Maubot moanos

README.md

@@ -103,6 +103,10 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
 
+- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens  - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation
+
+- (optional) [matrix-maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-matrix-maubot.md](docs/configuring-playbook-bot-matrix-maubot.md) for setup documentation
+
 - (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
 
 - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation

docs/configuring-playbook-bot-maubot.md

@@ -0,0 +1,62 @@
+# Setting up maubot (optional)
+
+The playbook can install and configure [maubot](https://github.com/maubot/maubot) for you.
+
+After setting up maubot, you can use the web management interface to make it do things.
+The default location of the management interface is `matrix.<your-domain>/_matrix/maubot/`
+
+See the project's [documentation](https://docs.mau.fi/maubot/usage/basic.html) to learn what it
+does and why it might be useful to you.
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_bot_maubot_enabled: true
+matrix_bot_maubot_admins:
+  - yourusername: securepassword
+```
+
+You can add multiple admins.
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+## Usage
+
+You can visit `matrix.<your-domain>/_matrix/maubot/` to manage your available plugins, clients and instances.
+To add a client you first need to create an account and obtain a valid access token.
+
+## Registering the bot user
+
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+## Obtaining an admin access token
+
+This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)) or  by logging into Element/Schildichat with the bot account
+(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom.
+You can expand "Access token" to copy it.
+
+![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
+
+**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.
+
+
+
+
+
+
+

docs/configuring-playbook.md

@@ -149,6 +149,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional)
 
+- [Setting up maubot](configuring-playbook-bot-maubot.md) - a plugin-based Matrix bot system (optional)
+
 - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional)
 
 - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional)

group_vars/matrix_servers

@@ -1058,6 +1058,46 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: |
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bot-maubot
+#
+######################################################################
+
+# We don't enable bots by default.
+matrix_bot_maubot_enabled: false
+
+matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
+
+matrix_bot_maubot_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+    +
+    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_bot_maubot_registration_shared_secret: |-
+  {{
+    {
+      'synapse': matrix_synapse_registration_shared_secret,
+      'dendrite': matrix_dendrite_registration_shared_secret,
+    }[matrix_homeserver_implementation]
+  }}
+
+# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
+matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
+matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bot-maubot
+#
+######################################################################
+
 
 ######################################################################
 #
@@ -1768,6 +1808,12 @@ matrix_postgres_additional_databases: |
       'password': matrix_bot_honoroit_database_password,
     }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else [])
     +
+    ([{
+      'name': matrix_bot_maubot_database_name,
+      'username': matrix_bot_maubot_database_username,
+      'password': matrix_bot_maubot_database_password,
+    }] if (matrix_bot_maubot_enabled  and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else [])
+    +
     ([{
       'name': matrix_bot_buscarron_database_name,
       'username': matrix_bot_buscarron_database_username,

roles/matrix-bot-maubot/defaults/main.yml

@@ -0,0 +1,74 @@
+---
+
+# maubot is a plugin-based Matrix bot system.
+# Project source code URL: https://mau.dev/maubot/maubot
+
+matrix_bot_maubot_enabled: true
+matrix_bot_maubot_container_image_self_build: false
+matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"
+matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
+matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
+
+
+matrix_bot_maubot_version: v0.3.1
+matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}"
+matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
+
+matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"
+matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data"
+matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config"
+
+matrix_bot_maubot_bot_server_public_url: "https://{{ matrix_server_fqn_matrix }}"
+matrix_bot_maubot_proxy_management_interface: false
+matrix_bot_maubot_expose_management_interface: true
+
+matrix_bot_maubot_database_engine: sqlite
+matrix_bot_maubot_sqlite_database_path_local: "{{ matrix_bot_maubot_data_path }}/maubot.db"
+matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db"
+
+matrix_bot_maubot_database_username: matrix_bot_maubot
+matrix_bot_maubot_database_password: ~
+matrix_bot_maubot_database_hostname: 'matrix-postgres'
+matrix_bot_maubot_database_port: 5432
+matrix_bot_maubot_database_name: matrix_bot_maubot
+
+matrix_bot_maubot_database_connection_string: >
+  postgres://{{ matrix_bot_maubot_database_username }}
+  :{{ matrix_bot_maubot_database_password }}
+  @{{ matrix_bot_maubot_database_hostname }}
+  :{{ matrix_bot_maubot_database_port }}
+  /{{ matrix_bot_maubot_database_name }}
+  ?sslmode=disable'
+
+matrix_bot_maubot_database_uri: "{{
+ 	{
+ 		'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container),
+ 		'postgres': matrix_bot_maubot_database_connection_string,
+ 	}[matrix_bot_maubot_database_engine]
+    }}"
+
+
+# Defines the port number where the management interface is
+# To actually expose the management interface outside of the container, use `matrix_bot_maubot_management_interface_http_bind_port`
+matrix_bot_maubot_management_interface_port: 29316
+
+# Controls whether the maubot container exposes its HTTP management interface port (tcp/29316 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:29316"), or empty string to not expose.
+# If you'll be setting this at all, it should be defined in terms of `matrix_bot_maubot_management_interface_port`.
+# Example:
+# matrix_bot_maubot_management_interface_http_bind_port: "127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}"
+matrix_bot_maubot_management_interface_http_bind_port: ''
+
+
+matrix_bot_maubot_port: 29316
+matrix_bot_maubot_unshared_secret: 'generate'
+
+# A list of extra arguments to pass to the container
+matrix_bot_maubot_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-maubot.service depends on
+matrix_bot_maubot_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-maubot.service wants
+matrix_bot_maubot_systemd_wanted_services_list: []

