Merge pull request #1478 from shreyasajj/master

Twitter Mautrix from mattcen

README.md

@@ -51,6 +51,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
 
+- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
+
 - (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
 
 - (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)

docs/configuring-playbook-bridge-mautrix-twitter.md

@@ -0,0 +1,35 @@
+# Setting up Mautrix Twitter (optional)
+
+The playbook can install and configure [mautrix-twitter](https://github.com/tulir/mautrix-twitter) for you.
+
+See the project's [documentation](https://github.com/tulir/mautrix-twitter/wiki#usage) to learn what it does and why it might be useful to you.
+
+```yaml
+matrix_mautrix_twitter_enabled: true
+```
+
+
+## Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-twitter/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
+
+### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+### Method 2: manually, by asking each user to provide a working access token
+
+This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/tulir/mautrix-twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
+
+## Usage
+
+1. You then need to start a chat with `@twitterbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+2. Send login-cookie to start the login. The bot should respond with instructions on how to proceed.
+
+You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/twitter/authentication.html).
+
+If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
+
+After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

docs/configuring-playbook.md

@@ -102,6 +102,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
 
+- [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional)
+
 - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
 
 - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)

docs/container-images.md

@@ -46,6 +46,8 @@ These services are not part of our default installation, but can be enabled by [
 
 - [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
 
+- [tulir/mautrix-twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/tulir/mautrix-twitter) bridge to [Twitter](https://twitter.com/) (optional)
+
 - [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
 
 - [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)

group_vars/matrix_servers

@@ -511,6 +511,45 @@ matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_synapse_maca
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bridge-mautrix-twitter
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_twitter_enabled: false
+
+matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
+matrix_mautrix_twitter_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+    +
+    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_mautrix_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}"
+
+matrix_mautrix_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
+
+matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
+# and point them to a migration path.
+matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else '' }}"
+matrix_mautrix_twitter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-twitter
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bridge-mautrix-whatsapp
@@ -1511,6 +1550,12 @@ matrix_postgres_additional_databases: |
       'password': matrix_mautrix_telegram_database_password,
     }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == 'matrix-postgres') else [])
     +
+    ([{
+      'name': matrix_mautrix_twitter_database_name,
+      'username': matrix_mautrix_twitter_database_username,
+      'password': matrix_mautrix_twitter_database_password,
+    }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == 'matrix-postgres') else [])
+    +
     ([{
       'name': matrix_mautrix_whatsapp_database_name,
       'username': matrix_mautrix_whatsapp_database_username,

