Merge branch 'master' of ssh://gitlab.warpzone.ms:444/infrastruktur/ansible-warpzone

webserver/docker_matterbridge/tasks/main.yml

@@ -8,12 +8,16 @@
 - name: get secrets from server 1
   slurp: src={{ item }}
   with_items:
-    - /srv/matterbridge/secret/telegram_token
+    - /srv/matterbridge/secret/mattermost_pass_cwbot
+    - /srv/matterbridge/secret/telegram_token_cw
+    - /srv/matterbridge/secret/telegram_token_wz
   register: matterbridge_secrets
 
 - name: get secrets from server 2
   set_fact: 
-    telegram_token: "{{ matterbridge_secrets.results | selectattr('item', 'equalto', '/srv/matterbridge/secret/telegram_token') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+    mattermost_pass_cwbot: "{{ matterbridge_secrets.results | selectattr('item', 'equalto', '/srv/matterbridge/secret/mattermost_pass_cwbot') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+    telegram_token_cw: "{{ matterbridge_secrets.results | selectattr('item', 'equalto', '/srv/matterbridge/secret/telegram_token_cw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+    telegram_token_wz: "{{ matterbridge_secrets.results | selectattr('item', 'equalto', '/srv/matterbridge/secret/telegram_token_wz') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
 
 
 # Folder Structure 
@@ -31,16 +35,19 @@
 
 # Konfigurationsdateien erstellen      
 
-- name: Konfig-Datei Matterbridge
+- name: Konfig-Dateien Matterbridge
   template: 
-    src: "matterbridge.toml" 
-    dest: "/srv/matterbridge/etc/matterbridge.toml"
+    src: "{{item}}" 
+    dest: "/srv/matterbridge/etc/{{item}}"
+  with_items:
+    - "matterbridge_cw.toml" 
+    - "matterbridge_wz.toml" 
 
-- name: Konfig-Datei erstellen
+- name: Konfig-Dateie erstellen
   template: 
     src: "docker-compose.yml" 
     dest: "/srv/matterbridge/docker-compose.yml"
-
+  
 - name: start matterbridge docker
   docker_service:
     project_src: /srv/matterbridge/

webserver/docker_matterbridge/templates/docker-compose.yml

@@ -3,12 +3,17 @@ version: "3"
 
 services:
 
-  app:
+  cw:
 
-    image: 42wim/matterbridge:0.9.2
+    image: 42wim/matterbridge:1.10.1
     restart: always
-    ports:
-      - 172.17.0.1:9999:9999
     volumes:
-      - /srv/matterbridge/etc/matterbridge.toml:/matterbridge.toml
+      - /srv/matterbridge/etc/matterbridge_cw.toml:/matterbridge.toml
+
+  wz:
+
+    image: 42wim/matterbridge:1.10.1
+    restart: always
+    volumes:
+      - /srv/matterbridge/etc/matterbridge_wz.toml:/matterbridge.toml
 

