iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-06-29 03:20:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

mautrix-gmessages: expose bridge HTTP API (for mautrix-manager and similar)

Browse Source 
Add a generic mechanism for exposing bridges' HTTP API (the provisioning
API, etc.) publicly on the Matrix domain, so tools like mautrix-manager
(https://github.com/mautrix/manager) can drive bridge login.

- Introduce global matrix_bridges_exposure_* vars (on by default),
  exposing each supported bridge under `<matrix-fqn>/bridges/<bridge>`.
- mautrix-gmessages: make the provisioning shared secret configurable
  (auto-generated in group_vars) so the provisioning API is enabled,
  route the whole bridge HTTP port via Traefik, and populate
  appservice.public_address.

Requests are authenticated by the bridge itself (per-user Matrix access
token for the provisioning API, homeserver token for the appservice
endpoints), not by the reverse proxy.

This is the first bridge converted; the other mautrix bridges will follow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Slavi Pantaleev
2026-06-28 19:52:24 +03:00
parent d61979a0b9
commit a4ddba3989
5 changed files with 76 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
group_vars/matrix_servers
+7
View File
@@ -2195,6 +2195,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ (matrix_homeserver_generic_secret
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_gmessages_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.hs.token') | hash('sha512') | to_uuid }}"
matrix_mautrix_gmessages_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
@@ -2212,6 +2214,11 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: "{{ matrix_mautrix_gmessages_
matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages"
matrix_mautrix_gmessages_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_gmessages_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_gmessages_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_gmessages_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/gmessages"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"