matrix-dimension #43
|
@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
|
|||
| 6667 | | bitlbee |
|
||||
| 8010 | | matrix-media-repo |
|
||||
| 8086 | influxdb2 | influx |
|
||||
| 8184 | | matrix-dimension |
|
||||
| 11332-11334 | rspamd | rspamd |
|
||||
| 20000 | mx-puppet-discord | Bridge |
|
||||
| 20010 | mautrix-telegram | Bridge |
|
||||
| 20020 | mautrix-whatsapp | Bridge |
|
||||
| 20030 | matrix-dimension | Matrix Integrations Manager|
|
||||
| 20080 | matrix-synapse | client, federation |
|
||||
| 20081 | matrix-synapse | prometheus metrics |
|
||||
| 20090 | matrix-media-repo | media_repo |
|
||||
|
|
14
bundles/matrix-dimension/files/matrix-dimension.service
Normal file
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=Matrix Dimension
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=matrix-dimension
|
||||
sophie marked this conversation as resolved
Outdated
|
||||
Group=matrix-dimension
|
||||
Environment="NODE_ENV=production"
|
||||
ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js
|
||||
WorkingDirectory=${config['install_dir']}
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
93
bundles/matrix-dimension/files/production.yaml
Normal file
|
@ -0,0 +1,93 @@
|
|||
# The web settings for the service (API and UI).
|
||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||
web:
|
||||
port: 20030
|
||||
kunsi marked this conversation as resolved
Outdated
kunsi
commented
Please change port into the 200xx range and document accordingly in PORT_MAP.md Please change port into the 200xx range and document accordingly in PORT_MAP.md
sophie
commented
Resolved in Resolved in `2161698a97`
|
||||
address: '127.0.0.1'
|
||||
|
||||
# Homeserver configuration
|
||||
homeserver:
|
||||
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
||||
# setups, to identify the homeserver.
|
||||
name: "${config['homeserver']['name']}"
|
||||
|
||||
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
||||
# use to access the homeserver with.
|
||||
clientServerUrl: "${config['homeserver']['clientServerUrl']}"
|
||||
kunsi marked this conversation as resolved
Outdated
kunsi
commented
Typo? Typo? `clientServeUrl` vs. `clientServerUrl`
sophie
commented
Resolved in Resolved in `8702e131dc` and `a65301ee89`.
|
||||
|
||||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||
# through the normal federation process.
|
||||
#federationUrl: "https://t2bot.io:8448"
|
||||
|
||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||
#mediaUrl: "https://t2bot.io"
|
||||
|
||||
# The access token Dimension should use for miscellaneous access to the homeserver, and
|
||||
# for tracking custom sticker pack updates. This should be a user configured on the homeserver
|
||||
# and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
|
||||
# information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
||||
accessToken: "${config['homeserver']['accessToken']}"
|
||||
kunsi marked this conversation as resolved
Outdated
kunsi
commented
Typo? Typo? `homserver` vs. `homeserver`
sophie
commented
Resolved in Resolved in `8702e131dc` and `a65301ee89`.
|
||||
|
||||
# These users can modify the integrations this Dimension supports.
|
||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
||||
admins:
|
||||
% for i in config['admins']:
|
||||
- "${i}"
|
||||
% endfor
|
||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
||||
widgetBlacklist:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
- 127.0.0.0/8
|
||||
|
||||
database:
|
||||
# Where the database for Dimension is
|
||||
uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
|
||||
|
||||
# Where to store misc information for the utility bot account.
|
||||
botData: "${config['data_dir']}/dimension.bot.json"
|
||||
|
||||
# Display settings that apply to self-hosted go-neb instances
|
||||
goneb:
|
||||
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
||||
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
||||
# make the bot's avatar an empty string.
|
||||
avatars:
|
||||
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
||||
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
||||
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
||||
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
||||
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
||||
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
||||
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
||||
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
||||
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
||||
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
||||
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
||||
|
||||
# Settings for interacting with Telegram. Currently only applies for importing
|
||||
# sticker packs from Telegram.
|
||||
telegram:
|
||||
# Talk to @BotFather on Telegram to get a token
|
||||
botToken: "${config['telegram']['botToken']}"
|
||||
|
||||
# Custom sticker pack options.
|
||||
# Largely based on https://github.com/turt2live/matrix-sticker-manager
|
||||
stickers:
|
||||
# Whether or not to allow people to add custom sticker packs
|
||||
enabled: true
|
||||
|
||||
# The sticker manager bot to promote
|
||||
stickerBot: "@stickers:t2bot.io"
|
||||
|
||||
# The sticker manager URL to promote
|
||||
managerUrl: "https://stickers.t2bot.io"
|
||||
|
||||
|
||||
# Settings for controlling how logging works
|
||||
logging:
|
||||
console: true
|
||||
kunsi marked this conversation as resolved
kunsi
commented
I think we can omit that, since systemd takes care of the logging part. I think we can omit that, since systemd takes care of the logging part.
