baibot: add venice wiring

group_vars/matrix_servers

@@ -1471,11 +1471,6 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: "{{ matrix_mautrix_bluesky_metr
 matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky"
 
-matrix_mautrix_bluesky_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_bluesky_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_bluesky_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_bluesky_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/bluesky"
-
 matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
 
@@ -1834,11 +1829,6 @@ matrix_mautrix_signal_metrics_proxying_enabled: "{{ matrix_mautrix_signal_metric
 matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal"
 
-matrix_mautrix_signal_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_signal_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_signal_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_signal_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/signal"
-
 matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
 matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_mautrix_signal_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.signal.db') | hash('sha512') | to_uuid }}"
@@ -1899,7 +1889,6 @@ matrix_mautrix_meta_messenger_appservice_token: "{{ (matrix_homeserver_generic_s
 matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 
 matrix_mautrix_meta_messenger_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.hs') | hash('sha512') | to_uuid }}"
-matrix_mautrix_meta_messenger_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.prov') | hash('sha512') | to_uuid }}"
 
 matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
 
@@ -1918,11 +1907,6 @@ matrix_mautrix_meta_messenger_metrics_proxying_enabled: "{{ matrix_mautrix_meta_
 matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger"
 
-matrix_mautrix_meta_messenger_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_meta_messenger_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_meta_messenger_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_meta_messenger_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/meta-messenger"
-
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
 matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
@@ -1983,7 +1967,6 @@ matrix_mautrix_meta_instagram_appservice_token: "{{ (matrix_homeserver_generic_s
 matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 
 matrix_mautrix_meta_instagram_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.hs') | hash('sha512') | to_uuid }}"
-matrix_mautrix_meta_instagram_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.prov') | hash('sha512') | to_uuid }}"
 
 matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
 
@@ -2002,11 +1985,6 @@ matrix_mautrix_meta_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_meta_
 matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram"
 
-matrix_mautrix_meta_instagram_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_meta_instagram_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_meta_instagram_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_meta_instagram_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/meta-instagram"
-
 # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
 # and point them to a migration path.
 matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
@@ -2086,11 +2064,6 @@ matrix_mautrix_telegram_metrics_proxying_enabled: "{{ matrix_mautrix_telegram_me
 matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram"
 
-matrix_mautrix_telegram_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_telegram_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_telegram_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_telegram_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/telegram"
-
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
 matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -2167,11 +2140,6 @@ matrix_mautrix_twitter_metrics_proxying_enabled: "{{ matrix_mautrix_twitter_metr
 matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter"
 
-matrix_mautrix_twitter_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_twitter_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_twitter_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_twitter_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/twitter"
-
 matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_mautrix_twitter_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
 
@@ -2227,8 +2195,6 @@ matrix_mautrix_gmessages_appservice_token: "{{ (matrix_homeserver_generic_secret
 matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_gmessages_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.hs.token') | hash('sha512') | to_uuid }}"
 
-matrix_mautrix_gmessages_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.prov') | hash('sha512') | to_uuid }}"
-
 matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
 
 matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
@@ -2246,11 +2212,6 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: "{{ matrix_mautrix_gmessages_
 matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages"
 
-matrix_mautrix_gmessages_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_gmessages_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_gmessages_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_gmessages_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/gmessages"
-
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
 matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -2415,7 +2376,6 @@ matrix_mautrix_whatsapp_appservice_token: "{{ (matrix_homeserver_generic_secret_
 
 matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':wa.hs.token') | hash('sha512') | to_uuid }}"
-matrix_mautrix_whatsapp_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':wa.prov') | hash('sha512') | to_uuid }}"
 
 matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
 
@@ -2434,11 +2394,6 @@ matrix_mautrix_whatsapp_metrics_proxying_enabled: "{{ matrix_mautrix_whatsapp_me
 matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp"
 