webserver/docker_matterbridge/templates/matterbridge_cw.toml

+
+###################################################################
+#IRC section
+###################################################################
+#REQUIRED to start IRC section
+[irc]
+
+#You can configure multiple servers "[irc.name]" or "[irc.name2]"
+#REQUIRED
+[irc.hackint]
+#irc server to connect to. 
+#REQUIRED
+Server="irc.hackint.org:6667"
+
+#Password for irc server (if necessary)
+#OPTIONAL (default "")
+#Password=""
+
+#Enable to use TLS connection to your irc server. 
+#OPTIONAL (default false)
+UseTLS=false
+
+#Enable SASL (PLAIN) authentication. (freenode requires this from eg AWS hosts)
+#It uses NickServNick and NickServPassword as login and password
+#OPTIONAL (default false)
+UseSASL=false
+
+#Enable to not verify the certificate on your irc server. 
+#e.g. when using selfsigned certificates
+#OPTIONAL (default false)
+SkipTLSVerify=true
+
+#Your nick on irc. 
+#REQUIRED
+Nick="CW_Bot"
+
+#If you registered your bot with a service like Nickserv on freenode. 
+#Also being used when UseSASL=true
+#OPTIONAL
+#NickServNick="nickserv"
+#NickServPassword="secret"
+
+#Flood control
+#Delay in milliseconds between each message send to the IRC server
+#OPTIONAL (default 1300)
+MessageDelay=1300
+
+#Maximum amount of messages to hold in queue. If queue is full 
+#messages will be dropped. 
+#<clipped> will be add to the message that fills the queue.
+#OPTIONAL (default 30)
+MessageQueue=30
+
+#Nicks you want to ignore. 
+#Messages from those users will not be sent to other bridges.
+
+#OPTIONAL
+#IgnoreNicks="someuser"
+
+#Enable to show users joins/parts from other bridges (only from irc-bridge at the moment)
+#OPTIONAL (default false)
+ShowJoinPart=false
+
+
+
+
+###################################################################
+#telegram section
+###################################################################
+[telegram]
+
+#You can configure multiple servers "[telegram.name]" or "[telegram.name2]"
+
+## In Telegram muss ein Bot erstellt werden, was über den Kontakt @BotFather in Telegram geht.
+## Bot erstellen (Funktion /newbot), das API Token wird unten verwendet.
+## Die Privacy Funktion des Bots auss auf "DISAABLED" gettellt werden (Funktion: /setprivacy) 
+## Anschließend muss der Bot in die entsprechende Gruppe eingefügt und dort als Admin eingerichtet werden. 
+
+#REQUIRED
+[telegram.bot]
+#Token to connect with telegram API
+#Bot @chaos_west_bot
+#See https://core.telegram.org/bots#6-botfather and https://www.linkedin.com/pulse/telegram-bots-beginners-marco-frau
+#REQUIRED
+Token="{{ telegram_token_cw }}"
+
+#Nicks you want to ignore. 
+#Messages from those users will not be sent to other bridges.
+
+#OPTIONAL
+#IgnoreNicks="Someuser"
+
+#Enable to show users joins/parts from other bridges (only from irc-bridge at the moment)
+#OPTIONAL (default false)
+ShowJoinPart=false
+
+
+###################################################################
+#mattermost section
+###################################################################
+[mattermost]
+#You can configure multiple servers "[mattermost.name]" or "[mattermost.name2]"
+#In this example we use [mattermost.work]
+#REQUIRED
+
+[mattermost.chaoswest]
+#The mattermost hostname. (do not prefix it with http or https)
+#REQUIRED (when not using webhooks)
+Server="chat.chaos-west.de" 
+
+#Your team on mattermost. 
+#REQUIRED (when not using webhooks)
+Team="chaos-west"
+
+#login/pass of your bot. 
+#Use a dedicated user for this and not your own! 
+#REQUIRED (when not using webhooks)
+Login="cwbot"
+Password="{{mattermost_pass_cwbot}}"
+
+#personal access token of the bot.
+#new feature since mattermost 4.1. See https://docs.mattermost.com/developer/personal-access-tokens.html
+#OPTIONAL (you can use token instead of login/password)
+#Token="abcdefghijklm"
+
+#Enable this to make a http connection (instead of https) to your mattermost. 
+#OPTIONAL (default false)
+NoTLS=false
+
+#### Settings for webhook matterbridge.
+#NOT RECOMMENDED TO USE INCOMING/OUTGOING WEBHOOK. USE DEDICATED BOT USER WHEN POSSIBLE!
+#You don't need to configure this, if you have configured the settings 
+#above.
+
+#Url is your incoming webhook url as specified in mattermost. 
+#See account settings - integrations - incoming webhooks on mattermost.
+#If specified, messages will be sent to mattermost using this URL
+#OPTIONAL
+#WebhookURL="https://yourdomain/hooks/yourhookkey"
+
+#Address to listen on for outgoing webhook requests from mattermost.
+#See account settings - integrations - outgoing webhooks on mattermost.
+#If specified, messages will be received from mattermost on this ip:port
+#(this will only work if WebhookURL above is also configured)
+#OPTIONAL 
+#WebhookBindAddress="0.0.0.0:9999"
+
+#Icon that will be showed in mattermost. 
+#This only works when WebhookURL is configured
+#OPTIONAL
+#IconURL="http://youricon.png"
+
+#### End settings for webhook matterbridge.
+
+#Enable to not verify the certificate on your mattermost server. 
+#e.g. when using selfsigned certificates
+#OPTIONAL (default false)
+SkipTLSVerify=true
+
+## RELOADABLE SETTINGS
+## Settings below can be reloaded by editing the file
+
+#how to format the list of IRC nicks when displayed in mattermost. 
+#Possible options are "table" and "plain"
+#OPTIONAL (default plain)
+NickFormatter="plain"
+
+#How many nicks to list per row for formatters that support this. 
+#OPTIONAL (default 4)
+NicksPerRow=4
+
+#Whether to prefix messages from other bridges to mattermost with the sender's nick. 
+#Useful if username overrides for incoming webhooks isn't enabled on the 
+#mattermost server. If you set PrefixMessagesWithNick to true, each message 
+#from bridge to Mattermost will by default be prefixed by "bridge-" + nick. You can, 
