From beeb8a793321bc5e95d85a7155b92526b5ecb3f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Dec 2024 12:00:39 +0200 Subject: [PATCH] Remove some "generate" values from various mautrix bridges We do not let bridges update config files, so generation cannot happen. We don't want the bridge to manage the config file anyway. --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 ++ .../matrix-bridge-mautrix-discord/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 2 ++ .../templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 2 ++ .../templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 9 files changed, 13 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index b36cd2dbb31..81104c7f477 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -57,6 +57,8 @@ matrix_mautrix_discord_homeserver_token: '' matrix_mautrix_discord_appservice_bot_username: discordbot +matrix_mautrix_discord_provisioning_shared_secret: disable + # Minimum severity of journal log messages. # Options: debug, info, warn, error, fatal matrix_mautrix_discord_logging_level: 'warn' diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 index 322bc763a2d..bed044bcb66 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -277,7 +277,7 @@ bridge: prefix: /_matrix/provision # Shared secret for authentication. If set to "generate", a random secret will be generated, # or if set to "disable", the provisioning API will be disabled. - shared_secret: generate + shared_secret: {{ matrix_mautrix_discord_provisioning_shared_secret | to_json }} # Permissions for using the bridge. # Permitted values: diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index 0fac573f86c..848e86bdef8 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -156,6 +156,8 @@ matrix_mautrix_meta_instagram_meta_mode: instagram # When in `instagram` mode (see `matrix_mautrix_meta_instagram_meta_mode`), should the bridge connect to WhatsApp servers for encrypted chats? matrix_mautrix_meta_instagram_meta_ig_e2ee: false +matrix_mautrix_meta_instagram_provisioning_shared_secret: disable + # Whether or not metrics endpoint should be enabled. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_meta_instagram_metrics_proxying_enabled`. diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 index 465a861fbf0..e905b1771c5 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 @@ -263,7 +263,7 @@ provisioning: prefix: /_matrix/provision # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, # or if set to "disable", the provisioning API will be disabled. - shared_secret: disable + shared_secret: {{ matrix_mautrix_meta_instagram_provisioning_shared_secret | to_json }} # Whether to allow provisioning API requests to be authed using Matrix access tokens. # This follows the same rules as double puppeting to determine which server to contact to check the token, # which means that by default, it only works for users on the same server as the bridge. diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index e7a59c91317..ca951a33382 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -156,6 +156,8 @@ matrix_mautrix_meta_messenger_meta_mode: messenger # When in `instagram` mode (see `matrix_mautrix_meta_messenger_meta_mode`), should the bridge connect to WhatsApp servers for encrypted chats? matrix_mautrix_meta_messenger_meta_ig_e2ee: false +matrix_mautrix_meta_messenger_provisioning_shared_secret: disable + # Whether or not metrics endpoint should be enabled. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_meta_messenger_metrics_proxying_enabled`. diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 index dbfc69b35f9..b5f9404b300 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 @@ -263,7 +263,7 @@ provisioning: prefix: /_matrix/provision # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, # or if set to "disable", the provisioning API will be disabled. - shared_secret: disable + shared_secret: {{ matrix_mautrix_meta_messenger_provisioning_shared_secret | to_json }} # Whether to allow provisioning API requests to be authed using Matrix access tokens. # This follows the same rules as double puppeting to determine which server to contact to check the token, # which means that by default, it only works for users on the same server as the bridge. diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 3c5989b4450..619dfee86a3 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -136,6 +136,8 @@ matrix_mautrix_telegram_systemd_wanted_services_list: [] matrix_mautrix_telegram_appservice_token: '' matrix_mautrix_telegram_homeserver_token: '' +matrix_mautrix_telegram_provisioning_shared_secret: disable + # Whether or not metrics endpoint should be enabled. # Enabling them is usually enough for a local (in-container) Prometheus to consume them. # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_telegram_metrics_proxying_enabled`. diff --git a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 5e21b2778ef..6cbd30130cd 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -71,7 +71,7 @@ appservice: prefix: /_matrix/provision/v1 # The shared secret to authorize users of the API. # Set to "generate" to generate and save a new token. - shared_secret: generate + shared_secret: {{ matrix_mautrix_telegram_provisioning_shared_secret | to_json }} # The unique ID of this appservice. id: telegram diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index c6224525c20..832234832e1 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -384,7 +384,7 @@ direct_media: allow_proxy: true # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. - server_key: generate + server_key: "" # Settings for backfilling messages. # Note that the exact way settings are applied depends on the network connector.