-matrix_mautrix_whatsapp_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-matrix_mautrix_whatsapp_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
-matrix_mautrix_whatsapp_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
-matrix_mautrix_whatsapp_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/whatsapp"
-
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
 matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"

roles/custom/matrix-base/defaults/main.yml

@@ -54,15 +54,6 @@ matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and ma
 # Global var for enabling bridge self-signing ( On supported bridges)
 matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 
-# Global vars for exposing bridges' HTTP API publicly on the Matrix domain.
-# This is used by tools like mautrix-manager (https://github.com/mautrix/manager) to drive bridge login.
-# Each supported bridge's HTTP endpoint is exposed under `<path_prefix>/<bridge>` (e.g. `/bridges/gmessages`).
-# Requests are authenticated by the bridge itself (e.g. per-user Matrix access token for the provisioning API,
-# or the homeserver token for the appservice endpoints), not by us.
-matrix_bridges_exposure_enabled: true
-matrix_bridges_exposure_hostname: "{{ matrix_server_fqn_matrix }}"
-matrix_bridges_exposure_path_prefix: /bridges
-
 # Global var to enable/disable relay mode across all bridges with relay mode support
 matrix_bridges_relay_enabled: false
 

roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml

@@ -36,12 +36,8 @@ matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340'
 matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_bluesky_appservice_public_address`).
+# A public address that external services can use to reach this appservice.
-matrix_mautrix_bluesky_scheme: https
+matrix_mautrix_bluesky_appservice_public_address: ''
-
-# A public address that external services can use to reach this appservice (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_bluesky_appservice_public_address: "{{ (matrix_mautrix_bluesky_scheme + '://' + matrix_mautrix_bluesky_exposure_hostname + matrix_mautrix_bluesky_exposure_path_prefix) if matrix_mautrix_bluesky_exposure_enabled else '' }}"
 
 # Displayname template for Bluesky users.
 # {{ .DisplayName }} is replaced with the display name of the Bluesky user.
@@ -82,15 +78,6 @@ matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_enabled: f
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-bluesky's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_bluesky_container_labels_exposure_enabled: "{{ matrix_mautrix_bluesky_exposure_enabled }}"
-matrix_mautrix_bluesky_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_bluesky_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_bluesky_exposure_path_prefix }}`)"
-matrix_mautrix_bluesky_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_bluesky_container_labels_traefik_entrypoints }}"
-matrix_mautrix_bluesky_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_bluesky_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_bluesky_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_bluesky_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -171,11 +158,6 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: false
 matrix_mautrix_bluesky_metrics_proxying_hostname: ''
 matrix_mautrix_bluesky_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-bluesky's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_bluesky_exposure_enabled: false
-matrix_mautrix_bluesky_exposure_hostname: ''
-matrix_mautrix_bluesky_exposure_path_prefix: ''
-
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bridge-mautrix-bluesky/templates/labels.j2

@@ -46,39 +46,6 @@ traefik.http.routers.matrix-mautrix-bluesky-metrics.tls.certResolver={{ matrix_m
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_bluesky_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-bluesky-exposure.loadbalancer.server.port=29340
-
-traefik.http.middlewares.matrix-mautrix-bluesky-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_bluesky_exposure_path_prefix }}
-traefik.http.routers.matrix-mautrix-bluesky-exposure.middlewares=matrix-mautrix-bluesky-exposure-strip-prefix
-
-traefik.http.routers.matrix-mautrix-bluesky-exposure.rule={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_bluesky_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-bluesky-exposure.priority={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-bluesky-exposure.service=matrix-mautrix-bluesky-exposure
-traefik.http.routers.matrix-mautrix-bluesky-exposure.entrypoints={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-bluesky-exposure.tls={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_bluesky_container_labels_exposure_traefik_tls %}
-traefik.http.routers.matrix-mautrix-bluesky-exposure.tls.certResolver={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -38,13 +38,6 @@ matrix_mautrix_gmessages_homeserver_async_media: false
 matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_gmessages_bridge_public_address`).
-matrix_mautrix_gmessages_scheme: https
-
-# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_gmessages_bridge_public_address: "{{ (matrix_mautrix_gmessages_scheme + '://' + matrix_mautrix_gmessages_exposure_hostname + matrix_mautrix_gmessages_exposure_path_prefix) if matrix_mautrix_gmessages_exposure_enabled else '' }}"
-
 matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
@@ -82,15 +75,6 @@ matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled:
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-gmessages' HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_gmessages_container_labels_exposure_enabled: "{{ matrix_mautrix_gmessages_exposure_enabled }}"
-matrix_mautrix_gmessages_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_gmessages_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_gmessages_exposure_path_prefix }}`)"
-matrix_mautrix_gmessages_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_gmessages_container_labels_traefik_entrypoints }}"
-matrix_mautrix_gmessages_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_gmessages_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_gmessages_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -135,11 +119,6 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: false
 matrix_mautrix_gmessages_metrics_proxying_hostname: ''
 matrix_mautrix_gmessages_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-gmessages' HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_gmessages_exposure_enabled: false
-matrix_mautrix_gmessages_exposure_hostname: ''
-matrix_mautrix_gmessages_exposure_path_prefix: ''
-
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.
@@ -189,10 +168,6 @@ matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}
 