+#however, modify how the messages appear, by setting (and modifying) RemoteNickFormat 
+#OPTIONAL (default false)
+PrefixMessagesWithNick=true
+
+#Disable sending of edits to other bridges
+#OPTIONAL (default false)
+EditDisable=false
+
+#Message to be appended to every edited message
+#OPTIONAL (default empty)
+EditSuffix=" (edited)"
+
+#Nicks you want to ignore. 
+#Messages from those users will not be sent to other bridges.
+#OPTIONAL
+#IgnoreNicks="ircspammer1 ircspammer2"
+
+#Messages you want to ignore. 
+#Messages matching these regexp will be ignored and not sent to other bridges
+#See https://regex-golang.appspot.com/assets/html/index.html for more regex info
+#OPTIONAL (example below ignores messages starting with ~~ or messages containing badword
+#IgnoreMessages="^~~ badword"
+
+#messages you want to replace.
+#it replaces outgoing messages from the bridge.
+#so you need to place it by the sending bridge definition.
+#regular expressions supported
+#some examples:
+#this replaces cat => dog and sleep => awake
+#replacemessages=[ ["cat","dog"], ["sleep","awake"] ]
+#this replaces every number with number.  123 => numbernumbernumber
+#replacemessages=[ ["[0-9]","number"] ]
+#optional (default empty)
+#ReplaceMessages=[ ["cat","dog"] ]
+
+#nicks you want to replace.
+#see replacemessages for syntaxa
+#optional (default empty)
+#ReplaceNicks=[ ["user--","user"] ]
+
+#extra label that can be used in the RemoteNickFormat
+#optional (default empty)
+Label=""
+
+#RemoteNickFormat defines how remote users appear on this bridge 
+#The string "{NICK}" (case sensitive) will be replaced by the actual nick / username.
+#The string "{BRIDGE}" (case sensitive) will be replaced by the sending bridge
+#The string "{LABEL}" (case sensitive) will be replaced by label= field of the sending bridge
+#The string "{PROTOCOL}" (case sensitive) will be replaced by the protocol used by the bridge
+#OPTIONAL (default empty)
+#RemoteNickFormat="[{PROTOCOL}] <{NICK}> "
+
+#Enable to show users joins/parts from other bridges 
+#Currently works for messages from the following bridges: irc, mattermost, slack
+#OPTIONAL (default false)
+ShowJoinPart=false
+
+#Do not send joins/parts to other bridges
+#Currently works for messages from the following bridges: irc, mattermost, slack
+#OPTIONAL (default false)
+NoSendJoinPart=false
+
+#StripNick only allows alphanumerical nicks. See https://github.com/42wim/matterbridge/issues/285
+#It will strip other characters from the nick
+#OPTIONAL (default false)
+StripNick=false
+
+#Enable to show topic changes from other bridges 
+#Only works hiding/show topic changes from slack bridge for now
+#OPTIONAL (default false)
+ShowTopicChange=false
+
+###################################################################
+#General configuration
+###################################################################
+#Settings here override specific settings for each protocol
+[general]
+#RemoteNickFormat defines how remote users appear on this bridge 
+#The string "{NICK}" (case sensitive) will be replaced by the actual nick / username.
+#The string "{BRIDGE}" (case sensitive) will be replaced by the sending bridge
+#The string "{PROTOCOL}" (case sensitive) will be replaced by the protocol used by the bridge
+#OPTIONAL (default empty)
+RemoteNickFormat="[{PROTOCOL}] <{NICK}> "
+
+###################################################################
+#Gateway configuration
+###################################################################
+
+#You can specify multiple gateways using [[gateway]]
+#Each gateway has a [[gateway.in]] and a [[gateway.out]]
+#[[gateway.in]] specifies the account and channels we will receive messages from.
+#[[gateway.out]] specifies the account and channels we will send the messages
+#from [[gateway.in]] to.
+#
+#Most of the time [[gateway.in]] and [[gateway.out]] are the same if you 
+#want bidirectional bridging. You can then use [[gateway.inout]]
+
+[[gateway]]
+#OPTIONAL (not used for now)
+name="gateway1"
+#Enable enables this gateway
+##OPTIONAL (default false)
+enable=true
+
+    #[[gateway.in]] specifies the account and channels we will receive messages from.
+    #[[gateway.out]] specifies the account and channels we will sent messages to.
+
+    #account specified above
+    #REQUIRED
+    #account="irc.freenode"
+    
+    #channel to connect on that account
+    #How to specify them for the different bridges:
+    #
+    #irc        - #channel (# is required)
+    #mattermost - channel (the channel name as seen in the URL, not the displayname)
+    #gitter     - username/room 
+    #xmpp       - channel
+    #slack      - channel (the channel name as seen in the URL, not the displayname)
+    #discord    - channel (without the #)
+    #           - ID:123456789 (where 123456789 is the channel ID) 
+    #               (https://github.com/42wim/matterbridge/issues/57)
+    #telegram   - chatid (a large negative number, eg -123456789)
+    #             see (https://www.linkedin.com/pulse/telegram-bots-beginners-marco-frau)
+    #hipchat    - id_channel (see https://www.hipchat.com/account/xmpp for the correct channel)
+    #rocketchat - #channel (# is required)
+    #matrix     - room internal ID (looks like !QJFqjsGJwmQzbuBfff:matrix.org)
+    #REQUIRED
+    #channel="#somechannel"
+
+    [[gateway.inout]]
+    ## Der IRC Channel der Wapzone 
+    account="irc.hackint"
+    channel="#chaoswest"
+
+    [[gateway.inout]]
+    ## Vorgehen um Guppen-ID zu bekommen:
+    ## - Bot in Gruppe einfügen
+    ## - Chatnachricht erstellen  
+    ## - https://api.telegram.org/<API Token>/getUpdates ausrufen, die ID findet sich in der Eigenschaft "message.chat.id"
+    account="telegram.bot"
+    channel="-33814432" 
+
+    [[gateway.inout]]
+    ## Raum Town-Squre auf dem Warpzone Mattermost Server 
+    account="mattermost.chaoswest"
+    channel="town-square"
+

