From c52482e98b8858a9ecdcf7c30d2cedb66d2e637b Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 16:36:43 +0200 Subject: [PATCH 01/16] bw/bundle matrix-dimension add first draft --- .../files/matrix-dimension.service | 14 +++ .../matrix-dimension/files/production.yaml | 98 +++++++++++++++++++ bundles/matrix-dimension/items.py | 68 +++++++++++++ bundles/matrix-dimension/metadata.py | 75 ++++++++++++++ .../dimension.sophies-kitchen.eu | 13 ++- nodes/htz-cloud/miniserver.py | 35 ++++--- 6 files changed, 288 insertions(+), 15 deletions(-) create mode 100644 bundles/matrix-dimension/files/matrix-dimension.service create mode 100644 bundles/matrix-dimension/files/production.yaml create mode 100644 bundles/matrix-dimension/items.py create mode 100644 bundles/matrix-dimension/metadata.py diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service new file mode 100644 index 0000000..1b9333f --- /dev/null +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -0,0 +1,14 @@ +[Unit] +Description=Matrix Dimension +After=network.target + +[Service] +User=matrix-support +Group=matrix-support +Environment="NODE_ENV=production" +ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +WorkingDirectory=${config['install_dir']} +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml new file mode 100644 index 0000000..bb67228 --- /dev/null +++ b/bundles/matrix-dimension/files/production.yaml @@ -0,0 +1,98 @@ +# The web settings for the service (API and UI). +# It is best to have this run on localhost and use a reverse proxy to access Dimension. +web: + port: 8184 + address: '127.0.0.1' + +# Homeserver configuration +homeserver: + # The domain name of the homeserver. This is used in many places, such as with go-neb + # setups, to identify the homeserver. + name: "${config['homserver']['name']}" + + # The URL that Dimension, go-neb, and other services provisioned by Dimension should + # use to access the homeserver with. + clientServerUrl: "${config['homserver']['clientServeUrl']}" + + # The URL that Dimension should use when trying to communicate with federated APIs on + # the homeserver. If not supplied or left empty Dimension will try to resolve the address + # through the normal federation process. + #federationUrl: "https://t2bot.io:8448" + + # The URL that Dimension will redirect media requests to for downloading media such as + # stickers. If not supplied or left empty Dimension will use the clientServerUrl. + #mediaUrl: "https://t2bot.io" + + # The access token Dimension should use for miscellaneous access to the homeserver, and + # for tracking custom sticker pack updates. This should be a user configured on the homeserver + # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For + # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens + accessToken: "${config['homserver']['accessToken']}" + +# These users can modify the integrations this Dimension supports. +# To access the admin interface, open Dimension in Riot and click the settings icon. +admins: +% for i in config['admins']: + - "${i}" +% endfor +# IPs and CIDR ranges listed here will be blocked from being widgets. +# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. +widgetBlacklist: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 127.0.0.0/8 + +database: + # Where the database for Dimension is + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + + # Where to store misc information for the utility bot account. + botData: "${config['data_dir']}/dimension.bot.json" + +# Display settings that apply to self-hosted go-neb instances +goneb: + # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver + # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, + # make the bot's avatar an empty string. + avatars: + giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" + imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" + github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" + wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" + travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" + rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" + google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" + guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" + echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" + circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" + jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" + +# Settings for interacting with Telegram. Currently only applies for importing +# sticker packs from Telegram. +telegram: + # Talk to @BotFather on Telegram to get a token + botToken: "${config['telegram']['botToken']}" + +# Custom sticker pack options. +# Largely based on https://github.com/turt2live/matrix-sticker-manager +stickers: + # Whether or not to allow people to add custom sticker packs + enabled: true + + # The sticker manager bot to promote + stickerBot: "@stickers:t2bot.io" + + # The sticker manager URL to promote + managerUrl: "https://stickers.t2bot.io" + + +# Settings for controlling how logging works +logging: + file: "${config['data_dir']}/logs/dimension.log" + console: true + consoleLevel: info + fileLevel: verbose + rotate: + size: 52428800 # bytes, default is 50mb + count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py new file mode 100644 index 0000000..68375ea --- /dev/null +++ b/bundles/matrix-dimension/items.py @@ -0,0 +1,68 @@ +repo.libs.tools.require_bundle(node, 'nodejs') + + +directories = { + node.metadata['matrix-dimension']['install_dir']: {}, + node.metadata['matrix-dimension']['data_dir']: {}, +} + +git_deploy = { + node.metadata['matrix-dimension']['install_dir']: { + 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'repo': 'https://github.com/turt2live/matrix-dimension.git', + 'triggers': { + 'action:matrix_dimension_build', + }, + 'needs': { + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + }, + }, +} + +files = { + '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'needs': { + 'action:element-web_yarn', + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + }, + }, + '/etc/systemd/system/matrix-dimension.service': { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +actions = { + 'matrix_dimenson_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'needs': { + 'pkg_apt:nodejs', + }, + 'triggered': True, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +svc_systemd = { + 'matrix-dimension': { + 'needs': { + 'action:matrix-dimension_build', + 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'postgres_db:matrix-dimension', + 'postgres_role:matrix-dimension', + }, + }, +} diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py new file mode 100644 index 0000000..6db7c86 --- /dev/null +++ b/bundles/matrix-dimension/metadata.py @@ -0,0 +1,75 @@ +defaults = { + 'matrix-dimension': { + 'install_dir': '/opt/matrix-dimension', + 'data_dir': '/var/opt/dimension', + 'database': { + 'user': 'matrix-dimension', + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + 'database': 'matrix-dimension', + }, + }, + 'postgresql': { + 'roles': { + 'matrix-dimension': { + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + }, + }, + 'databases': { + 'matrix-dimension': { + 'owner': 'matrix-dimension', + }, + }, + }, + 'icinga2_api': { + 'mautrix-telegram': { + 'services': { + 'MAUTRIX-TELEGRAM PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + }, + }, + }, + }, +} + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx_config(metadata): + return { + 'nginx': { + 'vhosts': { + metadata.get('matrix-dimension/url'): { + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'do_not_set_content_security_headers': True, + 'max_body_size': '50M', + 'proxy': { + '/': { + 'target': 'http://127.0.0.1:8184', + }, + }, + }, + }, + }, + } + + +@metadata_reactor.provides( + 'icinga2_api/matrix-dimension/services', +) +def icinga_check_for_new_release(metadata): + return { + 'icinga2_api': { + 'matrix-dimension': { + 'services': { + 'MATRIX-DIMENSION UPDATE': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')), + 'vars.notification.mail': True, + 'check_interval': '60m', + }, + #'MATRIX-DIMENSION PROCESS': { + # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + #}, + }, + }, + }, + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index aa5cff2..b20254d 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,6 +1,15 @@ + add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - location /.well-known/matrix/ { - alias /etc/matrix-synapse/wellknown/; + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; + default_type application/json; add_header Access-Control-Allow-Origin *; } + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 1085b16..06eddd4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -4,6 +4,7 @@ nodes['htz-cloud.miniserver'] = { 'bundles': { 'element-web', + 'matrix-dimension', 'matrix-media-repo', 'matrix-synapse', 'nodejs', @@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = { }, 'brand': 'sophies-kitchen.eu', 'showLabsSettings': True, - 'integrations_ui_url': 'https://dimension.franzi.business/riot', - 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', + 'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot', + 'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar', 'integrations_widgets_urls': { - 'https://dimension.franzi.business/widgets' + 'https://dimension.sophies-kitchen.eu/widgets' }, 'default_theme': 'dark', 'defaultCountryCode': 'DE', @@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = { }, }, }, + 'matrix-dimension': { + 'url': 'dimension.sophies-kitchen.eu', + 'version': 'master', # doesn't have releases yet + 'homserver': { + 'name': 'sophies-kitchen.eu', + 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), + }, + 'admins': [ + '@sophie:sophies-kitchen.eu', + ], + 