sophie
commented
Should the console level be verbose instead of into then? Should the console level be verbose instead of into then?
kunsi
commented
I don't think that's needed. We can increase it later, if needed. I don't think that's needed. We can increase it later, if needed.
sophie
commented
Resolved in Resolved in `3fd20de161 `.
|
||||
consoleLevel: info
|
74
bundles/matrix-dimension/items.py
Normal file
|
@ -0,0 +1,74 @@
|
|||
repo.libs.tools.require_bundle(node, 'nodejs')
|
||||
|
||||
|
||||
directories = {
|
||||
node.metadata['matrix-dimension']['install_dir']: {
|
||||
'owner': 'matrix-dimension',
|
||||
'group': 'matrix-dimension',
|
||||
},
|
||||
}
|
||||
|
||||
git_deploy = {
|
||||
node.metadata['matrix-dimension']['install_dir']: {
|
||||
'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet
|
||||
sophie marked this conversation as resolved
Outdated
kunsi
commented
`node.metadata.get('matrix-dimension/version', 'master') `node.metadata.get('matrix-dimension/version', 'master')
|
||||
'repo': 'https://github.com/turt2live/matrix-dimension.git',
|
||||
'triggers': {
|
||||
'action:matrix_dimension_build',
|
||||
},
|
||||
'needs': {
|
||||
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
|
||||
'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
files = {
|
||||
'{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): {
|
||||
'owner': 'matrix-dimension',
|
||||
'group': 'matrix-dimension',
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'config': node.metadata.get('matrix-dimension', {}),
|
||||
},
|
||||
'needs': {
|
||||
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
|
||||
},
|
||||
'triggers': {
|
||||
'svc_systemd:matrix-dimension:restart',
|
||||
},
|
||||
},
|
||||
'/etc/systemd/system/matrix-dimension.service': {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'config': node.metadata.get('matrix-dimension', {}),
|
||||
},
|
||||
'triggers': {
|
||||
'action:systemd-reload',
|
||||
'svc_systemd:matrix-dimension:restart',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'matrix_dimension_build': {
|
||||
'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build',
|
||||
'needs': {
|
||||
'pkg_apt:nodejs',
|
||||
},
|
||||
'triggered': True,
|
||||
'triggers': {
|
||||
'svc_systemd:matrix-dimension:restart',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
'matrix-dimension': {
|
||||
'needs': {
|
||||
'action:matrix_dimension_build',
|
||||
'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')),
|
||||
'postgres_db:matrix-dimension',
|
||||
'postgres_role:matrix-dimension',
|
||||
},
|
||||
},
|
||||
}
|
77
bundles/matrix-dimension/metadata.py
Normal file
|
@ -0,0 +1,77 @@
|
|||
defaults = {
|
||||
'backups': {
|
||||
'paths': {
|
||||
'/opt/matrix-dimension',
|
||||
kunsi marked this conversation as resolved
kunsi
commented
Do we really need to backup this? Do we really need to backup this?
sophie
commented
npm writes all kinds of install info to this location, I guess so. npm writes all kinds of install info to this location, I guess so.
kunsi
commented
If it's only information we can restore using a If it's only information we can restore using a `bw apply`, there should be no need to backup this. But if it's more than that, i'm okay with backing this up.
|
||||
'/var/opt/matrix-dimension',
|
||||
},
|
||||
},
|
||||
'matrix-dimension': {
|
||||
'install_dir': '/opt/matrix-dimension',
|
||||
'data_dir': '/var/opt/matrix-dimension',
|
||||
'database': {
|
||||
'user': 'matrix-dimension',
|
||||
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
|
||||
'database': 'matrix-dimension',
|
||||
},
|
||||
},
|
||||
'postgresql': {
|
||||
'roles': {
|
||||
'matrix-dimension': {
|
||||
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
|
||||
},
|
||||
},
|
||||
'databases': {
|
||||
'matrix-dimension': {
|
||||
'owner': 'matrix-dimension',
|
||||
},
|
||||
},
|
||||
},
|
||||
'users': {
|
||||
'matrix-dimension': {
|
||||
'home': '/var/opt/matrix-dimension',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts/matrix-dimension',
|
||||
)
|
||||
def nginx_config(metadata):
|
||||
return {
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
'matrix-dimension': {
|
||||
kunsi marked this conversation as resolved
Outdated
kunsi
commented
Please use a generic vhost name (like the bundle name), then set Please use a generic vhost name (like the bundle name), then set `domain` key inside. Remember to adjust `.provides()` accordingly.
