Merge branch 'master' into pub.solar
This commit is contained in:
commit
8c261b296b
93 changed files with 3790 additions and 153 deletions
21
CHANGELOG.md
21
CHANGELOG.md
|
@ -1,3 +1,24 @@
|
|||
|
||||
# 2021-03-20
|
||||
|
||||
## Sygnal push gateway support
|
||||
|
||||
The playbook can now install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
|
||||
|
||||
This is only useful to people who develop/build their own Matrix client applications.
|
||||
|
||||
Additional details are available in our [Setting up Sygnal](docs/configuring-playbook-sygnal.md) docs.
|
||||
|
||||
|
||||
# 2021-03-16
|
||||
|
||||
## Go-NEB support
|
||||
|
||||
Thanks to [Zir0h](https://github.com/Zir0h), the playbook can now install and configure the [Go-NEB](https://github.com/matrix-org/go-neb) bot.
|
||||
|
||||
Additional details are available in [Setting up Go-NEB](docs/configuring-playbook-bot-go-neb.md).
|
||||
|
||||
|
||||
# 2021-02-19
|
||||
|
||||
## GroupMe bridging support via mx-puppet-groupme
|
||||
|
|
|
@ -91,12 +91,16 @@ Using this playbook, you can get the following services configured on your serve
|
|||
|
||||
- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
|
||||
|
||||
- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
|
||||
|
||||
- (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server - see [docs/configuring-playbook-synapse-admin.md](docs/configuring-playbook-synapse-admin.md) for setup documentation
|
||||
|
||||
- (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation
|
||||
|
||||
- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation
|
||||
|
||||
- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
|
||||
|
||||
Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
|
||||
|
||||
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
|
||||
|
|
43
docs/configuring-awx-system.md
Normal file
43
docs/configuring-awx-system.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Configuring AWX System (optional)
|
||||
|
||||
An AWX setup for managing multiple Matrix servers.
|
||||
|
||||
This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
|
||||
|
||||
Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. This script is free to use in a commercial context with the 'MemberPress Plus' and 'WP Oauth Sever' addons. It can also be run in a non-commercial context.
|
||||
|
||||
The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
|
||||
|
||||
Ideally this system can manage the updates, configuration, backups and monitoring on it's own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
|
||||
|
||||
Warning: This project is currently alpha quality and should only be run by the brave.
|
||||
|
||||
|
||||
## Other Required Playbooks
|
||||
|
||||
The following repositories allow you to copy and use this setup:
|
||||
|
||||
[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you.
|
||||
|
||||
[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions.
|
||||
|
||||
[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
|
||||
|
||||
## Testing Fork For This Playbook
|
||||
|
||||
Updates to this section are trailed here:
|
||||
|
||||
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/gomatrixhosting-matrix-docker-ansible-deploy)
|
||||
|
||||
|
||||
## Does I need an AWX setup to use this? How do I configure it?
|
||||
|
||||
Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in '/docs/Installation.md' of that repository.
|
||||
|
||||
|
||||
## Does I need a front-end WordPress site? And a DigitalOcean account?
|
||||
|
||||
You do not need a front-end WordPress site or any of the mentioned WordPress plugins to use this setup. It can be run on it's own in a non-commercial context.
|
||||
|
||||
You also don't need a DigitalOcean account, but this will limit you to only being able to connect 'On-Premises' servers.
|
||||
|
|
@ -15,31 +15,33 @@ As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 di
|
|||
This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates.
|
||||
If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do.
|
||||
|
||||
## Required DNS settings for services enabled by default
|
||||
## DNS settings for services enabled by default
|
||||
|
||||
| Type | Host | Priority | Weight | Port | Target |
|
||||
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
||||
| A | `matrix` | - | - | - | `matrix-server-IP` |
|
||||
| CNAME | `element` | - | - | - | `matrix.<your-domain>` |
|
||||
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
||||
|
||||
Be mindful as to how long it will take for the DNS records to propagate.
|
||||
|
||||
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
|
||||
|
||||
## Required DNS settings for optional services
|
||||
## DNS settings for optional services/features
|
||||
|
||||
| Type | Host | Priority | Weight | Port | Target |
|
||||
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
||||
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
||||
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `goneb` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `sygnal` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
|
||||
## Subdomains setup
|
||||
|
||||
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
|
||||
|
||||
The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you.
|
||||
The `element.<your-domain>` subdomain may be necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you.
|
||||
If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
|
||||
|
||||
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
|
||||
|
@ -48,12 +50,19 @@ The `jitsi.<your-domain>` subdomain may be necessary, because this playbook coul
|
|||
|
||||
The `stats.<your-domain>` subdomain may be necessary, because this playbook could install [Grafana](https://grafana.com/) and setup performance metrics for you. Grafana installation is disabled by default, it is not a core required component. To learn how to install it, see our [metrics and graphs guide](configuring-playbook-prometheus-grafana.md). If you do not wish to set up Grafana, feel free to skip the `stats.<your-domain>` DNS record. It is possible to install Prometheus without installing Grafana, this would also not require the `stats.<your-domain>` subdomain.
|
||||
|
||||
The `goneb.<your-domain>` subdomain may be necessary, because this playbook could install the [Go-NEB](https://github.com/matrix-org/go-neb) bot. The installation of Go-NEB is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Go-NEB guide](configuring-playbook-bot-go-neb.md). If you do not wish to set up Go-NEB, feel free to skip the `goneb.<your-domain>` DNS record.
|
||||
|
||||
The `sygnal.<your-domain>` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.<your-domain>` DNS record.
|
||||
|
||||
|
||||
## `_matrix-identity._tcp` SRV record setup
|
||||
|
||||
To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) be authoritative for your domain name, set up one more SRV record that looks like this:
|
||||
To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this:
|
||||
- Name: `_matrix-identity._tcp` (use this text as-is)
|
||||
- Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own)
|
||||
|
||||
This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record.
|
||||
|
||||
Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
|
||||
|
||||
When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md).
|
||||
|
|
226
docs/configuring-playbook-bot-go-neb.md
Normal file
226
docs/configuring-playbook-bot-go-neb.md
Normal file
|
@ -0,0 +1,226 @@
|
|||
# Setting up Go-NEB (optional)
|
||||
|
||||
The playbook can install and configure [Go-NEB](https://github.com/matrix-org/go-neb) for you.
|
||||
|
||||
Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
|
||||
|
||||
See the project's [documentation](https://github.com/matrix-org/go-neb) to learn what it does and why it might be useful to you.
|
||||
|
||||
|
||||
## Registering the bot user
|
||||
|
||||
The playbook does not automatically create users for you. The bot requires at least 1 access token to be able to connect to your homeserver.
|
||||
|
||||
You **need to register the bot user manually** before setting up the bot.
|
||||
|
||||
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
|
||||
|
||||
You can use the playbook to [register a new user](registering-users.md):
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
|
||||
```
|
||||
|
||||
|
||||
## Getting an access token
|
||||
|
||||
If you use curl, you can get an access token like this:
|
||||
|
||||
```
|
||||
curl -X POST --header 'Content-Type: application/json' -d '{
|
||||
"identifier": { "type": "m.id.user", "user": "bot.go-neb" },
|
||||
"password": "a strong password",
|
||||
"type": "m.login.password"
|
||||
}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
|
||||
```
|
||||
|
||||
Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start).
|
||||
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
```yaml
|
||||
matrix_bot_go_neb_enabled: true
|
||||
|
||||
# You need at least 1 client.
|
||||
# Use the access token you obtained in the step above.
|
||||
matrix_bot_go_neb_clients:
|
||||
- UserID: "@goneb:{{ matrix_domain }}"
|
||||
AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
DeviceID: "DEVICE1"
|
||||
HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
Sync: true
|
||||
AutoJoinRooms: true
|
||||
DisplayName: "Go-NEB!"
|
||||
AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
|
||||
|
||||
- UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
DeviceID: "DEVICE2"
|
||||
HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
Sync: false
|
||||
AutoJoinRooms: false
|
||||
DisplayName: "Go-NEB!"
