PORT_MAP.md

@@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
 | 6667        |                      | bitlbee |
 | 8010        |                      | matrix-media-repo |
 | 8086        | influxdb2            | influx |
-| 8184        |                      | matrix-dimension |
 | 11332-11334 | rspamd               | rspamd |
 | 20000       | mx-puppet-discord    | Bridge |
 | 20010       | mautrix-telegram     | Bridge |
 | 20020       | mautrix-whatsapp     | Bridge |
+| 20030       | matrix-dimension     | Matrix Integrations Manager|
 | 20080       | matrix-synapse       | client, federation |
 | 20081       | matrix-synapse       | prometheus metrics |
 | 20090       | matrix-media-repo    | media_repo |

bundles/matrix-dimension/files/matrix-dimension.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Matrix Dimension
+After=network.target
+
+[Service]
+User=matrix-dimension
+Group=matrix-dimension
+Environment="NODE_ENV=production"
+ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js
+WorkingDirectory=${config['install_dir']}
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

bundles/matrix-dimension/files/production.yaml

@@ -0,0 +1,93 @@
+# The web settings for the service (API and UI).
+# It is best to have this run on localhost and use a reverse proxy to access Dimension.
+web:
+  port: 20030
+  address: '127.0.0.1'
+
+# Homeserver configuration
+homeserver:
+  # The domain name of the homeserver. This is used in many places, such as with go-neb
+  # setups, to identify the homeserver.
+  name: "${config['homeserver']['name']}"
+
+  # The URL that Dimension, go-neb, and other services provisioned by Dimension should
+  # use to access the homeserver with.
+  clientServerUrl: "${config['homeserver']['clientServerUrl']}"
+
+  # The URL that Dimension should use when trying to communicate with federated APIs on
+  # the homeserver. If not supplied or left empty Dimension will try to resolve the address
+  # through the normal federation process.
+  #federationUrl: "https://t2bot.io:8448"
+
+  # The URL that Dimension will redirect media requests to for downloading media such as
+  # stickers. If not supplied or left empty Dimension will use the clientServerUrl.
+  #mediaUrl: "https://t2bot.io"
+
+  # The access token Dimension should use for miscellaneous access to the homeserver, and
+  # for tracking custom sticker pack updates. This should be a user configured on the homeserver
+  # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
+  # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
+  accessToken: "${config['homeserver']['accessToken']}"
+
+# These users can modify the integrations this Dimension supports.
+# To access the admin interface, open Dimension in Riot and click the settings icon.
+admins:
+% for i in config['admins']:
+  - "${i}"
+% endfor
+# IPs and CIDR ranges listed here will be blocked from being widgets.
+# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
+widgetBlacklist:
+  - 10.0.0.0/8
+  - 172.16.0.0/12
+  - 192.168.0.0/16
+  - 127.0.0.0/8
+
+database:
+  # Where the database for Dimension is
+  uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
+
+  # Where to store misc information for the utility bot account.
+  botData: "${config['data_dir']}/dimension.bot.json"
+
+# Display settings that apply to self-hosted go-neb instances
+goneb:
+  # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
+  # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
+  # make the bot's avatar an empty string.
+  avatars:
+    giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
+    imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
+    github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
+    wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
+    travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
+    rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
+    google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
+    guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
+    echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
+    circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
+    jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
+
+# Settings for interacting with Telegram. Currently only applies for importing
+# sticker packs from Telegram.
+telegram:
+  # Talk to @BotFather on Telegram to get a token
+  botToken: "${config['telegram']['botToken']}"
+
+# Custom sticker pack options.
+# Largely based on https://github.com/turt2live/matrix-sticker-manager
+stickers:
+  # Whether or not to allow people to add custom sticker packs
+  enabled: true
+
+  # The sticker manager bot to promote
+  stickerBot: "@stickers:t2bot.io"
+
+  # The sticker manager URL to promote
+  managerUrl: "https://stickers.t2bot.io"
+
+
+# Settings for controlling how logging works
+logging:
+  console: true
+  consoleLevel: info

bundles/matrix-dimension/items.py

@@ -0,0 +1,74 @@
+repo.libs.tools.require_bundle(node, 'nodejs')
+
+
+directories = {
+    node.metadata['matrix-dimension']['install_dir']: {
+        'owner': 'matrix-dimension',
+        'group': 'matrix-dimension',
+    },
+}
+
+git_deploy = {
+    node.metadata['matrix-dimension']['install_dir']: {
+        'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet
+        'repo': 'https://github.com/turt2live/matrix-dimension.git',
+        'triggers': {
+            'action:matrix_dimension_build',
+        },
+        'needs': {
+            'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
+            'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')),
+        },
+    },
+}
+
+files = {
+    '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): {
+        'owner': 'matrix-dimension',
+        'group': 'matrix-dimension',
+        'content_type': 'mako',
+        'context': {
+            'config': node.metadata.get('matrix-dimension', {}),
+        },
+        'needs': {
+            'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
+        },
+        'triggers': {
+            'svc_systemd:matrix-dimension:restart',
+        },
+    },
+    '/etc/systemd/system/matrix-dimension.service': {
+        'content_type': 'mako',
+        'context': {
+            'config': node.metadata.get('matrix-dimension', {}),
+        },
+        'triggers': {
+            'action:systemd-reload',
+            'svc_systemd:matrix-dimension:restart',
+        },
+    },
+}
+
+actions = {
+    'matrix_dimension_build': {
+        'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build',
+        'needs': {
+            'pkg_apt:nodejs',
+        },
+        'triggered': True,
+        'triggers': {
+            'svc_systemd:matrix-dimension:restart',
+        },
+    },
+}
+
+svc_systemd = {
+    'matrix-dimension': {
+        'needs': {
+            'action:matrix_dimension_build',
+            'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')),
+            'postgres_db:matrix-dimension',
+            'postgres_role:matrix-dimension',
+        },
+    },
+}