roles/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -0,0 +1,103 @@
+# mautrix-twitter is a Matrix <-> Twitter bridge
+# See: https://github.com/tulir/mautrix-twitter
+
+matrix_mautrix_twitter_enabled: true
+
+matrix_mautrix_twitter_container_image_self_build: false
+matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/tulir/mautrix-twitter.git"
+
+matrix_mautrix_twitter_version: latest
+# See: https://mau.dev/tulir/mautrix-twitter/container_registry
+matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
+matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
+matrix_mautrix_twitter_docker_image_force_pull: "{{ matrix_mautrix_twitter_docker_image.endswith(':latest') }}"
+
+matrix_mautrix_twitter_base_path: "{{ matrix_base_data_path }}/mautrix-twitter"
+matrix_mautrix_twitter_config_path: "{{ matrix_mautrix_twitter_base_path }}/config"
+matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data"
+matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src"
+
+matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
+matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_twitter_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-twitter.service depends on.
+matrix_mautrix_twitter_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-twitter.service wants
+matrix_mautrix_twitter_systemd_wanted_services_list: []
+
+matrix_mautrix_twitter_appservice_token: ''
+matrix_mautrix_twitter_homeserver_token: ''
+
+
+# Database-related configuration fields.
+#
+# To use Postgres:
+# - adjust your database credentials via the `matrix_mautrix_twitter_postgres_*` variables
+matrix_mautrix_twitter_database_engine: 'postgres'
+
+matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter'
+matrix_mautrix_twitter_database_password: 'some-password'
+matrix_mautrix_twitter_database_hostname: 'matrix-postgres'
+matrix_mautrix_twitter_database_port: 5432
+matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
+
+matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}'
+
+matrix_mautrix_twitter_appservice_database: "{{
+	{
+		'postgres': matrix_mautrix_twitter_database_connection_string,
+	}[matrix_mautrix_twitter_database_engine]
+}}"
+
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mautrix_twitter_login_shared_secret: ''
+
+matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitter_homeserver_domain: matrix_mautrix_twitter_login_shared_secret} if matrix_mautrix_twitter_login_shared_secret else {} }}"
+
+matrix_mautrix_twitter_appservice_bot_username: twitterbot
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mautrix_twitter_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mautrix_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mautrix_twitter_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mautrix_twitter_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mautrix_twitter_configuration_yaml`.
+
+matrix_mautrix_twitter_configuration_extension: "{{ matrix_mautrix_twitter_configuration_extension_yaml|from_yaml if matrix_mautrix_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_twitter_configuration_yaml`.
+matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml|from_yaml|combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}"
+
+matrix_mautrix_twitter_registration_yaml: |
+  id: twitter
+  as_token: "{{ matrix_mautrix_twitter_appservice_token }}"
+  hs_token: "{{ matrix_mautrix_twitter_homeserver_token }}"
+  namespaces:
+    users:
+    - exclusive: true
+      regex: '^@twitter_.+:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$'
+    - exclusive: true
+      regex: '^@{{ matrix_mautrix_twitter_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$'
+  url: {{ matrix_mautrix_twitter_appservice_address }}
+  # See https://github.com/tulir/mautrix-signal/issues/43
+  sender_localpart: _bot_{{ matrix_mautrix_twitter_appservice_bot_username }}
+  rate_limited: false
+  de.sorunome.msc2409.push_ephemeral: true
+
+matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml|from_yaml }}"

roles/matrix-bridge-mautrix-twitter/tasks/init.yml

@@ -0,0 +1,23 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}"
+  when: matrix_mautrix_twitter_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-mautrix-twitter-registration.yaml"] }}
+  when: matrix_mautrix_twitter_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Mautrix Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_twitter_container_image_self_build"

roles/matrix-bridge-mautrix-twitter/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-twitter
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-twitter
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mautrix_twitter_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-twitter

roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml

@@ -0,0 +1,88 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- set_fact:
+    matrix_mautrix_twitter_requires_restart: false
+
+- name: Ensure Mautrix Twitter image is pulled
+  docker_image:
+    name: "{{ matrix_mautrix_twitter_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}"
+  when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build
+
+- name: Ensure Mautrix Twitter paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_mautrix_twitter_base_path }}", when: true }
+    - { path: "{{ matrix_mautrix_twitter_config_path }}", when: true }
+    - { path: "{{ matrix_mautrix_twitter_data_path }}", when: true }
+    - { path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}" }
+  when: item.when|bool
+
+- name: Ensure Mautrix Twitter repository is present on self-build
+  git:
+    repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}"
+    dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
+#    version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
+    force: "yes"
+  register: matrix_mautrix_twitter_git_pull_results
+  when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build"
+
+- name: Ensure Mautrix Twitter Docker image is built
+  docker_image:
+    name: "{{ matrix_mautrix_twitter_docker_image }}"
+    source: build
+    force_source: "{{ matrix_mautrix_twitter_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool"
+
+- name: Ensure mautrix-twitter config.yaml installed
+  copy:
+    content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mautrix-twitter registration.yaml installed
+  copy:
+    content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml }}"
+    dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mautrix-twitter.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
+    mode: 0644
+  register: matrix_mautrix_twitter_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_twitter_systemd_service_result.changed"
+
+- name: Ensure matrix-mautrix-twitter.service restarted, if necessary
+  service:
+    name: "matrix-mautrix-twitter.service"
+    state: restarted
+  when: "matrix_mautrix_twitter_requires_restart|bool"

roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mautrix-twitter service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
+  register: matrix_mautrix_twitter_service_stat
+
+- name: Ensure matrix-mautrix-twitter is stopped
+  service:
+    name: matrix-mautrix-twitter
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_twitter_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-twitter.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
+    state: absent
+  when: "matrix_mautrix_twitter_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_twitter_service_stat.stat.exists"