|
||||
AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]
|
||||
|
||||
# Optional, for use with the github_cmd, github_webhooks or jira services
|
||||
matrix_bot_go_neb_realms:
|
||||
- ID: "github_realm"
|
||||
Type: "github"
|
||||
Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs
|
||||
|
||||
# Optional. The list of *authenticated* sessions which Go-NEB is aware of.
|
||||
matrix_bot_go_neb_sessions:
|
||||
- SessionID: "your_github_session"
|
||||
RealmID: "github_realm"
|
||||
UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
|
||||
Config:
|
||||
# Populate these fields by generating a "Personal Access Token" on github.com
|
||||
AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
|
||||
Scopes: "admin:org_hook,admin:repo_hook,repo,user"
|
||||
|
||||
# The list of services which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureService for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
|
||||
# You need at least 1 service.
|
||||
matrix_bot_go_neb_services:
|
||||
- ID: "echo_service"
|
||||
Type: "echo"
|
||||
UserID: "@goneb:{{ matrix_domain }}"
|
||||
Config: {}
|
||||
|
||||
# Can be obtained from https://developers.giphy.com/dashboard/
|
||||
- ID: "giphy_service"
|
||||
Type: "giphy"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
api_key: "qwg4672vsuyfsfe"
|
||||
use_downsized: false
|
||||
|
||||
# This service has been dead for over a year :/
|
||||
- ID: "guggy_service"
|
||||
Type: "guggy"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
api_key: "2356saaqfhgfe"
|
||||
|
||||
# API Key via https://developers.google.com/custom-search/v1/introduction
|
||||
# CX via http://www.google.com/cse/manage/all
|
||||
# https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
|
||||
# 'Search the entire web' and 'Image search' enabled for best results
|
||||
- ID: "google_service"
|
||||
Type: "google"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
api_key: "AIzaSyA4FD39m9"
|
||||
cx: "AIASDFWSRRtrtr"
|
||||
|
||||
# Get a key via https://api.imgur.com/oauth2/addclient
|
||||
# Select "oauth2 without callback url"
|
||||
- ID: "imgur_service"
|
||||
Type: "imgur"
|
||||
UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
client_id: "AIzaSyA4FD39m9"
|
||||
client_secret: "somesecret"
|
||||
|
||||
- ID: "wikipedia_service"
|
||||
Type: "wikipedia"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
|
||||
- ID: "rss_service"
|
||||
Type: "rssbot"
|
||||
UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
Config:
|
||||
feeds:
|
||||
"http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
|
||||
rooms: ["!qmElAGdFYCHoCJuaNt:{{ matrix_domain }}"]
|
||||
must_include:
|
||||
author:
|
||||
- author1
|
||||
description:
|
||||
- lorem
|
||||
- ipsum
|
||||
must_not_include:
|
||||
title:
|
||||
- Lorem
|
||||
- Ipsum
|
||||
|
||||
- ID: "github_cmd_service"
|
||||
Type: "github"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
RealmID: "github_realm"
|
||||
|
||||
# Make sure your BASE_URL can be accessed by Github!
|
||||
- ID: "github_webhook_service"
|
||||
Type: "github-webhook"
|
||||
UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
Config:
|
||||
RealmID: "github_realm"
|
||||
ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
|
||||
Rooms:
|
||||
"!someroom:id":
|
||||
Repos:
|
||||
"matrix-org/synapse":
|
||||
Events: ["push", "issues"]
|
||||
"matrix-org/dendron":
|
||||
Events: ["pull_request"]
|
||||
"!anotherroom:id":
|
||||
Repos:
|
||||
"matrix-org/synapse":
|
||||
Events: ["push", "issues"]
|
||||
"matrix-org/dendron":
|
||||
Events: ["pull_request"]
|
||||
|
||||
- ID: "slackapi_service"
|
||||
Type: "slackapi"
|
||||
UserID: "@slackapi:{{ matrix_domain }}"
|
||||
Config:
|
||||
Hooks:
|
||||
"hook1":
|
||||
RoomID: "!someroom:id"
|
||||
MessageType: "m.text" # default is m.text
|
||||
|
||||
- ID: "alertmanager_service"
|
||||
Type: "alertmanager"
|
||||
UserID: "@alertmanager:{{ matrix_domain }}"
|
||||
Config:
|
||||
# This is for information purposes only. It should point to Go-NEB path as follows:
|
||||
# `/services/hooks/<base64 encoded service ID>`
|
||||
# Where in this case "service ID" is "alertmanager_service"
|
||||
# Make sure your BASE_URL can be accessed by the Alertmanager instance!
|
||||
webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
|
||||
# Each room will get the notification with the alert rendered with the given template
|
||||
rooms:
|
||||
"!someroomid:domain.tld":
|
||||
text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
|
||||
html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
|
||||
msg_type: "m.text" # Must be either `m.text` or `m.notice`
|
||||
```
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Don't forget to add `goneb.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To use the bot, invite it to any existing Matrix room (`/invite @whatever_you_chose:DOMAIN` where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain, make sure you have permission from the room owner if that's not you).
|
||||
|
||||
Basic usage is like this: `!echo hi` or `!imgur puppies` or `!giphy matrix`
|
||||
|
||||
If you enabled the github_cmd service you can get the supported commands via `!github help`
|
||||
|
||||
You can also refer to the upstream [Documentation](https://github.com/matrix-org/go-neb).
|
71
docs/configuring-playbook-sygnal.md
Normal file
71
docs/configuring-playbook-sygnal.md
Normal file
|
@ -0,0 +1,71 @@
|
|||
# Setting up Sygnal (optional)
|
||||
|
||||
The playbook can install and configure the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
|
||||
|
||||
See the project's [documentation](https://github.com/matrix-org/sygnal) to learn what it does and why it might be useful to you.
|
||||
|
||||
**Note**: most people don't need to install their own gateway. As Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) documentation says:
|
||||
|
||||
> It is not feasible to allow end-users to configure their own Sygnal instance, because the Sygnal instance needs the appropriate FCM or APNs secrets that belong to the application.
|
||||
|
||||
This optional playbook component is only useful to people who develop/build their own Matrix client applications themselves.
|
||||
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
```yaml
|
||||
matrix_sygnal_enabled: true
|
||||
|
||||
# You need at least 1 app defined.
|
||||
# The configuration below is incomplete. Read more below.
|
||||
matrix_sygnal_apps:
|
||||
com.example.myapp.ios:
|
||||
type: apns
|
||||
keyfile: /data/my_key.p8
|
||||
# .. more configuration ..
|
||||
com.example.myapp.android:
|
||||
type: gcm
|
||||
api_key: your_api_key_for_gcm
|
||||
# .. more configuration ..
|
||||
|
||||
matrix_aux_file_definitions:
|
||||
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
||||
content: |
|
||||
some
|
||||
content
|
||||
here
|
||||
mode: '0600'
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
```
|
||||
|
||||
For a more complete example of available fields and values they can take, see `roles/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
|
||||
|
||||
Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.
|
||||
|
||||
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
||||
To do that, the above example configuration:
|
||||
|
||||
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
|
||||
|
||||
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Don't forget to add `sygnal.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To make use of your Sygnal installation, you'd need to build your own Matrix client application, which uses the same API keys (for [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/)) and certificates (for [APNS](https://developer.apple.com/notifications/)) and is also pointed to `https://sygnal.DOMAIN` as the configured push server.
|
||||
|
||||
Refer to Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) document.
|
|
@ -130,3 +130,10 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
### Bots
|
||||
|
||||
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional)
|
||||
|
||||
- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (optional)
|
||||
|
||||
|
||||
### Other specialized services
|
||||
|
||||
- [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)
|
||||
|
|
|
@ -88,6 +88,8 @@ These services are not part of our default installation, but can be enabled by [
|
|||
|
||||
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
|
||||
|
||||
- [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional)
|
||||
|
||||
- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)
|
||||
|
||||
- [prom/prometheus](https://hub.docker.com/r/prom/prometheus/) - [Prometheus](https://github.com/prometheus/prometheus/) is a systems and service monitoring system
|
||||
|
@ -95,3 +97,5 @@ These services are not part of our default installation, but can be enabled by [
|
|||
- [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter/) - [Prometheus Node Exporter](https://github.com/prometheus/node_exporter/) is an addon for Prometheus that gathers standard system metrics
|
||||
|
||||
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
|
||||
|
||||
- [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Migrating to new server
|
||||
|
||||
1. Prepare by lowering DNS TTL for your domains (`matrix.DOMAIN`, etc.), so that DNS record changes (step 4 below) would happen faster, leading ot less downtime
|
||||
1. Prepare by lowering DNS TTL for your domains (`matrix.DOMAIN`, etc.), so that DNS record changes (step 4 below) would happen faster, leading to less downtime
|
||||
2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*`
|
||||
3. Copy directory `/matrix` from the old server to the new server. Make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)!