'telegram': { + 'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'), + }, + }, 'matrix-media-repo': { 'version': 'v1.2.8', 'homeservers': { @@ -156,16 +172,9 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - #'dimension.sophies-kitchen.eu': { - # 'extras': True, - # 'do_not_set_content_security_headers': True, - # 'max_body_size': '50M', - # 'locations': { - # '/': { - # 'target': 'http://127.0.0.1:8184', - # }, - # }, - #}, + 'dimension.sophies-kitchen.eu': { + 'extras': True, + }, 'sophies-kitchen.eu': { 'webroot': '/var/www/sophies-kitchen.eu/_site/', 'extras': True, -- 2.39.2 From a5b6250c866232f7bc5ec09691707f96a05fabac Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 18:04:48 +0200 Subject: [PATCH 02/16] bw/bundle matrix-dimension this might actually work --- .../files/matrix-dimension.service | 2 +- bundles/matrix-dimension/files/production.yaml | 2 +- bundles/matrix-dimension/items.py | 14 +++++++++----- bundles/matrix-dimension/metadata.py | 14 +++++--------- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service index 1b9333f..14b91f4 100644 --- a/bundles/matrix-dimension/files/matrix-dimension.service +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -6,7 +6,7 @@ After=network.target User=matrix-support Group=matrix-support Environment="NODE_ENV=production" -ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js WorkingDirectory=${config['install_dir']} Restart=on-failure diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index bb67228..738b1d9 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -45,7 +45,7 @@ widgetBlacklist: database: # Where the database for Dimension is - uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" # Where to store misc information for the utility bot account. botData: "${config['data_dir']}/dimension.bot.json" diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 68375ea..594ba89 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -2,8 +2,10 @@ repo.libs.tools.require_bundle(node, 'nodejs') directories = { - node.metadata['matrix-dimension']['install_dir']: {}, - node.metadata['matrix-dimension']['data_dir']: {}, + node.metadata['matrix-dimension']['install_dir']: { + 'owner': 'matrix-support', + 'group': 'matrix-support', + }, } git_deploy = { @@ -22,6 +24,8 @@ git_deploy = { files = { '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'owner': 'matrix-support', + 'group': 'matrix-support', 'content_type': 'mako', 'context': { 'config': node.metadata.get('matrix-dimension', {}), @@ -44,8 +48,8 @@ files = { } actions = { - 'matrix_dimenson_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'matrix_dimension_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-support npm install && sudo -u matrix-support npm run build', 'needs': { 'pkg_apt:nodejs', }, @@ -59,7 +63,7 @@ actions = { svc_systemd = { 'matrix-dimension': { 'needs': { - 'action:matrix-dimension_build', + 'action:matrix_dimension_build', 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 6db7c86..6172b56 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -1,7 +1,7 @@ defaults = { 'matrix-dimension': { 'install_dir': '/opt/matrix-dimension', - 'data_dir': '/var/opt/dimension', + 'data_dir': '/var/opt/matrix-dimension', 'database': { 'user': 'matrix-dimension', 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), @@ -20,13 +20,9 @@ defaults = { }, }, }, - 'icinga2_api': { - 'mautrix-telegram': { - 'services': { - 'MAUTRIX-TELEGRAM PROCESS': { - 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', - }, - }, + 'users': { + 'matrix-support': { + 'home': '/var/opt/matrix-dimension', }, }, } @@ -39,7 +35,7 @@ def nginx_config(metadata): 'nginx': { 'vhosts': { metadata.get('matrix-dimension/url'): { - 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', 'proxy': { -- 2.39.2 From fd6f42cef7a8705b3671f6c10fc1a366442b6718 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 18:48:22 +0200 Subject: [PATCH 03/16] bw/htz-cloud.miniserver set differend recursors --- nodes/htz-cloud/miniserver.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 06eddd4..50478cd 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -160,6 +160,14 @@ nodes['htz-cloud.miniserver'] = { 'bot_token': '""', }, }, + 'nameservers': { + '213.133.98.98', + '213.133.99.99', + '213.133.100.100', + '2a01:4f8:0:1::add:1010', + '2a01:4f8:0:1::add:9999', + '2a01:4f8:0:1::add:9898', + }, 'nftables': { 'rules': { 'input': { -- 2.39.2 From 8ee59cd0369710e5d3e0806e32ed4269c33fa720 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:15:19 +0200 Subject: [PATCH 04/16] bundle/matrix-dimension enable backups --- bundles/matrix-dimension/metadata.