2bot.io"
|
||||
|
||||
# The access token Dimension should use for miscellaneous access to the homeserver, and
|
||||
# for tracking custom sticker pack updates. This should be a user configured on the homeserver
|
||||
# and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
|
||||
# information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
||||
accessToken: "${config['homeserver']['accessToken']}"
|
||||
|
||||
# These users can modify the integrations this Dimension supports.
|
||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
||||
admins:
|
||||
% for i in config['admins']:
|
||||
- "${i}"
|
||||
% endfor
|
||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
||||
widgetBlacklist:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
- 127.0.0.0/8
|
||||
|
||||
database:
|
||||
# Where the database for Dimension is
|
||||
uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
|
||||
|
||||
# Where to store misc information for the utility bot account.
|
||||
botData: "${config['data_dir']}/dimension.bot.json"
|
||||
|
||||
# Display settings that apply to self-hosted go-neb instances
|
||||
goneb:
|
||||
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
||||
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
||||
# make the bot's avatar an empty string.
|
||||
avatars:
|
||||
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
||||
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
||||
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
||||
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
||||
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
||||
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
||||
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
||||
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
||||
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
||||
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
||||
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
||||
|
||||
# Settings for interacting with Telegram. Currently only applies for importing
|
||||
# sticker packs from Telegram.
|
||||
telegram:
|
||||
# Talk to @BotFather on Telegram to get a token
|
||||
botToken: "${config['telegram']['botToken']}"
|
||||
|
||||
# Custom sticker pack options.
|
||||
# Largely based on https://github.com/turt2live/matrix-sticker-manager
|
||||
stickers:
|
||||
# Whether or not to allow people to add custom sticker packs
|
||||
enabled: true
|
||||
|
||||
# The sticker manager bot to promote
|
||||
stickerBot: "@stickers:t2bot.io"
|
||||
|
||||
# The sticker manager URL to promote
|
||||
managerUrl: "https://stickers.t2bot.io"
|
||||
|
||||
|
||||
# Settings for controlling how logging works
|
||||
logging:
|
||||
console: true
|
||||
kunsi marked this conversation as resolved
|
||||
consoleLevel: info
|
74
bundles/matrix-dimension/items.py
Normal file
74
bundles/matrix-dimension/items.py
Normal file
|
@ -0,0 +1,74 @@
|
|||
repo.libs.tools.require_bundle(node, 'nodejs')
|
||||
|
||||
|
||||
directories = {
|
||||
node.metadata['matrix-dimension']['install_dir']: {
|
||||
'owner': 'matrix-dimension',
|
||||
'group': 'matrix-dimension',
|
||||
},
|
||||
}
|
||||
|
||||
git_deploy = {
|
||||
node.metadata['matrix-dimension']['install_dir']: {
|
||||
'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet
|
||||
'repo': 'https://github.com/turt2live/matrix-dimension.git',
|
||||
'triggers': {
|
||||
'action:matrix_dimension_build',
|
||||
},
|
||||
'needs': {
|
||||
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
|
||||
'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
files = {
|
||||
'{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): {
|
||||
'owner': 'matrix-dimension',
|
||||
'group': 'matrix-dimension',
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'config': node.metadata.get('matrix-dimension', {}),
|
||||
},
|
||||
'needs': {
|
||||
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
|
||||
},
|
||||
'triggers': {
|
||||
'svc_systemd:matrix-dimension:restart',
|
||||
},
|
||||
},
|
||||
'/etc/systemd/system/matrix-dimension.service': {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'config': node.metadata.get('matrix-dimension', {}),
|
||||
},
|
||||
'triggers': {
|
||||
'action:systemd-reload',
|
||||
'svc_systemd:matrix-dimension:restart',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'matrix_dimension_build': {
|
||||
'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build',
|
||||
'needs': {
|
||||
'pkg_apt:nodejs',
|
||||
},
|
||||
'triggered': True,
|
||||
'triggers': {
|
||||
'svc_systemd:matrix-dimension:restart',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
'matrix-dimension': {
|
||||
'needs': {
|
||||
'action:matrix_dimension_build',
|
||||
'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')),
|
||||
'postgres_db:matrix-dimension',
|
||||
'postgres_role:matrix-dimension',
|
||||
},
|
||||
},
|
||||
}
|
77
bundles/matrix-dimension/metadata.py
Normal file
77
bundles/matrix-dimension/metadata.py
Normal file
|
@ -0,0 +1,77 @@
|
|||
defaults = {
|
||||
'backups': {
|
||||
'paths': {
|
||||
'/opt/matrix-dimension',
|
||||
kunsi marked this conversation as resolved
kunsi
commented
Do we really need to backup this? Do we really need to backup this?
sophie
commented
npm writes all kinds of install info to this location, I guess so. npm writes all kinds of install info to this location, I guess so.
kunsi
commented
If it's only information we can restore using a If it's only information we can restore using a `bw apply`, there should be no need to backup this. But if it's more than that, i'm okay with backing this up.