|
||||
4. Make sure your DNS records are adjusted to point to the new server's IP address
|
||||
|
|
|
@ -20,8 +20,6 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
|
|||
|
||||
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||
|
||||
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||
|
||||
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||
|
||||
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
|
||||
|
|
|
@ -29,6 +29,25 @@ matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix
|
|||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-awx
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# We don't enable AWX support by default.
|
||||
matrix_awx_enabled: false
|
||||
|
||||
matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
|
||||
matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-awx
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-bridge-appservice-discord
|
||||
|
@ -53,6 +72,8 @@ matrix_appservice_discord_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_appservice_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.as.token') | to_uuid }}"
|
||||
|
@ -96,6 +117,8 @@ matrix_appservice_webhooks_systemd_required_services_list: |
|
|||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
######################################################################
|
||||
|
@ -132,6 +155,8 @@ matrix_appservice_slack_systemd_required_services_list: |
|
|||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
|
@ -169,6 +194,8 @@ matrix_appservice_irc_systemd_required_services_list: |
|
|||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.as.token') | to_uuid }}"
|
||||
|
@ -204,6 +231,8 @@ matrix_mautrix_facebook_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.as.token') | to_uuid }}"
|
||||
|
@ -244,6 +273,8 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.as.token') | to_uuid }}"
|
||||
|
@ -283,6 +314,8 @@ matrix_mautrix_instagram_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.as.token') | to_uuid }}"
|
||||
|
@ -322,6 +355,8 @@ matrix_mautrix_signal_systemd_required_services_list: |
|
|||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
+
|
||||
['matrix-mautrix-signal-daemon.service']
|
||||
}}
|
||||
|
||||
|
@ -364,6 +399,8 @@ matrix_mautrix_telegram_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
|
||||
|
@ -402,6 +439,8 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.as.token') | to_uuid }}"
|
||||
|
@ -434,6 +473,8 @@ matrix_sms_bridge_systemd_required_services_list: |
|
|||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}"
|
||||
|
@ -464,6 +505,8 @@ matrix_mx_puppet_skype_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_skype_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'skype.as.tok') | to_uuid }}"
|
||||
|
@ -501,6 +544,8 @@ matrix_mx_puppet_slack_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
|
||||
|
@ -537,6 +582,8 @@ matrix_mx_puppet_twitter_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
|
||||
|
@ -576,6 +623,8 @@ matrix_mx_puppet_instagram_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
|
||||
|
@ -612,6 +661,8 @@ matrix_mx_puppet_discord_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
|
||||
|
@ -648,6 +699,8 @@ matrix_mx_puppet_steam_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
|
||||
|
@ -684,6 +737,8 @@ matrix_mx_puppet_groupme_systemd_required_services_list: |
|
|||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_groupme_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}"
|
||||
|
@ -716,6 +771,10 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
|
|||
['docker.service']
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
|
@ -729,6 +788,33 @@ matrix_bot_matrix_reminder_bot_database_password: "{{ matrix_synapse_macaroon_se
|
|||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-bot-go-neb
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# We don't enable bots by default.
|
||||
matrix_bot_go_neb_enabled: false
|
||||
|
||||
matrix_bot_go_neb_systemd_required_services_list: |
|
||||
{{
|
||||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:4050' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-bot-go-neb
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-corporal
|
||||
|
@ -825,6 +911,10 @@ matrix_dimension_systemd_required_services_list: |
|
|||
['docker.service']
|
||||
+
|
||||
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
|
||||
}}
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
|
@ -1053,8 +1143,10 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_s
|
|||
matrix_nginx_proxy_proxy_matrix_enabled: true
|
||||
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
|
||||
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
|
||||
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
|
||||
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
|
||||
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
|
||||
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||
|
@ -1072,7 +1164,6 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
|
|||
|
||||
# Settings controlling matrix-synapse-proxy.conf
|
||||
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
|
||||
|
||||
# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
|
||||
matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"
|
||||
|
@ -1104,7 +1195,7 @@ matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers
|
|||
|
||||
matrix_nginx_proxy_systemd_wanted_services_list: |
|
||||
{{
|
||||
(['matrix-synapse.service'])
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
+
|
||||
(['matrix-corporal.service'] if matrix_corporal_enabled else [])
|
||||
+
|
||||
|
@ -1123,10 +1214,14 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
|||
+
|
||||
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_grafana] if matrix_grafana_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
|
||||
+
|
||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||
+
|
||||
matrix_ssl_additional_domains_to_obtain_certificates_for
|
||||
|
@ -1299,6 +1394,12 @@ matrix_postgres_additional_databases: |
|
|||
'username': matrix_etherpad_database_username,
|
||||
'password': matrix_etherpad_database_password,
|
||||
}] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
|
||||
+
|
||||
([{
|
||||
'name': matrix_sygnal_database_name,
|
||||
'username': matrix_sygnal_database_username,
|
||||
'password': matrix_sygnal_database_password,
|
||||
}] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else [])
|
||||
}}
|
||||
|
||||
matrix_postgres_import_roles_to_ignore: |
|
||||
|
@ -1323,6 +1424,32 @@ matrix_postgres_import_databases_to_ignore: |
|
|||
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-sygnal
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# Most people don't need their own push-server, because they also need their own app to utilize it from.
|
||||
matrix_sygnal_enabled: false
|
||||
|
||||
# If someone instals Prometheus via the playbook, they most likely wish to monitor Sygnal.
|
||||
matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}"
|
||||
|
||||
matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-sygnal
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-redis
|
||||
|
|
1
roles/matrix-awx/defaults/main.yml
Executable file
1
roles/matrix-awx/defaults/main.yml
Executable file
|
@ -0,0 +1 @@
|
|||
matrix_awx_enabled: true
|
19
roles/matrix-awx/surveys/backup_server.json.j2
Normal file
19
roles/matrix-awx/surveys/backup_server.json.j2
Normal file
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
"name": "Backup Server",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Backup",
|
||||
"question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_awx_backup_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_awx_backup_enabled",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
88
roles/matrix-awx/surveys/configure_corporal.json.j2
Executable file
88
roles/matrix-awx/surveys/configure_corporal.json.j2
Executable file
|
@ -0,0 +1,88 @@
|
|||
{
|
||||
"name": "Configure Matrix Corporal",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Corporal",
|
||||
"question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Corporal Policy Provider",
|
||||
"question_description": "Controls what provider policy is used with Matrix Corporal.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_policy_provider_mode }}",
|
||||
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_policy_provider_mode",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Simple Static File Configuration",
|
||||
"question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_simple_static_config",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "HTTP Pull Mode URI",
|
||||
"question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 4096,
|
||||
"default": "{{ matrix_corporal_pull_mode_uri }}",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_pull_mode_uri",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "HTTP Pull Mode Authentication Token",
|
||||
"question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_corporal_pull_mode_token }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_pull_mode_token",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Corporal API Authentication Token",
|
||||
"question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_corporal_http_api_auth_token }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_http_api_auth_token",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Raise Synapse Ratelimits",
|
||||
"question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_raise_ratelimits }}",
|
||||
"choices": "Normal\nRaised",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_raise_ratelimits",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
78
roles/matrix-awx/surveys/configure_element.json.j2
Executable file
78
roles/matrix-awx/surveys/configure_element.json.j2
Executable file
|
@ -0,0 +1,78 @@
|
|||
{
|
||||
"name": "",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Element-Web",
|
||||
"question_description": "Set if Element web client is enabled or not.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Branding for Web Client",
|
||||
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_client_element_brand }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_brand",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Theme for Web Client",
|
||||
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_default_theme }}",
|
||||
"choices": "light\ndark",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_default_theme",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Welcome Page Background",
|
||||
"question_description": "URL to Wallpaper, shown in background of the welcome page. Must be a 'https' link, otherwise it won't be set.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 1024,
|
||||
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Show Registration Button",
|
||||
"question_description": "If you show the registration button on the welcome page.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_registration_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_registration_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Element Subdomain",
|
||||
"question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 2048,
|
||||
"default": "{{ element_subdomain }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "element_subdomain",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
31
roles/matrix-awx/surveys/configure_jitsi.json.j2
Executable file
31
roles/matrix-awx/surveys/configure_jitsi.json.j2
Executable file
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
"name": "",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Jitsi",
|
||||
"question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_jitsi_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_jitsi_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Default Language",
|
||||
"question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 2,
|
||||
"default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_jitsi_web_config_defaultLanguage",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
41
roles/matrix-awx/surveys/configure_ma1sd.json.j2
Normal file
41
roles/matrix-awx/surveys/configure_ma1sd.json.j2
Normal file
|
@ -0,0 +1,41 @@
|
|||
{
|
||||
"name": "",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable ma1sd",
|
||||
