spantaleev · ignyx · Oct 7, 2024 · Oct 16, 2024 · Oct 20, 2024 · Oct 20, 2024
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
@@ -1491,7 +1491,10 @@ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ dev
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_meta_messenger_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.as', rounds=655555) | to_uuid }}"
+matrix_mautrix_meta_messenger_appservice_bridgev2_enabled: false
 
 matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 

diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@@ -55,6 +55,18 @@ matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled: "{{ matrix_mautrix_meta_messenger_appservice_bridgev2_enabled }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_path_external: "/_matrix/{{ matrix_mautrix_meta_messenger_identifier }}/provision"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_path_internal: "/_matrix/provision"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_path_external }}`)"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_meta_messenger_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -144,6 +156,10 @@ matrix_mautrix_meta_messenger_appservice_database_uri: |-
 
 matrix_mautrix_meta_messenger_appservice_token: ''
 
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_meta_messenger_appservice_bridgev2_enabled: false
+
 # Controls which service this bridge is for.
 # Valid options:
 # * facebook - connect to FB Messenger via facebook.com

diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml
@@ -8,6 +8,7 @@
   with_items:
     - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
     - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
     - {'name': 'matrix_mautrix_meta_messenger_appservice_token', when: true}
     - {'name': 'matrix_mautrix_meta_messenger_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_meta_messenger_container_network', when: true}

diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2
@@ -43,6 +43,39 @@ traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.tls.
 {% endif %}
 
 
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled %}
+############################################################
+#                                                          #
+# Appservice Bridgev2 API                                  #
+#                                                          #
+############################################################
+
+traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-replacepathregex.replacepathregex.regex=^{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_path_external }}/(.*)
+traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-replacepathregex.replacepathregex.replacement={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_path_internal }}/$1
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.middlewares={{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-replacepathregex
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.rule={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_rule }}
+
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority | int > 0 %}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.priority={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.service={{ matrix_mautrix_meta_messenger_identifier }}-appservice
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.entrypoints={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_entrypoints }}
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.tls={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls | to_json }}
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls %}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.tls.certResolver={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Appservice Bridgev2 API                                 #
+#                                                          #
+############################################################
+{% endif %}
+
+
 {% endif %}
 
 {{ matrix_mautrix_meta_messenger_container_labels_additional_labels }}