Update beeper-linkedin configuration to latest upstream config and pr…

…operly pass double-puppeting login shared secrets We used to pass the shared secret for double-puppeting via a `login_shared_secret` parameter, which doesn't seem to exist anymore. The proper way to do it is via `login_shared_secret_map`. The comments for `login_shared_secret_map` seem to indicate that it's only usable with the shared-secret-auth password provider. However, this bridge is based on mautrix-python (`>=0.20.5,<0.21`) as per its `requirements.txt` Support for double-puppeting via arbitrary access tokens landed in mautrix-python 0.20.1 (https://github.com/mautrix/python/blob/6f25b62e80616fa8a8a57d12a03caca51b3c89b4/CHANGELOG.md#L44-L53), so it should be possible to use appservice double-puppet. Related to mautrix/python@af04ca1 A bunch of other parameters seem to have moved around as well. This patch introduces some new Ansible variables for controlling additional settings related to encryption, etc.
spantaleev · Dec 2, 2024 · 2c719b2 · 2c719b2
1 parent e5a2935
commit 2c719b2
Show file tree

Hide file tree

Showing 6 changed files with 202 additions and 99 deletions.
diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md
@@ -17,11 +17,8 @@ There are some additional things you may wish to configure about the bridge befo
 Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
 
 ```yaml
-matrix_beeper_linkedin_configuration_extension_yaml: |
-  bridge:
-    encryption:
-      allow: true
-      default: true
+matrix_beeper_linkedin_bridge_encryption_allow: true
+matrix_beeper_linkedin_bridge_encryption_default: true
 ```
 
 If you would like to be able to administrate the bridge from your account it can be configured like this:

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
@@ -1011,18 +1011,20 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_beeper_linkedin_login_shared_secret: |-
+matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |-
   {{
-    ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
+    ({
+      matrix_beeper_linkedin_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
+    })
     if matrix_appservice_double_puppet_enabled
     else (
-      matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
+      {matrix_beeper_linkedin_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
       if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else ""
+      else {}
     )
   }}
 
-matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
+matrix_beeper_linkedin_bridge_presence: "{{ (matrix_synapse_presence_enabled if matrix_synapse_enabled else true) if matrix_homeserver_implementation == 'synapse' else true }}"
 
 matrix_beeper_linkedin_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"

diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
@@ -60,7 +60,8 @@ matrix_beeper_linkedin_appservice_token: ""
 matrix_beeper_linkedin_homeserver_token: ""
 
 matrix_beeper_linkedin_appservice_bot_username: linkedinbot
-
+matrix_beeper_linkedin_appservice_bot_displayname: LinkedIn bridge bot
+matrix_beeper_linkedin_appservice_bot_avatar: mxc://nevarro.space/cwsWnmeMpWSMZLUNblJHaIvP
 
 # Database-related configuration fields.
 # Only Postgres is supported.
@@ -87,16 +88,33 @@ matrix_beeper_linkedin_appservice_database_uri: "{{
 	}[matrix_beeper_linkedin_database_engine]
 }}"
 
+matrix_beeper_linkedin_bridge_login_shared_secret_map: "{{ matrix_beeper_linkedin_bridge_login_shared_secret_map_auto | combine(matrix_beeper_linkedin_bridge_login_shared_secret_map_custom) }}"
+matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: {}
+matrix_beeper_linkedin_bridge_login_shared_secret_map_custom: {}
+
+# Servers to always allow double puppeting from
+matrix_beeper_linkedin_bridge_double_puppet_server_map: "{{ matrix_beeper_linkedin_bridge_double_puppet_server_map_default | combine(matrix_beeper_linkedin_bridge_double_puppet_server_map_auto) | combine(matrix_beeper_linkedin_bridge_double_puppet_server_map_custom) }}"
+matrix_beeper_linkedin_bridge_double_puppet_server_map_default: |-
+  {{
+    {}
+    | combine({
+      matrix_beeper_linkedin_homeserver_domain: matrix_beeper_linkedin_homeserver_address
+    })
+  }}
+matrix_beeper_linkedin_bridge_double_puppet_server_map_auto: {}
+matrix_beeper_linkedin_bridge_double_puppet_server_map_custom: {}
 
-# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
-matrix_beeper_linkedin_login_shared_secret: ''
+matrix_beeper_linkedin_provisioning_enabled: false
+matrix_beeper_linkedin_provisioning_shared_secret: ''
 
 # Specifies the default log level for all bridge loggers.
 matrix_beeper_linkedin_logging_level: WARNING
 
 # Enable End-to-bridge encryption
 matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
 matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
+matrix_beeper_linkedin_bridge_encryption_appservice: "{{ matrix_beeper_linkedin_bridge_encryption_default }}"
+matrix_beeper_linkedin_bridge_encryption_require: false
 matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
 
 # Default beeper-linkedin configuration template which covers the generic use case.

diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
@@ -11,3 +11,12 @@
     - {'name': 'matrix_beeper_linkedin_homeserver_token', when: true}
     - {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"}
     - {'name': 'matrix_beeper_linkedin_container_network', when: true}
+
+- name: (Deprecation) Catch and report renamed beeper-linkedin settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}