coop-cloud/maubot
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working version with secrets

Browse Source
This commit is contained in:
vdietrich 2025-02-25 17:25:00 +01:00
parent 9f5c0ee085
commit 12b9404360
5 changed files with 226 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.env.sample
View File

@ -6,3 +6,13 @@ DOMAIN=maubot.example.com
#EXTRA_DOMAINS=', `www.maubot.example.com`' #EXTRA_DOMAINS=', `www.maubot.example.com`'
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
HOMESERVER_HOST=matrix.org
# Client-server API URL
HOMESERVER_URL=https://matrix-client.matrix.org
ADMIN_USER_NAME=admin
## Secrets
SECRET_ADMIN_PASSWORD_VERSION=v1
SECRET_HOMESERVER_REGISTRATION_VERSION=v1

44
README.md
View File

@ -1,12 +1,12 @@
# maubot # maubot
> One line description of the recipe > deploy's an instance of the maubot-plugin-system for a matrix home server
<!-- metadata --> <!-- metadata -->
* **Category**: Apps * **Category**: Apps
* **Status**: 0 * **Status**: 0
* **Image**: [`maubot`](https://hub.docker.com/r/maubot), 4, upstream * **Image**: [`maubot`](https://mau.dev/maubot/maubot/container_registry), 4, upstream
* **Healthcheck**: No * **Healthcheck**: No
* **Backups**: No * **Backups**: No
* **Email**: No * **Email**: No
@ -17,8 +17,42 @@
## Quick start ## Quick start
* `abra app new maubot --secrets` * `abra app new maubot`
* `abra app config <app-name>` * `abra app config maubot`
* `abra app secret insert <app-name> homeserver_registration v1 "your-homeserver-shared-registration-secret"`
* `abra app secret generate <app-name> -a`
* `abra app deploy <app-name>` * `abra app deploy <app-name>`
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech). ## Usage
You can use maubot...
### via the web interface
After deployment head to: `$DOMAIN/_matrix/maubot/` and login with your admin-user and password
### via the cli
Bot users and plugins can be most easily be uploaded via cli.
General info on the cli: https://docs.mau.fi/maubot/usage/cli/index.html
You can install the cli locally or access it in the container:
`abra app run $DOMAIN app sh`
### Deploy a plugin and create a bot user via abra scripts
Furthermore there are two useful scripts:
### 1. deploy plugin from git repro
Most existing plugins are on github. Here you find links to the repos: https://plugins.mau.bot/ .
To deploy it simply copy the URL to the ZIP of the repo (e.g. `https://github.com/maubot/reminder/archive/refs/heads/master.zip`) and then:
`abra app cmd maubot.dev.local-it.cloud app deploy_plugin <DOMAIN_OF_REPO_ZIP>`
### 2. assign an (existing) user as bot user via ssh
`abra app cmd -C maubot.dev.local-it.cloud app assign_bot_user_via_sso`
This will show an url to sign in via ssh. After sso-login the user will be a bot user in maubot.
Now you are ready to go to create an instance (i.e. a plugin connected to a bot user) via web interface.
## More
For more, see official documentation of maubot [`docs.mau.fi/maubot`](https://docs.mau.fi/maubot/).

16
abra.sh Normal file
View File

@ -0,0 +1,16 @@
export MAUBOT_CONFIG_VERSION=v4
# takes an url to the ZIP of a GITHUB-repo as (e.g. https://github.com/maubot/reminder/archive/refs/heads/master.zip)
deploy_plugin () {
rm -rf /tmp/maubot-plugin*
wget -O /tmp/maubot-plugin.zip "$1" && unzip /tmp/maubot-plugin.zip -d /tmp/maubot-plugin
mbc login -u $ADMIN_USER_NAME -p $(cat /run/secrets/admin_password) -s https://$DOMAIN -a $DOMAIN
cd /tmp/maubot-plugin
mv -- "$(ls -A | head -n1)" extracted
mbc build -u /tmp/maubot-plugin/extracted
}
assign_bot_user_via_sso () {
mbc login -u $ADMIN_USER_NAME -p $(cat /run/secrets/admin_password) -s https://$DOMAIN -a $DOMAIN
mbc auth -h $HOMESERVER_HOST --update-client --sso
}