roles/matrix-bot-maubot/tasks/init.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Add maubot to the systemd service list
+  ansible.builtin.set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}"
+  when: matrix_bot_maubot_enabled|bool
+
+- name: Configure nginx for maubot
+  block:
+    - name: Generate Maubot proxying configuration for matrix-nginx-proxy
+      ansible.builtin.set_fact:
+        matrix_bot_maubot_matrix_nginx_proxy_configuration: |
+          location ~ ^/(_matrix/maubot/.*) {
+          {% if matrix_nginx_proxy_enabled|default(False) %}
+            {# Use the embedded DNS resolver in Docker containers to discover the service #}
+             resolver 127.0.0.11 valid=5s;
+             set $backend "matrix-bot-maubot:29316/$1";
+             proxy_pass http://$backend;
+             proxy_set_header Upgrade $http_upgrade;
+             proxy_set_header Connection "upgrade";
+          {% else %}
+            {# Generic configuration for use outside of our container setup #}
+            proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          {% endif %}
+          }
+      when: matrix_bot_maubot_proxy_management_interface|bool
+
+    - name: Register Maubot's proxying configuration with matrix-nginx-proxy
+      ansible.builtin.set_fact:
+        matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+            +
+            [matrix_bot_maubot_matrix_nginx_proxy_configuration]
+          }}
+      when: matrix_bot_maubot_proxy_management_interface|bool
+
+    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
+      ansible.builtin.debug:
+        msg: >-
+          NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy
+          reverse proxy.
+          Please make sure that you're proxying the `/_matrix/maubot`
+          URL endpoint to the matrix-maubot container.
+      when: "matrix_bot_maubot_enabled|bool and matrix_bot_maubot_proxy_management_interface|bool and matrix_nginx_proxy_enabled is not defined"

roles/matrix-bot-maubot/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-maubot
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-maubot
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_bot_maubot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-maubot

roles/matrix-bot-maubot/tasks/setup_install.yml

@@ -0,0 +1,77 @@
+---
+
+- name: Ensure maubot paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0755
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_bot_maubot_base_path }}", when: true}
+    - {path: "{{ matrix_bot_maubot_data_path }}", when: true}
+    - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true}
+    - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true}
+    - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true}
+    - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
+  when: "item.when|bool"
+
+- name: Ensure maubot configuration file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/config/config.yaml.j2"
+    dest: "{{ matrix_bot_maubot_data_path }}/config.yaml"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: "u=rwx"
+
+- name: Ensure maubot image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_bot_maubot_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}"
+  when: "not matrix_bot_maubot_container_image_self_build|bool"
+  register: result
+  retries: "{{ matrix_container_retries_count }}"
+  delay: "{{ matrix_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure maubot repository is present on self-build
+  ansible.builtin.git:
+    repo: "{{ matrix_bot_maubot_docker_repo }}"
+    version: "{{ matrix_bot_maubot_docker_repo_version }}"
+    dest: "{{ matrix_bot_maubot_docker_src_files_path }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
+  register: matrix_bot_maubot_git_pull_results
+  when: "matrix_bot_maubot_container_image_self_build|bool"
+
+- name: Ensure maubot image is built
+  community.docker.docker_image:
+    name: "{{ matrix_bot_maubot_docker_image }}"
+    source: build
+    force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_bot_maubot_docker_src_files_path }}"
+      pull: true
+  when: "matrix_bot_maubot_container_image_self_build|bool"
+
+- name: Ensure matrix-bot-maubot.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-bot-maubot.service"
+    mode: 0644
+  register: matrix_bot_maubot_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-bot-maubot.service installation
+  ansible.builtin.service:
+    daemon_reload: true
+  when: "matrix_bot_maubot_systemd_service_result.changed|bool"
+
+- name: Ensure matrix-bot-maubot.service restarted, if necessary
+  ansible.builtin.service:
+    name: "matrix-bot-maubot.service"
+    state: restarted