"question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_ma1sd_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_ma1sd_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "ma1sd Authentication Mode",
|
||||
"question_description": "Set the source of user account authentication credentials with the ma1sd.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_matrix_ma1sd_auth_store }}",
|
||||
"choices": "Synapse Internal\nLDAP/AD",
|
||||
"new_question": true,
|
||||
"variable": "ext_matrix_ma1sd_auth_store",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "LDAP/AD Configuration",
|
||||
"question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_matrix_ma1sd_configuration_extension_yaml | to_json }},
|
||||
"new_question": true,
|
||||
"variable": "ext_matrix_ma1sd_configuration_extension_yaml",
|
||||
"type": "textarea"
|
||||
}
|
||||
]
|
||||
}
|
198
roles/matrix-awx/surveys/configure_synapse.json.j2
Executable file
198
roles/matrix-awx/surveys/configure_synapse.json.j2
Executable file
|
@ -0,0 +1,198 @@
|
|||
{
|
||||
"name": "Configure Synapse",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Public Registration",
|
||||
"question_description": "Controls whether people with access to the homeserver can register by themselves.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_enable_registration|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_enable_registration",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Federation",
|
||||
"question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_federation_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_federation_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Allow Public Rooms Over Federation",
|
||||
"question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_allow_public_rooms_over_federation|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_allow_public_rooms_over_federation",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Community Creation",
|
||||
"question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_enable_group_creation|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_enable_group_creation",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Synapse Presence",
|
||||
"question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_use_presence|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_use_presence",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable URL Previews",
|
||||
"question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_url_preview_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_url_preview_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Guest Access",
|
||||
"question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_allow_guest_access|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_allow_guest_access",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Registration Requires Email",
|
||||
"question_description": "Controls whether an email address is required to register on the server.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_registrations_require_3pid|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "ext_registrations_require_3pid",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Registration Shared Secret",
|
||||
"question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_registration_shared_secret",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Synapse Max Upload Size",
|
||||
"question_description": "Sets the maximum size for uploaded files in MB.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 3,
|
||||
"default": "{{ matrix_synapse_max_upload_size_mb }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_max_upload_size_mb_raw",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "URL Preview Languages",
|
||||
"question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_url_preview_accept_language_default|to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_url_preview_accept_language_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Federation Whitelist",
|
||||
"question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_federation_whitelist_raw|to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_federation_whitelist_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Synapse Auto-Join Rooms",
|
||||
"question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ matrix_synapse_auto_join_rooms_raw|to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_auto_join_rooms_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable ReCaptcha on Registration",
|
||||
"question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_enable_registration_captcha|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "ext_enable_registration_captcha",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Recaptcha Public Key",
|
||||
"question_description": "Sets the Google ReCaptcha public key for this website.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 40,
|
||||
"default": "{{ ext_recaptcha_public_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_recaptcha_public_key",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Recaptcha Private Key",
|
||||
"question_description": "Sets the Google ReCaptcha private key for this website.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 40,
|
||||
"default": "{{ ext_recaptcha_private_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_recaptcha_private_key",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
18
roles/matrix-awx/surveys/configure_synapse_admin.json.j2
Normal file
18
roles/matrix-awx/surveys/configure_synapse_admin.json.j2
Normal file
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"name": "Configure Synapse Admin",
|
||||
"description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Synapse Admin",
|
||||
"question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_admin_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_admin_enabled",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
54
roles/matrix-awx/surveys/configure_website_access_export.json.j2
Executable file
54
roles/matrix-awx/surveys/configure_website_access_export.json.j2
Executable file
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"name": "Configure Website Access Backup",
|
||||
"description": "Configure base domain website settings and access the services backup.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Customise Base Domain Website",
|
||||
"question_description": "Set if you want to adjust the base domain website using SFTP.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ customise_base_domain_website | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "customise_base_domain_website",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Authorisation Method",
|
||||
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ sftp_auth_method | string }}",
|
||||
"choices": "Disabled\nPassword\nSSH Key",
|
||||
"new_question": true,
|
||||
"variable": "sftp_auth_method",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Password",
|
||||
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 64,
|
||||
"default": "{{ sftp_password }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_password",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Public SSH Key (More Secure)",
|
||||
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 16384,
|
||||
"default": "{{ sftp_public_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_public_key",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
68
roles/matrix-awx/tasks/backup_server.yml
Normal file
68
roles/matrix-awx/tasks/backup_server.yml
Normal file
|
@ -0,0 +1,68 @@
|
|||
|
||||
- name: Record Backup Server variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# AWX Settings'
|
||||
with_dict:
|
||||
'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Backup Server' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/backup_server.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
|
||||
|
||||
- name: Copy new 'Backup Server' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
|
||||
dest: '/matrix/awx/backup_server.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Backup Server' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 0 - Backup Server"
|
||||
description: "Performs a backup of the entire service to a remote location."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "backup-server"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
||||
- name: Perform the borg backup
|
||||
command: borgmatic
|
||||
when: matrix_awx_backup_enabled|bool
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: End playbook if this task list is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
31
roles/matrix-awx/tasks/create_user.yml
Executable file
31
roles/matrix-awx/tasks/create_user.yml
Executable file
|
@ -0,0 +1,31 @@
|
|||
#
|
||||
# Create user and define if they are admin
|
||||
#
|
||||
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
|
||||
#
|
||||
|
||||
- name: Set admin bool to zero
|
||||
set_fact:
|
||||
admin_bool: 0
|
||||
when: admin_access == 'false'
|
||||
|
||||
- name: Examine if server admin set
|
||||
set_fact:
|
||||
admin_bool: 1
|
||||
when: admin_access == 'true'
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: Create user account
|
||||
command: |
|
||||
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
|
||||
register: cmd
|
||||
|
||||
- name: Result
|
||||
debug: msg="{{ cmd.stdout }}"
|
||||
|
||||
- name: End playbook if this task list is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
229
roles/matrix-awx/tasks/customise_website_access_export.yml
Executable file
229
roles/matrix-awx/tasks/customise_website_access_export.yml
Executable file
|
@ -0,0 +1,229 @@
|
|||
|
||||
|
||||
- name: Enable index.html creation if user doesn't wish to customise base domain
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Base Domain Settings'
|
||||
with_dict:
|
||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
|
||||
when: customise_base_domain_website|bool == false
|
||||
|
||||
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Base Domain Settings'
|
||||
with_dict:
|
||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
|
||||
when: customise_base_domain_website|bool == true
|
||||
|
||||
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Custom Settings'
|
||||
with_dict:
|
||||
'customise_base_domain_website': '{{ customise_base_domain_website }}'
|
||||
'sftp_auth_method': '"{{ sftp_auth_method }}"'
|
||||
'sftp_password': '"{{ sftp_password }}"'
|
||||
'sftp_public_key': '"{{ sftp_public_key }}"'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Reload vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
||||
|
||||
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
||||
dest: '/matrix/awx/configure_website_access_export.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Customise Base Domain Export' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
|
||||
description: "Configure base domain website settings and access the servers export."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-nginx-proxy"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
||||
- name: Ensure group "sftp" exists
|
||||
group:
|
||||
name: sftp
|
||||
state: present
|
||||
|
||||
- name: If user doesn't define a sftp_password, create a disabled 'sftp' account
|
||||
user:
|
||||
name: sftp
|
||||
comment: SFTP user to set custom web files and access servers export
|
||||
shell: /bin/false
|
||||
home: /home/sftp
|
||||
group: sftp
|
||||
password: '*'
|
||||
update_password: always
|
||||
when: sftp_password|length == 0
|
||||
|
||||
- name: If user defines sftp_password, enable account and set password on 'stfp' account
|
||||
user:
|
||||
name: sftp
|
||||
comment: SFTP user to set custom web files and access servers export
|
||||
shell: /bin/false
|
||||
home: /home/sftp
|
||||
group: sftp
|
||||
password: "{{ sftp_password | password_hash('sha512') }}"
|
||||
update_password: always
|
||||
when: sftp_password|length > 0
|
||||
|
||||
- name: adding existing user 'sftp' to group matrix
|
||||
user:
|
||||
name: sftp
|
||||
groups: matrix
|
||||
append: yes
|
||||
|
||||
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
||||
file:
|
||||
path: /chroot
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '1755'
|
||||
|
||||
- name: Ensure /chroot/website location exists.