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 6172b56..23627ae 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -1,4 +1,10 @@ defaults = { + 'backups': { + 'paths': { + '/opt/matrix-dimension', + '/var/opt/matrix-dimension', + }, + }, 'matrix-dimension': { 'install_dir': '/opt/matrix-dimension', 'data_dir': '/var/opt/matrix-dimension', @@ -38,7 +44,7 @@ def nginx_config(metadata): 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', - 'proxy': { + 'locations': { '/': { 'target': 'http://127.0.0.1:8184', }, -- 2.39.2 From ebee3b3de524e61efec6772f2eaee08681bf1c9f Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:21:19 +0200 Subject: [PATCH 05/16] bw/matrix-dimension witespaaaaaaaace --- bundles/matrix-dimension/files/production.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 738b1d9..426af52 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -22,7 +22,7 @@ homeserver: # The URL that Dimension will redirect media requests to for downloading media such as # stickers. If not supplied or left empty Dimension will use the clientServerUrl. #mediaUrl: "https://t2bot.io" - + # The access token Dimension should use for miscellaneous access to the homeserver, and # for tracking custom sticker pack updates. This should be a user configured on the homeserver # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For -- 2.39.2 From 2a78fa95a136a49ec933e9421d2396318abcc5c3 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:28:48 +0200 Subject: [PATCH 06/16] bw/htz-cloud.miniserver cleanup extras --- .../dimension.sophies-kitchen.eu | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index b20254d..e13c482 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,15 +1 @@ - - add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - - location /.well-known/matrix/client { - return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - - location /.well-known/matrix/server { - return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - +add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; -- 2.39.2 From 9fb5293c8083e1690665d1b1a9aa2e83ad141d67 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:38:27 +0200 Subject: [PATCH 07/16] bw/matrix-dimension switch to dedicated user --- .../matrix-dimension/files/matrix-dimension.service | 4 ++-- bundles/matrix-dimension/items.py | 10 +++++----- bundles/matrix-dimension/metadata.py | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service index 14b91f4..9d2bebc 100644 --- a/bundles/matrix-dimension/files/matrix-dimension.service +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -3,8 +3,8 @@ Description=Matrix Dimension After=network.target [Service] -User=matrix-support -Group=matrix-support +User=matrix-dimension +Group=matrix-dimension Environment="NODE_ENV=production" ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js WorkingDirectory=${config['install_dir']} diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 594ba89..8bdf28f 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -3,8 +3,8 @@ repo.libs.tools.require_bundle(node, 'nodejs') directories = { node.metadata['matrix-dimension']['install_dir']: { - 'owner': 'matrix-support', - 'group': 'matrix-support', + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', }, } @@ -24,8 +24,8 @@ git_deploy = { files = { '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { - 'owner': 'matrix-support', - 'group': 'matrix-support', + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', 'content_type': 'mako', 'context': { 'config': node.metadata.get('matrix-dimension', {}), @@ -49,7 +49,7 @@ files = { actions = { 'matrix_dimension_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-support npm install && sudo -u matrix-support npm run build', + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', 'needs': { 'pkg_apt:nodejs', }, diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 23627ae..b9cf3df 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -27,7 +27,7 @@ defaults = { }, }, 'users': { - 'matrix-support': { + 'matrix-dimension': { 'home': '/var/opt/matrix-dimension', }, }, -- 2.39.2 From 568a73efafd03b11d9e10fe3a64bbe2e0c40e6b3 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:41:17 +0200 Subject: [PATCH 08/16] bw/matrix-dimension switch listening port --- PORT_MAP.md | 2 +- bundles/matrix-dimension/files/production.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PORT_MAP.md b/PORT_MAP.md index e15cfec..003339b 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 6667 | | bitlbee | | 8010 | | matrix-media-repo | | 8086 | influxdb2 | influx | -| 8184 | | matrix-dimension | | 11332-11334 | rspamd | rspamd | | 20000 | mx-puppet-discord | Bridge | | 20010 | mautrix-telegram | Bridge | | 20020 | mautrix-whatsapp | Bridge | +| 20030 | matrix-dimension | Matrix Integrations Manager| | 20080 | matrix-synapse | client, federation | | 20081 | matrix-synapse | prometheus metrics | | 20090 | matrix-media-repo | media_repo | diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 426af52..305ba54 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -1,7 +1,7 @@ # The web settings for the service (API and UI). # It is best to have this run on localhost and use a reverse proxy to access Dimension. web: - port: 8184 + port: 20030 address: '127.0.0.1' # Homeserver configuration -- 2.39.2 From f40036422ffb38c2fcfa648f50461d47b9e92972 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:44:17 +0200 Subject: [PATCH 09/16] bw/matrix-dimensions fix typos --- bundles/matrix-dimension/files/production.yaml | 6 +++--- nodes/htz-cloud/miniserver.