 matrix_mautrix_gmessages_public_media_signing_key: ''
 
-# Shared secret for authentication of provisioning API requests.
-# If set to "disable", the provisioning API will be disabled.
-matrix_mautrix_gmessages_provisioning_shared_secret: disable
-
 matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
 
 matrix_mautrix_gmessages_bridge_permissions: |

roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2

@@ -181,7 +181,7 @@ appservice:
     address: {{ matrix_mautrix_gmessages_appservice_address }}
     # A public address that external services can use to reach this appservice.
     # This value doesn't affect the registration file.
-    public_address: {{ matrix_mautrix_gmessages_bridge_public_address | to_json }}
+    public_address: https://bridge.example.com
 
     # The hostname and port where this appservice should listen.
     # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -247,7 +247,7 @@ provisioning:
     prefix: /_matrix/provision
     # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
     # or if set to "disable", the provisioning API will be disabled.
-    shared_secret: {{ matrix_mautrix_gmessages_provisioning_shared_secret | to_json }}
+    shared_secret: disable
     # Whether to allow provisioning API requests to be authed using Matrix access tokens.
     # This follows the same rules as double puppeting to determine which server to contact to check the token,
     # which means that by default, it only works for users on the same server as the bridge.

roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2

@@ -46,39 +46,6 @@ traefik.http.routers.matrix-mautrix-gmessages-metrics.tls.certResolver={{ matrix
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_gmessages_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-gmessages-exposure.loadbalancer.server.port=8080
-
-traefik.http.middlewares.matrix-mautrix-gmessages-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_gmessages_exposure_path_prefix }}
-traefik.http.routers.matrix-mautrix-gmessages-exposure.middlewares=matrix-mautrix-gmessages-exposure-strip-prefix
-
-traefik.http.routers.matrix-mautrix-gmessages-exposure.rule={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_gmessages_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-gmessages-exposure.priority={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-gmessages-exposure.service=matrix-mautrix-gmessages-exposure
-traefik.http.routers.matrix-mautrix-gmessages-exposure.entrypoints={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-gmessages-exposure.tls={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_gmessages_container_labels_exposure_traefik_tls %}
-traefik.http.routers.matrix-mautrix-gmessages-exposure.tls.certResolver={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -63,15 +63,6 @@ matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-meta-instagram's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_meta_instagram_container_labels_exposure_enabled: "{{ matrix_mautrix_meta_instagram_exposure_enabled }}"
-matrix_mautrix_meta_instagram_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_meta_instagram_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_instagram_exposure_path_prefix }}`)"
-matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints }}"
-matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -132,13 +123,6 @@ matrix_mautrix_meta_instagram_homeserver_token: ''
 
 matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta_instagram_identifier }}:29319"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_meta_instagram_bridge_public_address`).
-matrix_mautrix_meta_instagram_scheme: https
-
-# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_meta_instagram_bridge_public_address: "{{ (matrix_mautrix_meta_instagram_scheme + '://' + matrix_mautrix_meta_instagram_exposure_hostname + matrix_mautrix_meta_instagram_exposure_path_prefix) if matrix_mautrix_meta_instagram_exposure_enabled else '' }}"
-
 matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}"
 
 matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
@@ -198,11 +182,6 @@ matrix_mautrix_meta_instagram_metrics_proxying_enabled: false
 matrix_mautrix_meta_instagram_metrics_proxying_hostname: ''
 matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-meta-instagram's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_meta_instagram_exposure_enabled: false
-matrix_mautrix_meta_instagram_exposure_hostname: ''
-matrix_mautrix_meta_instagram_exposure_path_prefix: ''
-
 matrix_mautrix_meta_instagram_bridge_username_prefix: |-
   {{
     ({