sophie
commented
Resolved in Resolved in `a65301ee89`
|
||||
'domain': metadata.get('matrix-dimension/url'),
|
||||
'do_not_set_content_security_headers': True,
|
||||
'max_body_size': '50M',
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:20030',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'icinga2_api/matrix-dimension/services',
|
||||
)
|
||||
def icinga_check_for_new_release(metadata):
|
||||
return {
|
||||
'icinga2_api': {
|
||||
'matrix-dimension': {
|
||||
'services': {
|
||||
'MATRIX-DIMENSION UPDATE': {
|
||||
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
|
||||
'vars.notification.mail': True,
|
||||
'check_interval': '60m',
|
||||
},
|
||||
'MATRIX-DIMENSION PROCESS': {
|
||||
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:',
|
||||
kunsi marked this conversation as resolved
Outdated
kunsi
commented
Please fix and enable. Please fix and enable.
sophie
commented
Resolved in 'd74618f9a9' Resolved in 'd74618f9a9'
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
|
||||
|
||||
location /.well-known/matrix/ {
|
||||
alias /etc/matrix-synapse/wellknown/;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
|
|
@ -4,6 +4,7 @@
|
|||
nodes['htz-cloud.miniserver'] = {
|
||||
'bundles': {
|
||||
'element-web',
|
||||
'matrix-dimension',
|
||||
'matrix-media-repo',
|
||||
'matrix-synapse',
|
||||
'nodejs',
|
||||
|
@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
'brand': 'sophies-kitchen.eu',
|
||||
'showLabsSettings': True,
|
||||
'integrations_ui_url': 'https://dimension.franzi.business/riot',
|
||||
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
|
||||
'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
|
||||
'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
|
||||
'integrations_widgets_urls': {
|
||||
'https://dimension.franzi.business/widgets'
|
||||
'https://dimension.sophies-kitchen.eu/widgets'
|
||||
},
|
||||
'default_theme': 'dark',
|
||||
'defaultCountryCode': 'DE',
|
||||
|
@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'matrix-dimension': {
|
||||
'url': 'dimension.sophies-kitchen.eu',
|
||||
'version': 'master', # doesn't have releases yet
|
||||
'homeserver': {
|
||||
'name': 'sophies-kitchen.eu',
|
||||
'clientServerUrl': 'https://matrix.sophies-kitchen.eu',
|
||||
'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
|
||||
},
|
||||
'admins': [
|
||||
'@sophie:sophies-kitchen.eu',
|
||||
],
|
||||
'telegram': {
|
||||
'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
|
||||
},
|
||||
},
|
||||
'matrix-media-repo': {
|
||||
'version': 'v1.2.8',
|
||||
'homeservers': {
|
||||
|
@ -144,6 +160,14 @@ nodes['htz-cloud.miniserver'] = {
|
|||
'bot_token': '""',
|
||||
},
|
||||
},
|
||||
'nameservers': {
|
||||
'213.133.98.98',
|
||||
'213.133.99.99',
|
||||
'213.133.100.100',
|
||||
'2a01:4f8:0:1::add:1010',
|
||||
'2a01:4f8:0:1::add:9999',
|
||||
'2a01:4f8:0:1::add:9898',
|
||||
},
|
||||
'nftables': {
|
||||
'rules': {
|
||||
'input': {
|
||||
|
@ -156,16 +180,9 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
#'dimension.sophies-kitchen.eu': {
|
||||
# 'extras': True,
|
||||
# 'do_not_set_content_security_headers': True,
|
||||
# 'max_body_size': '50M',
|
||||
# 'locations': {
|
||||
# '/': {
|
||||
# 'target': 'http://127.0.0.1:8184',
|
||||
# },
|
||||
# },
|
||||
#},
|
||||
'matrix-dimension': {
|
||||
'extras': True,
|
||||
},
|
||||
'sophies-kitchen.eu': {
|
||||
'webroot': '/var/www/sophies-kitchen.eu/_site/',
|
||||
'extras': True,
|
||||
|
|
Please use a user dedicated to this bundle, naming them accordingly
Resolved in
b87d3cc975