47
compose.yml
View File

@ -2,18 +2,30 @@
version: "3.8" version: "3.8"
services: services:
maubot: app:
image: dock.mau.dev/maubot/maubot:latest image: dock.mau.dev/maubot/maubot:latest
environment:
- HOMESERVER_HOST
- HOMESERVER_URL
- ADMIN_USER_NAME
secrets:
- admin_password
- homeserver_registration
volumes: volumes:
- ./data:/data:z - maubot_data:/data:rw
networks: networks:
- proxy - proxy
configs:
- source: maubot_config
target: /data/config.yaml
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=29316"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
@ -22,13 +34,30 @@ services:
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=" - "coop-cloud.${STACK_NAME}.version="
healthcheck: #healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"] #test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s #interval: 30s
timeout: 10s #timeout: 10s
retries: 10 #retries: 10
start_period: 1m #start_period: 1m
networks: networks:
proxy: proxy:
external: true external: true
configs:
maubot_config:
name: ${STACK_NAME}_config_yaml_${MAUBOT_CONFIG_VERSION}
file: config.yaml.tmpl
template_driver: golang
volumes:
maubot_data:
secrets:
admin_password:
external: true
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
homeserver_registration:
external: true
name: ${STACK_NAME}_homeserver_registration_${SECRET_HOMESERVER_REGISTRATION_VERSION}

123
config.yaml.tmpl Normal file
View File

@ -0,0 +1,123 @@
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgresql://username:password@hostname/dbname
database: sqlite:/data/maubot.db
# Separate database URL for the crypto database. "default" means use the same database as above.
crypto_database: default
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
database_opts:
min_size: 1
max_size: 10
# Configuration for storing plugin .mbp files
plugin_directories:
# The directory where uploaded new plugins should be stored.
upload: /data/plugins
# The directories from which plugins should be loaded.
# Duplicate plugin IDs will be moved to the trash.
load:
- /data/plugins
# The directory where old plugin versions and conflicting plugins should be moved.
# Set to "delete" to delete files immediately.
trash: /data/trash
# Configuration for storing plugin databases
plugin_databases:
# The directory where SQLite plugin databases should be stored.
sqlite: /data/dbs
# The connection URL for plugin databases. If null, all plugins will get SQLite databases.
# If set, plugins using the new asyncpg interface will get a Postgres connection instead.
# Plugins using the legacy SQLAlchemy interface will always get a SQLite connection.
#
# To use the same connection pool as the default database, set to "default"
# (the default database above must be postgres to do this).
#
# When enabled, maubot will create separate Postgres schemas in the database for each plugin.
# To view schemas in psql, use `\dn`. To view enter and interact with a specific schema,
# use `SET search_path = name` (where `name` is the name found with `\dn`) and then use normal
# SQL queries/psql commands.
postgres: null
# Maximum number of connections per plugin instance.
postgres_max_conns_per_plugin: 3
# Overrides for the default database_opts when using a non-"default" postgres connection string.
postgres_opts: {}
server:
# The IP and port to listen to.
hostname: 0.0.0.0
port: 29316
# Public base URL where the server is visible.
public_url: https://{{ env "DOMAIN" }}
# The base path for the UI.
ui_base_path: /_matrix/maubot
# The base path for plugin endpoints. The instance ID will be appended directly.
plugin_base_path: /_matrix/maubot/plugin/
# Override path from where to load UI resources.
# Set to false to using pkg_resources to find the path.
override_resource_path: /opt/maubot/frontend
# The shared secret to sign API access tokens.
# Set to "generate" to generate and save a new token at startup.
unshared_secret: generate
# Known homeservers. This is required for the `mbc auth` command and also allows
# more convenient access from the management UI. This is not required to create
# clients in the management UI, since you can also just type the homeserver URL
# into the box there.
homeservers:
{{ env "HOMESERVER_HOST" }}:
# Client-server API URL
url: {{ env "HOMESERVER_URL" }}
# registration_shared_secret from synapse config
# You can leave this empty if you don't have access to the homeserver.
# When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will.
secret: {{ secret "homeserver_registration" }}
# List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password
# to prevent normal login. Root is a special user that can't have a password and will always exist.
admins:
root: ""
{{ env "ADMIN_USER_NAME" }}: {{ secret "admin_password" }}
# API feature switches.
api_features:
login: true
plugin: true
plugin_upload: true
instance: true
instance_database: true
client: true
client_proxy: true
client_auth: true
dev_open: true
log: true
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): maubot.lib.color_log.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: normal
filename: /var/log/maubot.log
maxBytes: 10485760
backupCount: 10
console:
class: logging.StreamHandler
formatter: colored
loggers:
maubot:
level: DEBUG
mau:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [file, console]