#2970: Setup an IRC Matrix bridge system
---------------------------+-------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Keywords: matrix, irc
---------------------------+-------------------------
Libera.chat operators are ok with us doing this. We could limit the bridge
to known OSGeo channels and the bridge could be represented as a single
IRC user to reduce the traffic.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+------------------------
Comment (by robe):
Are these instructions still valid:
https://matrix-org.github.io/matrix-appservice-irc/latest/bridge_setup
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+------------------------
Comment (by robe):
Another one https://github.com/hifi/heisenbridge
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+------------------------
Comment (by robe):
I'm leaning toward heisenbridge. As best I understand from reading, it
needs to be installed in the matrix container or same server so it can
communicate with matrix on local port and share secrets.
I'm debating if I should install in venv, I'm leaning toward not since our
matrix isn't in a venv either.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Changes (by robe):
* milestone: Unplanned => Sysadmin Contract 2023-I
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by robe):
Okay updated matrix page https://git.osgeo.org/gitea/sac/osgeo3/wiki
/matrix-container#installing-irc-bridge-in-progress with my efforts so far
and sadly failing on ERROR:root:Unexpected failure when registering
appservice user.
It generated the heisenbridge yaml file okay but maybe /etc/matrix-
synapse/conf.d/heisenbridge.yaml or /etc/matrix-synapse/heisenbridge.yaml
are neither the right place or the port matrix is running on is not
default
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by robe):
Okay got a bit farther. I added the path to the config in /etc/matrix-
synapse/home-server.yaml and it started without error
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:6>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
I'd recommend using an ansible role to deploy the bridge
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:7>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
It looks like an ansible role for the whole matrix ecosystem exists here:
https://github.com/spantaleev/matrix-docker-ansible-deploy
It may be used to deploy both synapse and the bridge (and optionally a lot
more).
It is docker based.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:8>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
With https://git.osgeo.org/gitea/sac/ansible-
deployment/commit/d7961f62b22015b923b5475f756b3e6f970712c4 I've stubbed an
ansible role for heisenbridge, startign from a version received on IRC by
"hifi" in the Heisenbridge channel.
I didn't use it yet.
Instead I've restarted the bridge with the correct --owner (was lacking
the @ suffix) so now I could DM the bot. I've updated
https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:9>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
I've plumbed #sac:osgeo.org to #osgeo-sac on libera.chat
Tests welcome.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:10>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
I think we should ensure both heisenbridge (the bot) and the puppeted IRC
users use a name which is forbidden to be registered in LDAP, for security
reasons.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:11>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
I've filed https://git.osgeo.org/gitea/sac/web-cgi-bin/issues/19 to
reserve a class/prefix
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:12>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
As reported upstream, we found dashes are already reserved, so the
heisenbridge user should be renamed to something like `osgeo-service-
heisenbridge` or `osgeo-matrix` or something. I like short names more
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:13>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
The other thing to fix is the ident service, doesn't seem to be working
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:14>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
The service is now being deployed via ansible, see
https://git.osgeo.org/gitea/sac/ansible-
deployment/commit/b8e5e633967222d73d9192fd877dc465b2187dc4
The only change on the server machine is that the bridge is now controlled
by a proper systemd service. I failed to change the heisenbridge MXID so
far, as changing the `sender_localpart` setting in /etc/matrix-
synapse/heisenbridge.yaml had no effect.
We're also still missing running as an unprivileged user (and the ident
part)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:15>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
I've now deployed the updated LDAP user creation script to forbid creation
of "heisenbridge" as a name.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:16>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
With help of Greyshade we now have heisenbridge running as an unprivileged
user so we changed the ident port to 9113 and the firewall needs be
updated. See https://git.osgeo.org/gitea/sac/ansible-
deployment/commit/07f5243f500764f9eedcb62320490f4be6af68bb
I suggest the firewall configuration is also done via ansible as it
already does ufw:
https://git.osgeo.org/gitea/sac/ansible-
deployment/src/branch/master/deployment/roles/osgeo3/tasks/main.yml#L144
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:17>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
I've pushed a task in ansible to setup the matrix container:
https://git.osgeo.org/gitea/sac/ansible-
deployment/src/branch/master/deployment/roles/osgeo3/tasks/main.yml#L73
I didnt' deploy it so it's to be tested carefully.
The container configuration in ansible was copied from the running system
except for base image (set to debian-11 in ansible but the current
container is running debian-10, see #2988) and the configuration of the
proxy device to use "proxy_protocol":
https://git.osgeo.org/gitea/sac/ansible-
deployment/src/branch/master/deployment/roles/osgeo3/defaults/main/container_matrix.yml
I'm not sure if "proxy_protocol" is what we need but I know we need the
identd server inside the container to see the real IP address of the ident
client contacting it.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:18>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2970: Setup an IRC Matrix bridge system
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-I
Component: Systems Admin | Resolution:
Keywords: matrix, irc |
---------------------------+---------------------------------------
Comment (by strk):
The proxy_protocol=true setting on the proxy is now active but we're still
not good, probably not receiving the correct IP
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2970#comment:19>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.