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2

@@ -197,7 +197,7 @@ appservice:
     address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }}
     # A public address that external services can use to reach this appservice.
     # This value doesn't affect the registration file.
-    public_address: {{ matrix_mautrix_meta_instagram_bridge_public_address | to_json }}
+    public_address: https://bridge.example.com
 
     # The hostname and port where this appservice should listen.
     # For Docker, you generally have to change the hostname to 0.0.0.0.

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/labels.j2

@@ -4,19 +4,15 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
-{% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and (matrix_mautrix_meta_instagram_container_labels_metrics_enabled or matrix_mautrix_meta_instagram_container_labels_exposure_enabled) %}
+{% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
 traefik.enable=true
 
 {% if matrix_mautrix_meta_instagram_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_mautrix_meta_instagram_container_labels_traefik_docker_network }}
 {% endif %}
 
-{% if matrix_mautrix_meta_instagram_container_labels_exposure_enabled %}
 traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-appservice.loadbalancer.server.port=29319
-{% endif %}
-{% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
 traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.loadbalancer.server.port=8000
-{% endif %}
 
 
 {% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
@@ -52,37 +48,6 @@ traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.tls.
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_meta_instagram_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.middlewares.{{ matrix_mautrix_meta_instagram_identifier }}-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_meta_instagram_exposure_path_prefix }}
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.middlewares={{ matrix_mautrix_meta_instagram_identifier }}-exposure-strip-prefix
-
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.rule={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.priority={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.service={{ matrix_mautrix_meta_instagram_identifier }}-appservice
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.entrypoints={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.tls={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls %}
-traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.tls.certResolver={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -63,15 +63,6 @@ matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-meta-messenger's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_meta_messenger_container_labels_exposure_enabled: "{{ matrix_mautrix_meta_messenger_exposure_enabled }}"
-matrix_mautrix_meta_messenger_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_meta_messenger_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_messenger_exposure_path_prefix }}`)"
-matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints }}"
-matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -132,13 +123,6 @@ matrix_mautrix_meta_messenger_homeserver_token: ''
 
 matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_meta_messenger_bridge_public_address`).
-matrix_mautrix_meta_messenger_scheme: https
-
-# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_meta_messenger_bridge_public_address: "{{ (matrix_mautrix_meta_messenger_scheme + '://' + matrix_mautrix_meta_messenger_exposure_hostname + matrix_mautrix_meta_messenger_exposure_path_prefix) if matrix_mautrix_meta_messenger_exposure_enabled else '' }}"
-
 matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}"
 
 matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
@@ -198,11 +182,6 @@ matrix_mautrix_meta_messenger_metrics_proxying_enabled: false
 matrix_mautrix_meta_messenger_metrics_proxying_hostname: ''
 matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-meta-messenger's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_meta_messenger_exposure_enabled: false
-matrix_mautrix_meta_messenger_exposure_hostname: ''
-matrix_mautrix_meta_messenger_exposure_path_prefix: ''
-
 matrix_mautrix_meta_messenger_bridge_username_prefix: |-
   {{
     ({

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2

@@ -197,7 +197,7 @@ appservice:
     address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }}
     # A public address that external services can use to reach this appservice.
     # This value doesn't affect the registration file.
-    public_address: {{ matrix_mautrix_meta_messenger_bridge_public_address | to_json }}
+    public_address: https://bridge.example.com
 
     # The hostname and port where this appservice should listen.
     # For Docker, you generally have to change the hostname to 0.0.0.0.