|
||||
file:
|
||||
path: /chroot/website
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '0574'
|
||||
|
||||
- name: Ensure /chroot/export location exists
|
||||
file:
|
||||
path: /chroot/export
|
||||
state: directory
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0700'
|
||||
|
||||
- name: Ensure /home/sftp/.ssh location exists
|
||||
file:
|
||||
path: /home/sftp/.ssh
|
||||
state: directory
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0700'
|
||||
|
||||
- name: Ensure /home/sftp/authorized_keys exists
|
||||
file:
|
||||
path: /home/sftp/.ssh/authorized_keys
|
||||
state: touch
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0644'
|
||||
|
||||
- name: Clear authorized_keys file
|
||||
shell: echo "" > /home/sftp/.ssh/authorized_keys
|
||||
|
||||
- name: Insert public SSH key into authorized_keys file
|
||||
lineinfile:
|
||||
path: /home/sftp/.ssh/authorized_keys
|
||||
line: "{{ sftp_public_key }}"
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0644'
|
||||
when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
|
||||
|
||||
- name: Alter SSH Subsystem State 1
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
line: "Subsystem sftp /usr/lib/openssh/sftp-server"
|
||||
state: absent
|
||||
|
||||
- name: Alter SSH Subsystem State 2
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
insertafter: "^# override default of no subsystems"
|
||||
line: "Subsystem sftp internal-sftp"
|
||||
|
||||
- name: Add SSH Match User section for disabled auth
|
||||
blockinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: absent
|
||||
block: |
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
PasswordAuthentication yes
|
||||
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
|
||||
when: sftp_auth_method == "Disabled"
|
||||
|
||||
- name: Add SSH Match User section for password auth
|
||||
blockinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
block: |
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
PasswordAuthentication yes
|
||||
when: sftp_auth_method == "Password"
|
||||
|
||||
- name: Add SSH Match User section for publickey auth
|
||||
blockinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
block: |
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
|
||||
when: sftp_auth_method == "SSH Key"
|
||||
|
||||
- name: Restart service ssh.service
|
||||
service:
|
||||
name: ssh.service
|
||||
state: restarted
|
23
roles/matrix-awx/tasks/import_awx.yml
Normal file
23
roles/matrix-awx/tasks/import_awx.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
|
||||
- name: Ensure /matrix/awx is empty
|
||||
shell: rm -r /matrix/awx/*
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Ensure /matrix/synapse is empty
|
||||
shell: rm -r /matrix/synapse/*
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Extract from /chroot/export
|
||||
shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
|
||||
|
||||
- name: Ensure correct ownership of /matrix/awx
|
||||
shell: chown -R matrix:matrix /matrix/awx
|
||||
|
||||
- name: Ensure correct ownership of /matrix/synapse
|
||||
shell: chown -R matrix:matrix /matrix/synapse
|
||||
|
||||
- name: Fetch matrix_vars.yml file to AWX
|
||||
fetch:
|
||||
src: /matrix/awx/matrix_vars.yml
|
||||
dest: /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/
|
||||
flat: yes
|
10
roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
Normal file
10
roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
|
||||
- name: Include vars in organisation.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Include vars in hosting_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
||||
no_log: True
|
5
roles/matrix-awx/tasks/load_matrix_variables.yml
Executable file
5
roles/matrix-awx/tasks/load_matrix_variables.yml
Executable file
|
@ -0,0 +1,5 @@
|
|||
|
||||
- name: Include vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
no_log: True
|
117
roles/matrix-awx/tasks/main.yml
Executable file
117
roles/matrix-awx/tasks/main.yml
Executable file
|
@ -0,0 +1,117 @@
|
|||
|
||||
# Load initial hosting and organisation variables from AWX volume
|
||||
- include_tasks:
|
||||
file: "load_hosting_and_org_variables.yml"
|
||||
apply:
|
||||
tags: always
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
# Perform a backup of the server
|
||||
- include_tasks:
|
||||
file: "backup_server.yml"
|
||||
apply:
|
||||
tags: backup-server
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- backup-server
|
||||
|
||||
# Create a user account if called
|
||||
- include_tasks:
|
||||
file: "create_user.yml"
|
||||
apply:
|
||||
tags: create-user
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- create-user
|
||||
|
||||
# Perform extra self-check functions
|
||||
- include_tasks:
|
||||
file: "self_check.yml"
|
||||
apply:
|
||||
tags: self-check
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
# Import configs, media repo from /chroot/backup import
|
||||
- include_tasks:
|
||||
file: "import_awx.yml"
|
||||
apply:
|
||||
tags: import-awx
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- import-awx
|
||||
|
||||
# Configure SFTP so user can upload a static website or access the servers export
|
||||
- include_tasks:
|
||||
file: "customise_website_access_export.yml"
|
||||
apply:
|
||||
tags: setup-nginx-proxy
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-nginx-proxy
|
||||
|
||||
# Additional playbook to set the variable file during Element configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_element.yml"
|
||||
apply:
|
||||
tags: setup-client-element
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-client-element
|
||||
|
||||
# Additional playbook to set the variable file during Synapse configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_synapse.yml"
|
||||
apply:
|
||||
tags: setup-synapse
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-synapse
|
||||
|
||||
# Additional playbook to set the variable file during Jitsi configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_jitsi.yml"
|
||||
apply:
|
||||
tags: setup-jitsi
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-jitsi
|
||||
|
||||
# Additional playbook to set the variable file during Ma1sd configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_ma1sd.yml"
|
||||
apply:
|
||||
tags: setup-ma1sd
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-ma1sd
|
||||
|
||||
# Additional playbook to set the variable file during Corporal configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_corporal.yml"
|
||||
apply:
|
||||
tags: setup-corporal
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-corporal
|
||||
|
||||
# Additional playbook to set the variable file during Synapse Admin configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_synapse_admin.yml"
|
||||
apply:
|
||||
tags: setup-synapse-admin
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-synapse-admin
|
||||
|
||||
# Load newly formed matrix variables from tower volume
|
||||
- include_tasks:
|
||||
file: "load_matrix_variables.yml"
|
||||
apply:
|
||||
tags: always
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
93
roles/matrix-awx/tasks/self_check.yml
Normal file
93
roles/matrix-awx/tasks/self_check.yml
Normal file
|
@ -0,0 +1,93 @@
|
|||
|
||||
- name: Install prerequisite apt packages on target
|
||||
apt:
|
||||
name:
|
||||
- sysstat
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite yum packages on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
yum:
|
||||
name:
|
||||
- bind-utils
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite pip packages on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
pip:
|
||||
name:
|
||||
- dnspython
|
||||
state: present
|
||||
|
||||
- name: Calculate CPU usage statistics
|
||||
shell: iostat -c
|
||||
register: cpu_usage_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print CPU usage statistics
|
||||
debug:
|
||||
msg: "{{ cpu_usage_stat.stdout.split('\n') }}"
|
||||
when: cpu_usage_stat is defined
|
||||
|
||||
- name: Calculate RAM usage statistics
|
||||
shell: free -mh
|
||||
register: ram_usage_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print RAM usage statistics
|
||||
debug:
|
||||
msg: "{{ ram_usage_stat.stdout.split('\n') }}"
|
||||
when: ram_usage_stat is defined
|
||||
|
||||
- name: Calculate free disk space
|
||||
shell: df -h
|
||||
register: disk_space_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print free disk space
|
||||
debug:
|
||||
msg: "{{ disk_space_stat.stdout.split('\n') }}"
|
||||
when: disk_space_stat is defined
|
||||
|
||||
- name: Calculate size of Synapse database
|
||||
shell: du -sh /matrix/postgres/data
|
||||
register: db_size_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print size of Synapse database
|
||||
debug:
|
||||
msg: "{{ db_size_stat.stdout.split('\n') }}"
|
||||
when: db_size_stat is defined
|
||||
|
||||
- name: Calculate size of local media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||
register: local_media_size_stat
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of local media repository
|
||||
debug:
|
||||
msg: "{{ local_media_size_stat.stdout.split('\n') }}"
|
||||
when: local_media_size_stat is defined
|
||||
|
||||
- name: Calculate size of remote media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||
register: remote_media_size_stat
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of remote media repository
|
||||
debug:
|
||||
msg: "{{ remote_media_size_stat.stdout.split('\n') }}"
|
||||
when: remote_media_size_stat is defined
|
||||
|
||||
- name: Calculate docker container statistics
|
||||
shell: docker stats --all --no-stream
|
||||
register: docker_stats
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print docker container statistics
|
||||
debug:
|
||||
msg: "{{ docker_stats.stdout.split('\n') }}"
|
||||
when: docker_stats is defined
|
253
roles/matrix-awx/tasks/set_variables_corporal.yml
Executable file
253
roles/matrix-awx/tasks/set_variables_corporal.yml
Executable file
|
@ -0,0 +1,253 @@
|
|||
|
||||
- name: Record Corporal Enabled/Disabled variable
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
|
||||
|
||||
- name: Enable Shared Secret Auth if Corporal enabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Shared Secret Auth Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Shared Secret Auth if Corporal disabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Shared Secret Auth Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