bundles/matrix-dimension/metadata.py

@@ -0,0 +1,77 @@
+defaults = {
+    'backups': {
+        'paths': {
+            '/opt/matrix-dimension',
+            '/var/opt/matrix-dimension',
+        },
+    },
+    'matrix-dimension': {
+        'install_dir': '/opt/matrix-dimension',
+        'data_dir': '/var/opt/matrix-dimension',
+        'database': {
+            'user': 'matrix-dimension',
+            'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
+            'database': 'matrix-dimension',
+        },
+    },
+    'postgresql': {
+        'roles': {
+            'matrix-dimension': {
+                'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
+            },
+        },
+        'databases': {
+            'matrix-dimension': {
+                'owner': 'matrix-dimension',
+            },
+        },
+    },
+    'users': {
+        'matrix-dimension': {
+            'home': '/var/opt/matrix-dimension',
+        },
+    },
+}
+
+@metadata_reactor.provides(
+    'nginx/vhosts/matrix-dimension',
+)
+def nginx_config(metadata):
+    return {
+        'nginx': {
+            'vhosts': {
+                'matrix-dimension': {
+                    'domain': metadata.get('matrix-dimension/url'),
+                    'do_not_set_content_security_headers': True,
+                    'max_body_size': '50M',
+                    'locations': {
+                        '/': {
+                            'target': 'http://127.0.0.1:20030',
+                        },
+                    },
+                },
+            },
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'icinga2_api/matrix-dimension/services',
+)
+def icinga_check_for_new_release(metadata):
+    return {
+        'icinga2_api': {
+            'matrix-dimension': {
+                'services': {
+                    'MATRIX-DIMENSION UPDATE': {
+                        'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
+                        'vars.notification.mail': True,
+                        'check_interval': '60m',
+                    },
+                    'MATRIX-DIMENSION PROCESS': {
+                        'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:',
+                    },
+                },
+            },
+        },
+    }

data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu

@@ -1,6 +0,0 @@
-    add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
-
-    location /.well-known/matrix/ {
-        alias /etc/matrix-synapse/wellknown/;
-        add_header Access-Control-Allow-Origin *;
-    }

data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension

@@ -0,0 +1 @@
+add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";

nodes/htz-cloud/miniserver.py

@@ -4,6 +4,7 @@
 nodes['htz-cloud.miniserver'] = {
     'bundles': {
         'element-web',
+        'matrix-dimension',
         'matrix-media-repo',
         'matrix-synapse',
         'nodejs',
@@ -58,7 +59,7 @@ nodes['htz-cloud.miniserver'] = {
         },
         'element-web': {
             'url': 'chat.sophies-kitchen.eu',
-            'version': 'v1.7.31',
+            'version': 'v1.7.32',
             'config': {
                 'default_server_config': {
                     'm.homeserver': {
@@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = {
                 },
                 'brand': 'sophies-kitchen.eu',
                 'showLabsSettings': True,
-                'integrations_ui_url': 'https://dimension.franzi.business/riot',
+                'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
-                'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
+                'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
                 'integrations_widgets_urls': {
-                    'https://dimension.franzi.business/widgets'
+                    'https://dimension.sophies-kitchen.eu/widgets'
                 },
                 'default_theme': 'dark',
                 'defaultCountryCode': 'DE',
@@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = {
                 },
             },
         },
+        'matrix-dimension': {
+            'url': 'dimension.sophies-kitchen.eu',
+            'version': 'master', # doesn't have releases yet
+            'homeserver': {
+                'name': 'sophies-kitchen.eu',
+                'clientServerUrl': 'https://matrix.sophies-kitchen.eu',
+                'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
+            },
+            'admins': [
+                '@sophie:sophies-kitchen.eu',
+            ],
+            'telegram': {
+                'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
+            },
+        },
         'matrix-media-repo': {
             'version': 'v1.2.8',
             'homeservers': {
@@ -144,6 +160,14 @@ nodes['htz-cloud.miniserver'] = {
                 'bot_token': '""',
             },
         },
+        'nameservers': {
+                '213.133.98.98',
+                '213.133.99.99',
+                '213.133.100.100',
+                '2a01:4f8:0:1::add:1010',
+                '2a01:4f8:0:1::add:9999',
+                '2a01:4f8:0:1::add:9898',
+        },
         'nftables': {
             'rules': {
                 'input': {
@@ -156,16 +180,9 @@ nodes['htz-cloud.miniserver'] = {
         },
         'nginx': {
             'vhosts': {
-                #'dimension.sophies-kitchen.eu': {
+                'matrix-dimension': {
-                #    'extras': True,
+                    'extras': True,
-                #    'do_not_set_content_security_headers': True,
+                },
-                #    'max_body_size': '50M',
-                #    'locations': {
-                #        '/': {
-                #            'target': 'http://127.0.0.1:8184',
-                #        },
-                #    },
-                #},
                 'sophies-kitchen.eu': {
                     'webroot': '/var/www/sophies-kitchen.eu/_site/',
                     'extras': True,