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2

@@ -4,19 +4,15 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
-{% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and (matrix_mautrix_meta_messenger_container_labels_metrics_enabled or matrix_mautrix_meta_messenger_container_labels_exposure_enabled) %}
+{% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
 traefik.enable=true
 
 {% if matrix_mautrix_meta_messenger_container_labels_traefik_docker_network %}
 traefik.docker.network={{ matrix_mautrix_meta_messenger_container_labels_traefik_docker_network }}
 {% endif %}
 
-{% if matrix_mautrix_meta_messenger_container_labels_exposure_enabled %}
 traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-appservice.loadbalancer.server.port=29319
-{% endif %}
-{% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
 traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.loadbalancer.server.port=8000
-{% endif %}
 
 
 {% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
@@ -52,37 +48,6 @@ traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.tls.
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_meta_messenger_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_meta_messenger_exposure_path_prefix }}
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.middlewares={{ matrix_mautrix_meta_messenger_identifier }}-exposure-strip-prefix
-
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.rule={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.priority={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.service={{ matrix_mautrix_meta_messenger_identifier }}-appservice
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.entrypoints={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.tls={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls %}
-traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.tls.certResolver={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -46,13 +46,6 @@ matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_signal_homeserver_async_media: false
 matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_signal_bridge_public_address`).
-matrix_mautrix_signal_scheme: https
-
-# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_signal_bridge_public_address: "{{ (matrix_mautrix_signal_scheme + '://' + matrix_mautrix_signal_exposure_hostname + matrix_mautrix_signal_exposure_path_prefix) if matrix_mautrix_signal_exposure_enabled else '' }}"
-
 matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
@@ -107,15 +100,6 @@ matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: fa
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-signal's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_signal_container_labels_exposure_enabled: "{{ matrix_mautrix_signal_exposure_enabled }}"
-matrix_mautrix_signal_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_signal_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_signal_exposure_path_prefix }}`)"
-matrix_mautrix_signal_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_signal_container_labels_traefik_entrypoints }}"
-matrix_mautrix_signal_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_signal_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_signal_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_signal_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -166,11 +150,6 @@ matrix_mautrix_signal_metrics_proxying_enabled: false
 matrix_mautrix_signal_metrics_proxying_hostname: ''
 matrix_mautrix_signal_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-signal's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_signal_exposure_enabled: false
-matrix_mautrix_signal_exposure_hostname: ''
-matrix_mautrix_signal_exposure_path_prefix: ''
-
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.

roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -171,7 +171,7 @@ appservice:
 
     # A public address that external services can use to reach this appservice.
     # This value doesn't affect the registration file.
-    public_address: {{ matrix_mautrix_signal_bridge_public_address | to_json }}
+    public_address: ""
 
     # The hostname and port where this appservice should listen.
     # For Docker, you generally have to change the hostname to 0.0.0.0.

roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2

@@ -46,39 +46,6 @@ traefik.http.routers.matrix-mautrix-signal-metrics.tls.certResolver={{ matrix_ma
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_signal_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-signal-exposure.loadbalancer.server.port=8080
-
-traefik.http.middlewares.matrix-mautrix-signal-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_signal_exposure_path_prefix }}
-traefik.http.routers.matrix-mautrix-signal-exposure.middlewares=matrix-mautrix-signal-exposure-strip-prefix
-
-traefik.http.routers.matrix-mautrix-signal-exposure.rule={{ matrix_mautrix_signal_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_signal_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-signal-exposure.priority={{ matrix_mautrix_signal_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-signal-exposure.service=matrix-mautrix-signal-exposure
-traefik.http.routers.matrix-mautrix-signal-exposure.entrypoints={{ matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-signal-exposure.tls={{ matrix_mautrix_signal_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_signal_container_labels_exposure_traefik_tls %}
-traefik.http.routers.matrix-mautrix-signal-exposure.tls.certResolver={{ matrix_mautrix_signal_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -46,13 +46,6 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_telegram_homeserver_async_media: false
 matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
 