|
||||
'/var/opt/matrix-dimension',
|
||||
},
|
||||
},
|
||||
'matrix-dimension': {
|
||||
'install_dir': '/opt/matrix-dimension',
|
||||
'data_dir': '/var/opt/matrix-dimension',
|
||||
'database': {
|
||||
'user': 'matrix-dimension',
|
||||
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
|
||||
'database': 'matrix-dimension',
|
||||
},
|
||||
},
|
||||
'postgresql': {
|
||||
'roles': {
|
||||
'matrix-dimension': {
|
||||
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
|
||||
},
|
||||
},
|
||||
'databases': {
|
||||
'matrix-dimension': {
|
||||
'owner': 'matrix-dimension',
|
||||
},
|
||||
},
|
||||
},
|
||||
'users': {
|
||||
'matrix-dimension': {
|
||||
'home': '/var/opt/matrix-dimension',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts/matrix-dimension',
|
||||
)
|
||||
def nginx_config(metadata):
|
||||
return {
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
'matrix-dimension': {
|
||||
'domain': metadata.get('matrix-dimension/url'),
|
||||
'do_not_set_content_security_headers': True,
|
||||
'max_body_size': '50M',
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:20030',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'icinga2_api/matrix-dimension/services',
|
||||
)
|
||||
def icinga_check_for_new_release(metadata):
|
||||
return {
|
||||
'icinga2_api': {
|
||||
'matrix-dimension': {
|
||||
'services': {
|
||||
'MATRIX-DIMENSION UPDATE': {
|
||||
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
|
||||
'vars.notification.mail': True,
|
||||
'check_interval': '60m',
|
||||
},
|
||||
'MATRIX-DIMENSION PROCESS': {
|
||||
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
|
||||
|
||||
location /.well-known/matrix/ {
|
||||
alias /etc/matrix-synapse/wellknown/;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
|
|
@ -4,6 +4,7 @@
|
|||
nodes['htz-cloud.miniserver'] = {
|
||||
'bundles': {
|
||||
'element-web',
|
||||
'matrix-dimension',
|
||||
'matrix-media-repo',
|
||||
'matrix-synapse',
|
||||
'nodejs',
|
||||
|
@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
'brand': 'sophies-kitchen.eu',
|
||||
'showLabsSettings': True,
|
||||
'integrations_ui_url': 'https://dimension.franzi.business/riot',
|
||||
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
|
||||
'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
|
||||
'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
|
||||
'integrations_widgets_urls': {
|
||||
'https://dimension.franzi.business/widgets'
|
||||
'https://dimension.sophies-kitchen.eu/widgets'
|
||||
},
|
||||
'default_theme': 'dark',
|
||||
'defaultCountryCode': 'DE',
|
||||
|
@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'matrix-dimension': {
|
||||
'url': 'dimension.sophies-kitchen.eu',
|
||||
'version': 'master', # doesn't have releases yet
|
||||
'homeserver': {
|
||||
'name': 'sophies-kitchen.eu',
|
||||
'clientServerUrl': 'https://matrix.sophies-kitchen.eu',
|
||||
'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
|
||||
},
|
||||
'admins': [
|
||||
'@sophie:sophies-kitchen.eu',
|
||||
],
|
||||
'telegram': {
|
||||
'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
|
||||
},
|
||||
},
|
||||
'matrix-media-repo': {
|
||||
'version': 'v1.2.8',
|
||||
'homeservers': {
|
||||
|
@ -144,6 +160,14 @@ nodes['htz-cloud.miniserver'] = {
|
|||
'bot_token': '""',
|
||||
},
|
||||
},
|
||||
'nameservers': {
|
||||
'213.133.98.98',
|
||||
'213.133.99.99',
|
||||
'213.133.100.100',
|
||||
'2a01:4f8:0:1::add:1010',
|
||||
'2a01:4f8:0:1::add:9999',
|
||||
'2a01:4f8:0:1::add:9898',
|
||||
},
|
||||
'nftables': {
|
||||
'rules': {
|
||||
'input': {
|
||||
|
@ -156,16 +180,9 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
#'dimension.sophies-kitchen.eu': {
|
||||
# 'extras': True,
|
||||
# 'do_not_set_content_security_headers': True,
|
||||
# 'max_body_size': '50M',
|
||||
# 'locations': {
|
||||
# '/': {
|
||||
# 'target': 'http://127.0.0.1:8184',
|
||||
# },
|
||||
# },
|
||||
#},
|
||||
'matrix-dimension': {
|
||||
'extras': True,
|
||||
},
|
||||
'sophies-kitchen.eu': {
|
||||
'webroot': '/var/www/sophies-kitchen.eu/_site/',
|
||||
'extras': True,
|
||||
|
|
Loading…
Reference in a new issue
I think we can omit that, since systemd takes care of the logging part.
Should the console level be verbose instead of into then?
I don't think that's needed. We can increase it later, if needed.
Resolved in
3fd20de161
.