|
||||
when: not matrix_corporal_enabled|bool
|
||||
|
||||
- name: Enable Rest Auth Endpoint if Corporal enabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Rest Auth Endpoint if Corporal disabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
||||
when: not matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Corporal API if Simple Static File mode selected
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_enabled': 'false'
|
||||
when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
|
||||
|
||||
- name: Enable Corporal API if Push/Pull mode delected
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_enabled': 'true'
|
||||
when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
|
||||
|
||||
- name: Record Corporal API Access Token if it's defined
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
|
||||
when: matrix_corporal_http_api_auth_token|length > 0
|
||||
|
||||
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: "# Corporal Policy Provider Settings"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "static_file",
|
||||
"Path": "/etc/matrix-corporal/corporal-policy.json"
|
||||
}
|
||||
when: matrix_corporal_policy_provider_mode == "Simple Static File"
|
||||
|
||||
- name: Touch the /matrix/corporal/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the /matrix/corporal/config/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/config/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the /matrix/corporal/cache/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/cache/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the corporal-policy.json file to ensure it exists
|
||||
file:
|
||||
path: "/matrix/corporal/config/corporal-policy.json"
|
||||
state: touch
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
|
||||
- name: Touch the last-policy.json file to ensure it exists
|
||||
file:
|
||||
path: "/matrix/corporal/config/last-policy.json"
|
||||
state: touch
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
|
||||
- name: Record 'Simple Static File' configuration content in corporal-policy.json
|
||||
copy:
|
||||
content: "{{ matrix_corporal_simple_static_config | string }}"
|
||||
dest: "/matrix/corporal/config/corporal-policy.json"
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0)
|
||||
|
||||
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: "# Corporal Policy Provider Settings"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "http",
|
||||
"Uri": "{{ matrix_corporal_pull_mode_uri }}",
|
||||
"AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
|
||||
"ReloadIntervalSeconds": 1800,
|
||||
"TimeoutMilliseconds": 30000
|
||||
}
|
||||
when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0)
|
||||
|
||||
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: "# Corporal Policy Provider Settings"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "last_seen_store_policy",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
|
||||
}
|
||||
when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
|
||||
|
||||
- name: Lower RateLimit if set to 'Normal'
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
||||
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
||||
when: matrix_corporal_raise_ratelimits == "Normal"
|
||||
|
||||
- name: Raise RateLimit if set to 'Raised'
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
||||
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
||||
when: matrix_corporal_raise_ratelimits == "Raised"
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0664'
|
||||
|
||||
- name: Save new 'Configure Corporal' survey.json to the AWX tower
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
||||
|
||||
- name: Copy new 'Configure Corporal' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
||||
dest: '/matrix/awx/configure_corporal.json'
|
||||
mode: '0660'
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Corporal (Advanced)' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
|
||||
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-corporal"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
76
roles/matrix-awx/tasks/set_variables_element.yml
Executable file
76
roles/matrix-awx/tasks/set_variables_element.yml
Executable file
|
@ -0,0 +1,76 @@
|
|||
|
||||
- name: Record Element-Web variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Element Settings'
|
||||
with_dict:
|
||||
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
|
||||
'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
|
||||
'matrix_client_element_brand': '{{ matrix_client_element_brand }}'
|
||||
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
|
||||
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
|
||||
'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}"
|
||||
|
||||
- name: Set fact for 'https' string
|
||||
set_fact:
|
||||
https_string: "https"
|
||||
|
||||
- name: Record Element-Web Background variable locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Element Settings'
|
||||
with_dict:
|
||||
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
|
||||
when: (https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Element' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
||||
|
||||
- name: Copy new 'Configure Element' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
||||
dest: '/matrix/awx/configure_element.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Element' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Element"
|
||||
description: "Configure Element client via survey."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-client-element"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
57
roles/matrix-awx/tasks/set_variables_jitsi.yml
Executable file
57
roles/matrix-awx/tasks/set_variables_jitsi.yml
Executable file
|
@ -0,0 +1,57 @@
|
|||
|
||||
- name: Record Jitsi variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Jitsi Settings'
|
||||
with_dict:
|
||||
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
|
||||
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
||||
|
||||
- name: Copy new 'Configure Jitsi' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
||||
dest: '/matrix/awx/configure_jitsi.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Jitsi' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
|
||||
description: "Configure Jitsi conferencing settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-jitsi"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
129
roles/matrix-awx/tasks/set_variables_ma1sd.yml
Executable file
129
roles/matrix-awx/tasks/set_variables_ma1sd.yml
Executable file
|
@ -0,0 +1,129 @@
|
|||
|
||||
- name: Record ma1sd variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# ma1sd Settings'
|
||||
with_dict:
|
||||
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
|
||||
|
||||
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
||||
when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
|
||||
|
||||
- name: Enable REST auth if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
||||
'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090'
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Strip header from ma1sd configuration extension if using internal auth
|
||||
set_fact:
|
||||
ext_matrix_ma1sd_configuration_extension_yaml_parsed: "{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | reject('search', '^matrix_client_element_configuration_extension_json:') | list }}"
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Remove entire ma1sd configuration extension
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^.*\n'
|
||||
after: '# Start ma1sd Extension'
|
||||
before: '# End ma1sd Extension'
|
||||
|
||||
- name: Replace conjoined ma1sd configuration extension limiters
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^# Start ma1sd Extension# End ma1sd Extension'
|
||||
replace: '# Start ma1sd Extension\n# End ma1sd Extension'
|
||||
|
||||
- name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
line: "matrix_ma1sd_configuration_extension_yaml: |"
|
||||
insertafter: '# Start ma1sd Extension'
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertbefore: '# End ma1sd Extension'
|
||||
line: '{{ item }}'
|
||||
with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}"
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Record ma1sd Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# Custom Settings'
|
||||
with_dict:
|
||||
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
|
||||
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
||||
|
||||
- name: Copy new 'Configure ma1sd' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
||||
dest: '/matrix/awx/configure_ma1sd.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure ma1sd (Advanced)' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
|
||||
description: "Configure Jitsi conferencing settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-ma1sd"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
||||
# ^ This playbook isn't executing so the survey isn't being updated! :P
|
232
roles/matrix-awx/tasks/set_variables_synapse.yml
Executable file
232
roles/matrix-awx/tasks/set_variables_synapse.yml
Executable file
|
@ -0,0 +1,232 @@
|
|||
|
||||
- name: Limit max upload size to 100MB part 1
|
||||
set_fact:
|
||||
matrix_synapse_max_upload_size_mb: "100"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int >= 100
|
||||
|
||||
- name: Limit max upload size to 100MB part 2
|
||||
set_fact:
|
||||
matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int < 100
|
||||
|
||||
- name: Record Synapse variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
|
||||
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
|
||||
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
|
||||
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
|
||||
'matrix_synapse_use_presence': '{{ matrix_synapse_use_presence }}'
|
||||
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
|
||||
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
|
||||
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
|
||||
|
||||
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^matrix_synapse_auto_join_rooms: .*$"
|
||||
replace: "matrix_synapse_auto_join_rooms: []"
|
||||
when: matrix_synapse_auto_join_rooms_raw|length == 0
|
||||
|
||||