-# Scheme of the bridge's public address (see `matrix_mautrix_telegram_bridge_public_address`).
-matrix_mautrix_telegram_scheme: https
-
-# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_telegram_bridge_public_address: "{{ (matrix_mautrix_telegram_scheme + '://' + matrix_mautrix_telegram_exposure_hostname + matrix_mautrix_telegram_exposure_path_prefix) if matrix_mautrix_telegram_exposure_enabled else '' }}"
-
 matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
@@ -88,15 +81,6 @@ matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled:
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-telegram's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_telegram_container_labels_exposure_enabled: "{{ matrix_mautrix_telegram_exposure_enabled }}"
-matrix_mautrix_telegram_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_telegram_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_exposure_path_prefix }}`)"
-matrix_mautrix_telegram_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_telegram_container_labels_traefik_entrypoints }}"
-matrix_mautrix_telegram_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_telegram_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_telegram_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_telegram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -141,11 +125,6 @@ matrix_mautrix_telegram_metrics_proxying_enabled: false
 matrix_mautrix_telegram_metrics_proxying_hostname: ''
 matrix_mautrix_telegram_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-telegram's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_telegram_exposure_enabled: false
-matrix_mautrix_telegram_exposure_hostname: ''
-matrix_mautrix_telegram_exposure_path_prefix: ''
-
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.

roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -281,7 +281,7 @@ appservice:
     # A public address that external services can use to reach this appservice.
     # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
     # This value doesn't affect the registration file.
-    public_address: {{ matrix_mautrix_telegram_bridge_public_address | to_json }}
+    public_address: ""
 
     # The hostname and port where this appservice should listen.
     # For Docker, you generally have to change the hostname to 0.0.0.0.

roles/custom/matrix-bridge-mautrix-telegram/templates/labels.j2

@@ -46,39 +46,6 @@ traefik.http.routers.matrix-mautrix-telegram-metrics.tls.certResolver={{ matrix_
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_telegram_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-telegram-exposure.loadbalancer.server.port=8080
-
-traefik.http.middlewares.matrix-mautrix-telegram-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_telegram_exposure_path_prefix }}
-traefik.http.routers.matrix-mautrix-telegram-exposure.middlewares=matrix-mautrix-telegram-exposure-strip-prefix
-
-traefik.http.routers.matrix-mautrix-telegram-exposure.rule={{ matrix_mautrix_telegram_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_telegram_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-telegram-exposure.priority={{ matrix_mautrix_telegram_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-telegram-exposure.service=matrix-mautrix-telegram-exposure
-traefik.http.routers.matrix-mautrix-telegram-exposure.entrypoints={{ matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-telegram-exposure.tls={{ matrix_mautrix_telegram_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_telegram_container_labels_exposure_traefik_tls %}
-traefik.http.routers.matrix-mautrix-telegram-exposure.tls.certResolver={{ matrix_mautrix_telegram_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -44,12 +44,8 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
 matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_twitter_appservice_public_address`).
+# A public address that external services can use to reach this appservice.
-matrix_mautrix_twitter_scheme: https
+matrix_mautrix_twitter_appservice_public_address: ''
-
-# A public address that external services can use to reach this appservice (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_twitter_appservice_public_address: "{{ (matrix_mautrix_twitter_scheme + '://' + matrix_mautrix_twitter_exposure_hostname + matrix_mautrix_twitter_exposure_path_prefix) if matrix_mautrix_twitter_exposure_enabled else '' }}"
 
 # Displayname template for Twitter users.
 # {{ .DisplayName }} is replaced with the display name of the Twitter user.
@@ -90,15 +86,6 @@ matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: f
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-twitter's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_twitter_container_labels_exposure_enabled: "{{ matrix_mautrix_twitter_exposure_enabled }}"
-matrix_mautrix_twitter_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_twitter_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_twitter_exposure_path_prefix }}`)"
-matrix_mautrix_twitter_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_twitter_container_labels_traefik_entrypoints }}"
-matrix_mautrix_twitter_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_twitter_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_twitter_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_twitter_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -179,11 +166,6 @@ matrix_mautrix_twitter_metrics_proxying_enabled: false
 matrix_mautrix_twitter_metrics_proxying_hostname: ''
 matrix_mautrix_twitter_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-twitter's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_twitter_exposure_enabled: false
-matrix_mautrix_twitter_exposure_hostname: ''
-matrix_mautrix_twitter_exposure_path_prefix: ''
-
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2