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 305ba54..5bfcfdd 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -8,11 +8,11 @@ web: homeserver: # The domain name of the homeserver. This is used in many places, such as with go-neb # setups, to identify the homeserver. - name: "${config['homserver']['name']}" + name: "${config['homeserver']['name']}" # The URL that Dimension, go-neb, and other services provisioned by Dimension should # use to access the homeserver with. - clientServerUrl: "${config['homserver']['clientServeUrl']}" + clientServerUrl: "${config['homeserver']['clientServerUrl']}" # The URL that Dimension should use when trying to communicate with federated APIs on # the homeserver. If not supplied or left empty Dimension will try to resolve the address @@ -27,7 +27,7 @@ homeserver: # for tracking custom sticker pack updates. This should be a user configured on the homeserver # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens - accessToken: "${config['homserver']['accessToken']}" + accessToken: "${config['homeserver']['accessToken']}" # These users can modify the integrations this Dimension supports. # To access the admin interface, open Dimension in Riot and click the settings icon. diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 50478cd..0a104d4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -107,7 +107,7 @@ nodes['htz-cloud.miniserver'] = { 'matrix-dimension': { 'url': 'dimension.sophies-kitchen.eu', 'version': 'master', # doesn't have releases yet - 'homserver': { + 'homeserver': { 'name': 'sophies-kitchen.eu', 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), -- 2.39.2 From 71a1a4d59b5e1a8d3b986fdf15b23fe112d3e060 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:47:40 +0200 Subject: [PATCH 10/16] bw/matrix-dimension enable process monitoring --- bundles/matrix-dimension/metadata.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index b9cf3df..ed7392a 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -68,9 +68,9 @@ def icinga_check_for_new_release(metadata): 'vars.notification.mail': True, 'check_interval': '60m', }, - #'MATRIX-DIMENSION PROCESS': { - # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', - #}, + 'MATRIX-DIMENSION PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:', + }, }, }, }, -- 2.39.2 From aa639dc913a8d392202c6de6f96cf8e0e44158a5 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:58:56 +0200 Subject: [PATCH 11/16] bw/matrix-dimension switch to generic vhost name --- bundles/matrix-dimension/metadata.py | 5 +++-- .../{dimension.sophies-kitchen.eu => matrix-dimension} | 0 nodes/htz-cloud/miniserver.py | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) rename data/nginx/files/extras/htz-cloud.miniserver/{dimension.sophies-kitchen.eu => matrix-dimension} (100%) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index ed7392a..ddcdbd0 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -34,13 +34,14 @@ defaults = { } @metadata_reactor.provides( - 'nginx/vhosts', + 'nginx/vhosts/matrix-dimension', ) def nginx_config(metadata): return { 'nginx': { 'vhosts': { - metadata.get('matrix-dimension/url'): { + 'matrix-dimension': { + 'domain': metadata.get('matrix-dimension/url'), 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension similarity index 100% rename from data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu rename to data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 0a104d4..cb2ec71 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -109,7 +109,7 @@ nodes['htz-cloud.miniserver'] = { 'version': 'master', # doesn't have releases yet 'homeserver': { 'name': 'sophies-kitchen.eu', - 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'clientServerUrl': 'https://matrix.sophies-kitchen.eu', 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), }, 'admins': [ @@ -180,7 +180,7 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - 'dimension.sophies-kitchen.eu': { + 'matrix-dimension': { 'extras': True, }, 'sophies-kitchen.eu': { -- 2.39.2 From 2b1c53e47a2ebe94bc1cfe533a02b98bf1708d93 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:06:51 +0200 Subject: [PATCH 12/16] bw/matrix-dimension disable logfile --- bundles/matrix-dimension/files/production.yaml | 5 ----- bundles/matrix-dimension/items.py | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 5bfcfdd..321f6d2 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -89,10 +89,5 @@ stickers: # Settings for controlling how logging works logging: - file: "${config['data_dir']}/logs/dimension.log" console: true consoleLevel: info - fileLevel: verbose - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 8bdf28f..8af625b 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -34,6 +34,9 @@ files = { 'action:element-web_yarn', 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), }, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, }, '/etc/systemd/system/matrix-dimension.service': { 'content_type': 'mako', -- 2.39.2 From 6ceb47a92e0f0da6bc21b5283bc316c26e6d1b85 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:11:23 +0200 Subject: [PATCH 13/16] bw/matrix-dimension get all the things --- bundles/matrix-dimension/items.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 8af625b..5fbb7d6 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -10,20 +10,20 @@ directories = { git_deploy = { node.metadata['matrix-dimension']['install_dir']: { - 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet 'repo': 'https://github.com/turt2live/matrix-dimension.git', 'triggers': { 'action:matrix_dimension_build', }, 'needs': { - 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), - 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + 'directory:{}'.format(node.metadatai.get('matrix-dimension/install_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir'), }, }, } files = { - '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'): { 'owner': 'matrix-dimension', 'group': 'matrix-dimension', 'content_type': 'mako', @@ -32,7 +32,7 @@ files = { }, 'needs': { 'action:element-web_yarn', - 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir'), }, 'triggers': { 'svc_systemd:matrix-dimension:restart', @@ -52,7 +52,7 @@ files = { actions = { 'matrix_dimension_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', + 'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', 'needs': { 'pkg_apt:nodejs', }, @@ -67,7 +67,7 @@ svc_systemd = { 'matrix-dimension': { 'needs': { 'action:matrix_dimension_build', - 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', }, -- 2.39.2 From d076384eade598db82a44d2d5b15079d9ac15d29 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:17:12 +0200 Subject: [PATCH 14/16] bw/matrix-dimension remove unneeded metadata --- bundles/matrix-dimension/metadata.py | 1 - 1 file changed, 1 deletion(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index ddcdbd0..524e291 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -42,7 +42,6 @@ def nginx_config(metadata): 'vhosts': { 'matrix-dimension': { 'domain': metadata.get('matrix-dimension/url'), - 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', 'locations': { -- 2.39.2 From 58691904fc6ec04a6bc223bdc332385fe2b83c04 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:32:10 +0200 Subject: [PATCH 15/16] bw/matrix-dimension repair syntax errors --- bundles/matrix-dimension/items.py | 11 +++++------ bundles/matrix-dimension/metadata.py | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 5fbb7d6..a8a9a5c 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -16,14 +16,14 @@ git_deploy = { 'action:matrix_dimension_build', }, 'needs': { - 'directory:{}'.format(node.metadatai.get('matrix-dimension/install_dir'), - 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')), }, }, } files = { - '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'): { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): { 'owner': 'matrix-dimension', 'group': 'matrix-dimension', 'content_type': 'mako', @@ -31,8 +31,7 @@ files = { 'config': node.metadata.get('matrix-dimension', {}), }, 'needs': { - 'action:element-web_yarn', - 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), }, 'triggers': { 'svc_systemd:matrix-dimension:restart', @@ -67,7 +66,7 @@ svc_systemd = { 'matrix-dimension': { 'needs': { 'action:matrix_dimension_build', - 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'), + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', }, diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 524e291..2d41180 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -46,7 +46,7 @@ def nginx_config(metadata): 'max_body_size': '50M', 'locations': { '/': { - 'target': 'http://127.0.0.1:8184', + 'target': 'http://127.0.0.1:20030', }, }, }, -- 2.39.2 From 07dbcb51f4b145893d7feed8e13bfabde73e86aa Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Mon, 5 Jul 2021 19:57:44 +0200 Subject: [PATCH 16/16] bw/htz-cloud.miniserver bump element-web version --- nodes/htz-cloud/miniserver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index cb2ec71..f28568c 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -59,7 +59,7 @@ nodes['htz-cloud.miniserver'] = { }, 'element-web': { 'url': 'chat.sophies-kitchen.eu', - 'version': 'v1.7.31', + 'version': 'v1.7.32', 'config': { 'default_server_config': { 'm.homeserver': { -- 2.39.2