feat: support mautrix bridgev2 / megabridge APIs

group_vars/matrix_servers

@@ -1491,7 +1491,10 @@ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ dev
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_meta_messenger_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.as', rounds=655555) | to_uuid }}"
+matrix_mautrix_meta_messenger_appservice_bridgev2_enabled: false
 
 matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 
@@ -1565,7 +1568,10 @@ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ dev
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_meta_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.as', rounds=655555) | to_uuid }}"
+matrix_mautrix_meta_instagram_appservice_bridgev2_enabled: false
 
 matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 
@@ -1957,6 +1963,8 @@ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ devture_t
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
   {{
     matrix_addons_homeserver_systemd_services_list
@@ -1965,6 +1973,7 @@ matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
   }}
 
 matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
+matrix_mautrix_whatsapp_appservice_bridgev2_enabled: false
 
 matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
@@ -5578,6 +5587,15 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{
 
 matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
 
+# mautrix-manager auto-configuration disabled by default
+matrix_static_files_file_matrix_mautrix_enabled: false
+matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges:
+  - "https://bridges.example.com/signal"
+  # TODO populate with enabled bridges
+
+matrix_static_files_file_matrix_mautrix_property_fi_mau_external_bridge_servers:
+  []
+
 matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 
 matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -55,6 +55,17 @@ matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_meta_instagram_container_labels_bridgev2_enabled: "{{ matrix_mautrix_meta_instagram_appservice_bridgev2_enabled }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_stripprefix: "/_matrix/{{ matrix_mautrix_meta_instagram_identifier }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_stripprefix }}`)"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_meta_instagram_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -144,6 +155,10 @@ matrix_mautrix_meta_instagram_appservice_database_uri: |-
 
 matrix_mautrix_meta_instagram_appservice_token: ''
 
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_meta_instagram_appservice_bridgev2_enabled: false
+
 # Controls which service this bridge is for.
 # Valid options:
 # * facebook - connect to FB Messenger via facebook.com

roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml

@@ -8,6 +8,7 @@
   with_items:
     - {'name': 'matrix_mautrix_meta_instagram_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_instagram_metrics_proxying_enabled }}"}
     - {'name': 'matrix_mautrix_meta_instagram_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_instagram_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_meta_instagram_container_labels_bridgev2_enabled }}"}
     - {'name': 'matrix_mautrix_meta_instagram_appservice_token', when: true}
     - {'name': 'matrix_mautrix_meta_instagram_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_meta_instagram_container_network', when: true}

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/labels.j2

@@ -43,6 +43,38 @@ traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.tls.
 {% endif %}
 
 
+{% if matrix_mautrix_meta_instagram_container_labels_bridgev2_enabled %}
+############################################################
+#                                                          #
+# Appservice Bridgev2 API                                  #
+#                                                          #
+############################################################
+
+traefik.http.middlewares.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2-stripprefix.stripprefix.prefixes={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_stripprefix }}
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.middlewares={{ matrix_mautrix_meta_instagram_identifier }}-bridgev2-stripprefix
+
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.rule={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_rule }}
+
+{% if matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_priority | int > 0 %}
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.priority={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.service={{ matrix_mautrix_meta_instagram_identifier }}-appservice
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.entrypoints={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_entrypoints }}
+
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.tls={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls | to_json }}
+{% if matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls %}
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.tls.certResolver={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Appservice Bridgev2 API                                 #
+#                                                          #
+############################################################
+{% endif %}
+
+
 {% endif %}
 
 {{ matrix_mautrix_meta_instagram_container_labels_additional_labels }}

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -55,6 +55,17 @@ matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled: "{{ matrix_mautrix_meta_messenger_appservice_bridgev2_enabled }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_stripprefix: "/_matrix/{{ matrix_mautrix_meta_messenger_identifier }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_stripprefix }}`)"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_meta_messenger_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -144,6 +155,10 @@ matrix_mautrix_meta_messenger_appservice_database_uri: |-
 
 matrix_mautrix_meta_messenger_appservice_token: ''
 
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_meta_messenger_appservice_bridgev2_enabled: false
+
 # Controls which service this bridge is for.
 # Valid options:
 # * facebook - connect to FB Messenger via facebook.com

roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml

@@ -8,6 +8,7 @@
   with_items:
     - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
     - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled }}"}
     - {'name': 'matrix_mautrix_meta_messenger_appservice_token', when: true}
     - {'name': 'matrix_mautrix_meta_messenger_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_meta_messenger_container_network', when: true}