@@ -46,39 +46,6 @@ traefik.http.routers.matrix-mautrix-twitter-metrics.tls.certResolver={{ matrix_m
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_twitter_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-twitter-exposure.loadbalancer.server.port=29327
-
-traefik.http.middlewares.matrix-mautrix-twitter-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_twitter_exposure_path_prefix }}
-traefik.http.routers.matrix-mautrix-twitter-exposure.middlewares=matrix-mautrix-twitter-exposure-strip-prefix
-
-traefik.http.routers.matrix-mautrix-twitter-exposure.rule={{ matrix_mautrix_twitter_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_twitter_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-twitter-exposure.priority={{ matrix_mautrix_twitter_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-twitter-exposure.service=matrix-mautrix-twitter-exposure
-traefik.http.routers.matrix-mautrix-twitter-exposure.entrypoints={{ matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-twitter-exposure.tls={{ matrix_mautrix_twitter_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_twitter_container_labels_exposure_traefik_tls %}
-traefik.http.routers.matrix-mautrix-twitter-exposure.tls.certResolver={{ matrix_mautrix_twitter_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -48,13 +48,6 @@ matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_whatsapp_homeserver_async_media: false
 matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
 
-# Scheme of the bridge's public address (see `matrix_mautrix_whatsapp_bridge_public_address`).
-matrix_mautrix_whatsapp_scheme: https
-
-# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
-# Used for the provisioning API's external-server (OpenID) flow and for public media links.
-matrix_mautrix_whatsapp_bridge_public_address: "{{ (matrix_mautrix_whatsapp_scheme + '://' + matrix_mautrix_whatsapp_exposure_hostname + matrix_mautrix_whatsapp_exposure_path_prefix) if matrix_mautrix_whatsapp_exposure_enabled else '' }}"
-
 matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
 matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
@@ -88,15 +81,6 @@ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled:
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: ''
 
-# Controls whether labels will be added that expose mautrix-whatsapp's HTTP API
-# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
-matrix_mautrix_whatsapp_container_labels_exposure_enabled: "{{ matrix_mautrix_whatsapp_exposure_enabled }}"
-matrix_mautrix_whatsapp_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_whatsapp_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_whatsapp_exposure_path_prefix }}`)"
-matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority: 0
-matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_whatsapp_container_labels_traefik_entrypoints }}"
-matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints != 'web' }}"
-matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
 # matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -141,11 +125,6 @@ matrix_mautrix_whatsapp_metrics_proxying_enabled: false
 matrix_mautrix_whatsapp_metrics_proxying_hostname: ''
 matrix_mautrix_whatsapp_metrics_proxying_path_prefix: ''
 
-# Controls whether mautrix-whatsapp's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
-matrix_mautrix_whatsapp_exposure_enabled: false
-matrix_mautrix_whatsapp_exposure_hostname: ''
-matrix_mautrix_whatsapp_exposure_path_prefix: ''
-
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.

roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -269,7 +269,7 @@ appservice:
     # A public address that external services can use to reach this appservice.
     # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
     # This value doesn't affect the registration file.
-    public_address: {{ matrix_mautrix_whatsapp_bridge_public_address | to_json }}
+    public_address: ""
 
     # The hostname and port where this appservice should listen.
     # For Docker, you generally have to change the hostname to 0.0.0.0.

roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2

@@ -46,39 +46,6 @@ traefik.http.routers.matrix-mautrix-whatsapp-metrics.tls.certResolver={{ matrix_
 ############################################################
 {% endif %}
 
-{% if matrix_mautrix_whatsapp_container_labels_exposure_enabled %}
-############################################################
-#                                                          #
-# Bridge API exposure                                      #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-whatsapp-exposure.loadbalancer.server.port=8080
-
-traefik.http.middlewares.matrix-mautrix-whatsapp-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_whatsapp_exposure_path_prefix }}
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.middlewares=matrix-mautrix-whatsapp-exposure-strip-prefix
-
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.rule={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_rule }}
-
-{% if matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.priority={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.service=matrix-mautrix-whatsapp-exposure
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.entrypoints={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.tls={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls | to_json }}
-{% if matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls %}
-traefik.http.routers.matrix-mautrix-whatsapp-exposure.tls.certResolver={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Bridge API exposure                                     #
-#                                                          #
-############################################################
-{% endif %}
-
 
 {% endif %}