webserver/docker_matterbridge/templates/matterbridge.toml → webserver/docker_matterbridge/templates/matterbridge_wz.toml

@@ -82,7 +82,7 @@ ShowJoinPart=false
 #Bot @warpzonebot
 #See https://core.telegram.org/bots#6-botfather and https://www.linkedin.com/pulse/telegram-bots-beginners-marco-frau
 #REQUIRED
-Token="{{ telegram_token }}"
+Token="{{ telegram_token_wz }}"
 
 #Nicks you want to ignore. 
 #Messages from those users will not be sent to other bridges.

webserver/nginx/templates/nginx-site

@@ -12,8 +12,8 @@ server {
         {% if sslcert.stat.exists == True %}
 
         # ab nginx > 1.13 spdy durch http2 ersetzen 
-	listen 443 ssl spdy;
-    	listen [::]:443 ssl spdy;
+	listen 443 ssl http2;
+    	listen [::]:443 ssl http2;
 
 	ssl_certificate /etc/ssl/fullchain.pem;
 	ssl_certificate_key /etc/ssl/key.pem;
@@ -33,6 +33,9 @@ server {
 
         {% endif %}
 
+        access_log /dev/null;
+        error_log /dev/null;
+
 	server_name {{ item }}.warpzone.ms;
 	root /dev/null;
 	index index.html;