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2

@@ -43,6 +43,38 @@ traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.tls.
 {% endif %}
 
 
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled %}
+############################################################
+#                                                          #
+# Appservice Bridgev2 API                                  #
+#                                                          #
+############################################################
+
+traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-stripprefix.stripprefix.prefixes={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_stripprefix }}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.middlewares={{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-stripprefix
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.rule={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_rule }}
+
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority | int > 0 %}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.priority={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.service={{ matrix_mautrix_meta_messenger_identifier }}-appservice
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.entrypoints={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_entrypoints }}
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.tls={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls | to_json }}
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls %}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.tls.certResolver={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Appservice Bridgev2 API                                 #
+#                                                          #
+############################################################
+{% endif %}
+
+
 {% endif %}
 
 {{ matrix_mautrix_meta_messenger_container_labels_additional_labels }}

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -4,6 +4,8 @@
 
 matrix_mautrix_whatsapp_enabled: true
 
+matrix_mautrix_whatsapp_identifier: matrix-mautrix-whatsapp
+
 matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
@@ -23,7 +25,11 @@ matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_
 
 matrix_mautrix_whatsapp_homeserver_address: ""
 matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
-matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
+matrix_mautrix_whatsapp_appservice_address: "http://{{ matrix_mautrix_whatsapp_identifier }}:8080"
+
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_whatsapp_appservice_bridgev2_enabled: false
 
 matrix_mautrix_whatsapp_extev_polls: false
 
@@ -55,6 +61,17 @@ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled:
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_whatsapp_container_labels_bridgev2_enabled: "{{ matrix_mautrix_whatsapp_appservice_bridgev2_enabled }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_stripprefix: "/_matrix/{{ matrix_mautrix_whatsapp_identifier }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_stripprefix }}`)"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_whatsapp_container_labels_traefik_entrypoints }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -22,7 +22,7 @@
               caller: "{{ role_path | basename }}"
               engine_variable_name: 'matrix_mautrix_whatsapp_database_engine'
               engine_old: 'sqlite'
-              systemd_services_to_stop: ['matrix-mautrix-whatsapp.service']
+              systemd_services_to_stop: ['{{ matrix_mautrix_whatsapp_identifier }}.service']
               pgloader_options: ['--with "quote identifiers"']
 
         - ansible.builtin.set_fact:
@@ -89,7 +89,7 @@
 
 - name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped
   ansible.builtin.service:
-    name: matrix-mautrix-whatsapp
+    name: "{{ matrix_mautrix_whatsapp_identifier }}"
     state: stopped
     enabled: false
     daemon_reload: true
@@ -146,12 +146,12 @@
 - name: Ensure matrix-mautrix-whatsapp.service installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_mautrix_whatsapp_identifier }}.service"
     mode: 0644
 
 - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary
   ansible.builtin.service:
-    name: "matrix-mautrix-whatsapp.service"
+    name: "{{ matrix_mautrix_whatsapp_identifier }}.service"
     state: restarted
     daemon_reload: true
   when: "matrix_mautrix_whatsapp_requires_restart | bool"

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml

@@ -2,19 +2,19 @@
 
 - name: Check existence of matrix-mautrix-whatsapp service
   ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+    path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_mautrix_whatsapp_identifier }}.service"
   register: matrix_mautrix_whatsapp_service_stat
 
 - when: matrix_mautrix_whatsapp_service_stat.stat.exists | bool
   block:
     - name: Ensure matrix-mautrix-whatsapp is stopped
       ansible.builtin.service:
-        name: matrix-mautrix-whatsapp
+        name: "{{ matrix_mautrix_whatsapp_identifier }}"
         state: stopped
         enabled: false
         daemon_reload: true
 
     - name: Ensure matrix-mautrix-whatsapp.service doesn't exist
       ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+        path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_mautrix_whatsapp_identifier }}.service"
         state: absent

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml

@@ -10,6 +10,7 @@
     - {'name': 'matrix_mautrix_whatsapp_homeserver_address', when: true}
     - {'name': 'matrix_mautrix_whatsapp_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_whatsapp_database_hostname', when: "{{ matrix_mautrix_whatsapp_database_engine == 'postgres' }}"}
+    - {'name': 'matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_whatsapp_container_labels_bridgev2_enabled }}"}
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail: