diff --git a/.env.sample b/.env.sample index bd5941d..a085ec8 100644 --- a/.env.sample +++ b/.env.sample @@ -6,3 +6,13 @@ DOMAIN=maubot.example.com #EXTRA_DOMAINS=', `www.maubot.example.com`' LETS_ENCRYPT_ENV=production + +HOMESERVER_HOST=matrix.org +# Client-server API URL +HOMESERVER_URL=https://matrix-client.matrix.org + +ADMIN_USER_NAME=admin + +## Secrets +SECRET_ADMIN_PASSWORD_VERSION=v1 +SECRET_HOMESERVER_REGISTRATION_VERSION=v1 \ No newline at end of file diff --git a/README.md b/README.md index 6645168..1ab7fb7 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # maubot -> One line description of the recipe +> deploy's an instance of the maubot-plugin-system for a matrix home server * **Category**: Apps * **Status**: 0 -* **Image**: [`maubot`](https://hub.docker.com/r/maubot), 4, upstream +* **Image**: [`maubot`](https://mau.dev/maubot/maubot/container_registry), 4, upstream * **Healthcheck**: No * **Backups**: No * **Email**: No @@ -17,8 +17,42 @@ ## Quick start -* `abra app new maubot --secrets` -* `abra app config ` +* `abra app new maubot` +* `abra app config maubot` +* `abra app secret insert homeserver_registration v1 "your-homeserver-shared-registration-secret"` +* `abra app secret generate -a` * `abra app deploy ` -For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech). +## Usage +You can use maubot... + +### via the web interface +After deployment head to: `$DOMAIN/_matrix/maubot/` and login with your admin-user and password + +### via the cli +Bot users and plugins can be most easily be uploaded via cli. + +General info on the cli: https://docs.mau.fi/maubot/usage/cli/index.html + +You can install the cli locally or access it in the container: + +`abra app run $DOMAIN app sh` + +### Deploy a plugin and create a bot user via abra scripts +Furthermore there are two useful scripts: + +### 1. deploy plugin from git repro +Most existing plugins are on github. Here you find links to the repos: https://plugins.mau.bot/ . +To deploy it simply copy the URL to the ZIP of the repo (e.g. `https://github.com/maubot/reminder/archive/refs/heads/master.zip`) and then: + +`abra app cmd maubot.dev.local-it.cloud app deploy_plugin ` + +### 2. assign an (existing) user as bot user via ssh +`abra app cmd -C maubot.dev.local-it.cloud app assign_bot_user_via_sso` + +This will show an url to sign in via ssh. After sso-login the user will be a bot user in maubot. + +Now you are ready to go to create an instance (i.e. a plugin connected to a bot user) via web interface. + +## More +For more, see official documentation of maubot [`docs.mau.fi/maubot`](https://docs.mau.fi/maubot/). diff --git a/abra.sh b/abra.sh new file mode 100644 index 0000000..a88fdc9 --- /dev/null +++ b/abra.sh @@ -0,0 +1,16 @@ +export MAUBOT_CONFIG_VERSION=v4 + +# takes an url to the ZIP of a GITHUB-repo as (e.g. https://github.com/maubot/reminder/archive/refs/heads/master.zip) +deploy_plugin () { + rm -rf /tmp/maubot-plugin* + wget -O /tmp/maubot-plugin.zip "$1" && unzip /tmp/maubot-plugin.zip -d /tmp/maubot-plugin + mbc login -u $ADMIN_USER_NAME -p $(cat /run/secrets/admin_password) -s https://$DOMAIN -a $DOMAIN + cd /tmp/maubot-plugin + mv -- "$(ls -A | head -n1)" extracted + mbc build -u /tmp/maubot-plugin/extracted +} + +assign_bot_user_via_sso () { + mbc login -u $ADMIN_USER_NAME -p $(cat /run/secrets/admin_password) -s https://$DOMAIN -a $DOMAIN + mbc auth -h $HOMESERVER_HOST --update-client --sso +} \ No newline at end of file diff --git a/compose.yml b/compose.yml index 080469f..56e25db 100644 --- a/compose.yml +++ b/compose.yml @@ -2,18 +2,30 @@ version: "3.8" services: - maubot: + app: image: dock.mau.dev/maubot/maubot:latest + environment: + - HOMESERVER_HOST + - HOMESERVER_URL + - ADMIN_USER_NAME + + secrets: + - admin_password + - homeserver_registration + volumes: - - ./data:/data:z + - maubot_data:/data:rw networks: - proxy + configs: + - source: maubot_config + target: /data/config.yaml deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=29316" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" @@ -22,13 +34,30 @@ services: #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "coop-cloud.${STACK_NAME}.version=" - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] - interval: 30s - timeout: 10s - retries: 10 - start_period: 1m + #healthcheck: + #test: ["CMD", "curl", "-f", "http://localhost"] + #interval: 30s + #timeout: 10s + #retries: 10 + #start_period: 1m networks: proxy: external: true + +configs: + maubot_config: + name: ${STACK_NAME}_config_yaml_${MAUBOT_CONFIG_VERSION} + file: config.yaml.tmpl + template_driver: golang + +volumes: + maubot_data: + +secrets: + admin_password: + external: true + name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} + homeserver_registration: + external: true + name: ${STACK_NAME}_homeserver_registration_${SECRET_HOMESERVER_REGISTRATION_VERSION} \ No newline at end of file diff --git a/config.yaml.tmpl b/config.yaml.tmpl new file mode 100644 index 0000000..c994263 --- /dev/null +++ b/config.yaml.tmpl @@ -0,0 +1,123 @@ +# The full URI to the database. SQLite and Postgres are fully supported. +# Other DBMSes supported by SQLAlchemy may or may not work. +# Format examples: +# SQLite: sqlite:filename.db +# Postgres: postgresql://username:password@hostname/dbname +database: sqlite:/data/maubot.db +# Separate database URL for the crypto database. "default" means use the same database as above. +crypto_database: default +# Additional arguments for asyncpg.create_pool() or sqlite3.connect() +# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool +# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect +# For sqlite, min_size is used as the connection thread pool size and max_size is ignored. +database_opts: + min_size: 1 + max_size: 10 +# Configuration for storing plugin .mbp files +plugin_directories: + # The directory where uploaded new plugins should be stored. + upload: /data/plugins + # The directories from which plugins should be loaded. + # Duplicate plugin IDs will be moved to the trash. + load: + - /data/plugins + # The directory where old plugin versions and conflicting plugins should be moved. + # Set to "delete" to delete files immediately. + trash: /data/trash +# Configuration for storing plugin databases +plugin_databases: + # The directory where SQLite plugin databases should be stored. + sqlite: /data/dbs + # The connection URL for plugin databases. If null, all plugins will get SQLite databases. + # If set, plugins using the new asyncpg interface will get a Postgres connection instead. + # Plugins using the legacy SQLAlchemy interface will always get a SQLite connection. + # + # To use the same connection pool as the default database, set to "default" + # (the default database above must be postgres to do this). + # + # When enabled, maubot will create separate Postgres schemas in the database for each plugin. + # To view schemas in psql, use `\dn`. To view enter and interact with a specific schema, + # use `SET search_path = name` (where `name` is the name found with `\dn`) and then use normal + # SQL queries/psql commands. + postgres: null + # Maximum number of connections per plugin instance. + postgres_max_conns_per_plugin: 3 + # Overrides for the default database_opts when using a non-"default" postgres connection string. + postgres_opts: {} +server: + # The IP and port to listen to. + hostname: 0.0.0.0 + port: 29316 + # Public base URL where the server is visible. + public_url: https://{{ env "DOMAIN" }} + # The base path for the UI. + ui_base_path: /_matrix/maubot + # The base path for plugin endpoints. The instance ID will be appended directly. + plugin_base_path: /_matrix/maubot/plugin/ + # Override path from where to load UI resources. + # Set to false to using pkg_resources to find the path. + override_resource_path: /opt/maubot/frontend + # The shared secret to sign API access tokens. + # Set to "generate" to generate and save a new token at startup. + unshared_secret: generate +# Known homeservers. This is required for the `mbc auth` command and also allows +# more convenient access from the management UI. This is not required to create +# clients in the management UI, since you can also just type the homeserver URL +# into the box there. +homeservers: + {{ env "HOMESERVER_HOST" }}: + # Client-server API URL + url: {{ env "HOMESERVER_URL" }} + # registration_shared_secret from synapse config + # You can leave this empty if you don't have access to the homeserver. + # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. + secret: {{ secret "homeserver_registration" }} +# List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password +# to prevent normal login. Root is a special user that can't have a password and will always exist. +admins: + root: "" + {{ env "ADMIN_USER_NAME" }}: {{ secret "admin_password" }} +# API feature switches. +api_features: + login: true + plugin: true + plugin_upload: true + instance: true + instance_database: true + client: true + client_proxy: true + client_auth: true + dev_open: true + log: true +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): maubot.lib.color_log.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: normal + filename: /var/log/maubot.log + maxBytes: 10485760 + backupCount: 10 + console: + class: logging.StreamHandler + formatter: colored + loggers: + maubot: + level: DEBUG + mau: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [file, console]