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
|
||||
set_fact:
|
||||
matrix_synapse_auto_join_rooms_array: |-
|
||||
{{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }}
|
||||
when: matrix_synapse_auto_join_rooms_raw|length > 0
|
||||
|
||||
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings'
|
||||
with_dict:
|
||||
"matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
|
||||
when: matrix_synapse_auto_join_rooms_raw|length > 0
|
||||
|
||||
- name: Record Synapse Shared Secret if it's defined
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}'
|
||||
when: matrix_synapse_registration_shared_secret|length > 0
|
||||
|
||||
- name: Record registations_require_3pid extra variable if true
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "{{ item }}:"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# End Synapse Extension'
|
||||
with_items:
|
||||
- " registrations_require_3pid:"
|
||||
- " - email"
|
||||
when: ext_registrations_require_3pid|bool
|
||||
|
||||
- name: Remove registrations_require_3pid extra variable if false
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "{{ item }}:"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# End Synapse Extension'
|
||||
state: absent
|
||||
with_items:
|
||||
- " registrations_require_3pid:"
|
||||
- " - email"
|
||||
when: not ext_registrations_require_3pid|bool
|
||||
|
||||
- name: Remove URL Languages
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
|
||||
after: ' url_preview_accept_language:'
|
||||
before: '# End Synapse Extension'
|
||||
|
||||
- name: Set URL languages default if raw inputs empty
|
||||
set_fact:
|
||||
ext_url_preview_accept_language_default: 'en'
|
||||
when: ext_url_preview_accept_language_raw|length == 0
|
||||
|
||||
- name: Set URL languages default if raw inputs not empty
|
||||
set_fact:
|
||||
ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}"
|
||||
when: ext_url_preview_accept_language_raw|length > 0
|
||||
|
||||
- name: Set URL languages if raw inputs empty
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^ url_preview_accept_language:'
|
||||
line: " - {{ ext_url_preview_accept_language_default }}"
|
||||
when: ext_url_preview_accept_language_raw|length == 0
|
||||
|
||||
- name: Set URL languages if raw inputs not empty
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^ url_preview_accept_language:'
|
||||
line: " - {{ item }}"
|
||||
with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
|
||||
when: ext_url_preview_accept_language_raw|length > 0
|
||||
|
||||
- name: Remove Federation Whitelisting 1
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
|
||||
after: ' federation_domain_whitelist:'
|
||||
before: '# End Synapse Extension'
|
||||
|
||||
- name: Remove Federation Whitelisting 2
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
line: " federation_domain_whitelist:"
|
||||
state: absent
|
||||
|
||||
- name: Set Federation Whitelisting 1
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
|
||||
line: " federation_domain_whitelist:"
|
||||
when: ext_federation_whitelist_raw|length > 0
|
||||
|
||||
- name: Set Federation Whitelisting 2
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^ federation_domain_whitelist:'
|
||||
line: " - {{ item }}"
|
||||
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
|
||||
when: ext_federation_whitelist_raw|length > 0
|
||||
|
||||
- name: Record Synapse Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# Custom Settings'
|
||||
with_dict:
|
||||
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
|
||||
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
|
||||
|
||||
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
|
||||
set_fact: ext_recaptcha_public_key="public-key"
|
||||
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
|
||||
|
||||
- name: Set ext_recaptcha_private_key to a 'private-key' if undefined
|
||||
set_fact: ext_recaptcha_private_key="private-key"
|
||||
when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0)
|
||||
|
||||
- name: Record Synapse Extension variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# End Synapse Extension'
|
||||
with_dict:
|
||||
' enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
|
||||
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
|
||||
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
|
||||
|
||||
- name: Copy new 'Configure Synapse' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
|
||||
dest: '/matrix/awx/configure_synapse.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Synapse' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Synapse"
|
||||
description: "Configure Synapse (homeserver) settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-synapse"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
56
roles/matrix-awx/tasks/set_variables_synapse_admin.yml
Normal file
56
roles/matrix-awx/tasks/set_variables_synapse_admin.yml
Normal file
|
@ -0,0 +1,56 @@
|
|||
|
||||
- name: Record Synapse Admin variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Admin Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
||||
|
||||
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
||||
dest: '/matrix/awx/configure_synapse_admin.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Synapse Admin' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
|
||||
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-all"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
|
@ -18,12 +18,18 @@ matrix_server_fqn_element: "element.{{ matrix_domain }}"
|
|||
# This is where you access the Dimension.
|
||||
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
|
||||
|
||||
# For use with Go-NEB! (github callback url for example)
|
||||
matrix_server_fqn_bot_go_neb: "goneb.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access Jitsi.
|
||||
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access Grafana.
|
||||
matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access the Sygnal push gateway.
|
||||
matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
|
||||
|
||||
matrix_federation_public_port: 8448
|
||||
|
||||
# The architecture that your server runs.
|
||||
|
|
|
@ -32,10 +32,3 @@
|
|||
- setup-ma1sd
|
||||
- setup-synapse
|
||||
- setup-nginx-proxy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: run_self_check|bool
|
||||
tags:
|
||||
- self-check
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
dns_srv_record_checks: []
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
dns_srv_record_check_ma1sd:
|
||||
service_and_protocol: "_matrix-identity._tcp"
|
||||
domain: "{{ (matrix_domain + '.') }}"
|
||||
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||
expected_port: 443
|
||||
|
||||
- name: Determine domains that we require certificates for (ma1sd)
|
||||
set_fact:
|
||||
dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_ma1sd] }}"
|
||||
when: matrix_ma1sd_enabled|bool
|
||||
|
||||
- name: Perform DNS SRV checks
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
|
||||
with_items: "{{ dns_srv_record_checks }}"
|
||||
loop_control:
|
||||
loop_var: dns_srv_record_check
|
|
@ -1,68 +0,0 @@
|
|||
---
|
||||
|
||||
# This requires the dnspython library which is usually unavailable.
|
||||
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using Ansible dig lookup
|
||||
set_fact:
|
||||
lookup_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
|
||||
register: result_lookup_dig_srv
|
||||
ignore_errors: true
|
||||
|
||||
- name: Fail if DNS SRV check via Ansible dig lookup failed for non-dependency reason
|
||||
fail:
|
||||
msg: "DNS SRV record check via Ansible dig lookup plugin (which uses the dnspython package) failed. Error is: {{ result_lookup_dig_srv.msg }}"
|
||||
when: "result_lookup_dig_srv.failed and 'dnspython' not in result_lookup_dig_srv.msg"
|
||||
|
||||
# Fallback to using the dig CLI tool if dnspython was unavailable.
|
||||
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using dig CLI tool
|
||||
shell:
|
||||
cmd: "dig -t srv {{ (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain)|quote }}"
|
||||
register: result_cli_dig_srv
|
||||
changed_when: false
|
||||
ignore_errors: true
|
||||
when: "lookup_dig_srv is not defined"
|
||||
|
||||
- name: Fail if dig CLI used and failed
|
||||
fail:
|
||||
msg: >-
|
||||
Failed performing DNS SRV record check.
|
||||
You neither have the `dnspython` Python package, nor the `dig` program installed locally.
|
||||
You need to install one of those, so we could perform a DNS SRV record check.
|
||||
Full error from trying to run `dig`: {{ result_cli_dig_srv }}
|
||||
when: "lookup_dig_srv is not defined and result_cli_dig_srv.stderr != ''"
|
||||
|
||||
# Some DNS servers may respond with '' (stands for "No Answer").
|
||||
# Most usually, a missing record would yield a 'NXDOMAIN' response.
|
||||
# In any case, we consider any non-mapping response to mean "missing record".
|
||||
- name: Fail if DNS SRV record missing (Ansible dig lookup)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
when: "lookup_dig_srv is defined and lookup_dig_srv is not mapping"
|
||||
|
||||
- name: Fail if DNS SRV record incorrect (Ansible dig lookup)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
|
||||
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
|
||||
Found it pointing to `{{ lookup_dig_srv.target }}` (port {{ lookup_dig_srv.port }}).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
when: "lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.port != dns_srv_record_check.expected_port)"
|
||||
|
||||
# We expect an answer like this:
|
||||
# ;; ANSWER SECTION:
|
||||
# _matrix._tcp.DOMAIN. 10800 IN SRV 10 0 8448 matrix.DOMAIN.
|
||||
- name: Fail if DNS SRV record missing or incorrect (dig CLI tool)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
|
||||
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
Full response from the `dig` lookup was: {{ result_cli_dig_srv }}
|
||||
when: "lookup_dig_srv is not defined and (dns_srv_record_check.expected_port|string + ' ' + dns_srv_record_check.expected_target) not in result_cli_dig_srv.stdout"
|
||||
|
||||
- name: Report correct DNS SRV record
|
||||
debug:
|
||||
msg: >-
|
||||
The DNS SRV record for `{{ dns_srv_record_check.service_and_protocol }}` on `{{ dns_srv_record_check.domain }}`
|
||||
points to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}), as expected.
|
231
roles/matrix-bot-go-neb/defaults/main.yml
Normal file
231
roles/matrix-bot-go-neb/defaults/main.yml
Normal file
|
@ -0,0 +1,231 @@
|
|||
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
|
||||
# See: https://github.com/matrix-org/go-neb
|
||||
|
||||
matrix_bot_go_neb_enabled: true
|
||||
matrix_bot_go_neb_version: latest
|
||||
matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}"
|
||||
matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb"
|
||||
matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config"
|
||||
matrix_bot_go_neb_config_path_in_container: "/config/config.yaml"
|
||||
matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data"
|
||||
matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"
|
||||
|
||||
# Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4050"), or empty string to not expose.
|
||||
matrix_bot_go_neb_container_http_host_bind_port: ''
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_bot_go_neb_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-bot-go-neb.service depends on
|
||||
matrix_bot_go_neb_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-bot-go-neb.service wants
|
||||
matrix_bot_go_neb_systemd_wanted_services_list: []
|
||||
|
||||
# Database-related configuration fields.
|
||||
#
|
||||
# MUST be "sqlite3". No other type is supported.
|
||||
matrix_bot_go_neb_database_engine: 'sqlite3'
|
||||
|
||||
matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db"
|
||||
matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db"
|
||||
|
||||
matrix_bot_go_neb_storage_database: "{{
|
||||
{
|
||||
'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
|
||||
}[matrix_bot_go_neb_database_engine]
|
||||
}}"
|
||||
|
||||
# The bot's username(s). These users need to be created manually beforehand.
|
||||
# The access tokens that the bot uses to authenticate.
|
||||
# Generate one as described in
|
||||
# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token
|
||||
# via curl. With the element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start)
|
||||
matrix_bot_go_neb_clients: []
|
||||
# - UserID: "@goneb:{{ matrix_domain }}"
|
||||
# AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
# DeviceID: "DEVICE1"
|
||||
# HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
# Sync: true
|
||||
# AutoJoinRooms: true
|
||||
# DisplayName: "Go-NEB!"
|
||||
# AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
|
||||
#
|
||||
# - UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
# AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
# DeviceID: "DEVICE2"
|
||||
# HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
# Sync: false
|
||||
# AutoJoinRooms: false
|
||||
# DisplayName: "Go-NEB!"
|
||||
# AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]
|
||||
|
||||
# The list of realms which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureAuthRealm for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
|
||||
matrix_bot_go_neb_realms: []
|
||||
# - ID: "github_realm"
|
||||
# Type: "github"
|
||||
# Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs
|
||||
|
||||
# The list of *authenticated* sessions which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# The full list of options are shown below: there is no single HTTP endpoint
|
||||
# which maps to this section.
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
|
||||
matrix_bot_go_neb_sessions: []
|
||||
# - SessionID: "your_github_session"
|
||||
# RealmID: "github_realm"
|
||||
# UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
|
||||
# Config:
|
||||
# # Populate these fields by generating a "Personal Access Token" on github.com
|
||||
# AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
|
||||
# Scopes: "admin:org_hook,admin:repo_hook,repo,user"
|
||||
|
||||
# The list of services which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureService for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
|
||||
matrix_bot_go_neb_services: []
|
||||
# - ID: "echo_service"
|
||||
# Type: "echo"
|
||||
# UserID: "@goneb:{{ matrix_domain }}"
|
||||
# Config: {}
|
||||
|
||||
## Can be obtained from https://developers.giphy.com/dashboard/
|
||||
# - ID: "giphy_service"
|
||||
# Type: "giphy"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# api_key: "qwg4672vsuyfsfe"
|
||||
# use_downsized: false
|
||||
#
|
||||
## This service has been dead for over a year :/
|
||||
# - ID: "guggy_service"
|
||||
# Type: "guggy"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# api_key: "2356saaqfhgfe"
|
||||
#
|
||||
## API Key via https://developers.google.com/custom-search/v1/introduction
|
||||
## CX via http://www.google.com/cse/manage/all
|
||||
## https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
|
||||
## 'Search the entire web' and 'Image search' enabled for best results
|
||||
# - ID: "google_service"
|
||||
# Type: "google"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# api_key: "AIzaSyA4FD39m9"
|
||||
# cx: "AIASDFWSRRtrtr"
|
||||
#
|
||||
## Get a key via https://api.imgur.com/oauth2/addclient
|
||||
## Select "oauth2 without callback url"
|
||||
# - ID: "imgur_service"
|
||||
# Type: "imgur"
|
||||
# UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# client_id: "AIzaSyA4FD39m9"
|
||||
# client_secret: "somesecret"
|
||||
#
|
||||
# - ID: "wikipedia_service"
|
||||
# Type: "wikipedia"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
#
|
||||
# - ID: "rss_service"
|
||||
# Type: "rssbot"
|
||||
# UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# feeds:
|
||||
# "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
|
||||
# rooms: ["!qmElAGdFYCHoCJuaNt:localhost"]
|
||||
# must_include:
|
||||
# author:
|
||||
# - author1
|
||||
# description:
|
||||
# - lorem
|
||||
# - ipsum
|
||||
# must_not_include:
|
||||
# title:
|
||||
# - Lorem
|
||||
# - Ipsum
|
||||
#
|
||||
# - ID: "github_cmd_service"
|
||||
# Type: "github"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# RealmID: "github_realm"
|
||||
#
|
||||
# # Make sure your BASE_URL can be accessed by Github!
|
||||
# - ID: "github_webhook_service"
|
||||
# Type: "github-webhook"
|
||||
# UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# RealmID: "github_realm"
|
||||
# ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
|
||||
# Rooms:
|
||||
# "!someroom:id":
|
||||
# Repos:
|
||||
# "matrix-org/synapse":
|
||||
# Events: ["push", "issues"]
|
||||
# "matrix-org/dendron":
|
||||
# Events: ["pull_request"]
|
||||
# "!anotherroom:id":
|
||||
# Repos:
|
||||
# "matrix-org/synapse":
|
||||
# Events: ["push", "issues"]
|
||||
# "matrix-org/dendron":
|
||||
# Events: ["pull_request"]
|
||||
#
|
||||
# - ID: "slackapi_service"
|
||||
# Type: "slackapi"
|
||||
# UserID: "@slackapi:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# Hooks:
|
||||
# "hook1":
|
||||
# RoomID: "!someroom:id"
|
||||
# MessageType: "m.text" # default is m.text
|
||||
#
|
||||
# - ID: "alertmanager_service"
|
||||
# Type: "alertmanager"
|
||||
# UserID: "@alertmanager:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# # This is for information purposes only. It should point to Go-NEB path as follows:
|
||||
# # `/services/hooks/<base64 encoded service ID>`
|
||||
# # Where in this case "service ID" is "alertmanager_service"
|
||||
# # Make sure your BASE_URL can be accessed by the Alertmanager instance!
|
||||
# webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
|
||||
# # Each room will get the notification with the alert rendered with the given template
|
||||
# rooms:
|
||||
# "!someroomid:domain.tld":
|
||||
# text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
|
||||
# html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
|
||||
# msg_type: "m.text" # Must be either `m.text` or `m.notice`
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_bot_go_neb_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_bot_go_neb_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_bot_go_neb_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_bot_go_neb_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_bot_go_neb_configuration_yaml`.
|
||||
|
||||
matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
|
||||
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"
|
||||
|
3
roles/matrix-bot-go-neb/tasks/init.yml
Normal file
3
roles/matrix-bot-go-neb/tasks/init.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
|
||||
when: matrix_bot_go_neb_enabled|bool
|
21
roles/matrix-bot-go-neb/tasks/main.yml
Normal file
21
roles/matrix-bot-go-neb/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-go-neb
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-go-neb
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-go-neb
|
50
roles/matrix-bot-go-neb/tasks/setup_install.yml
Normal file
50
roles/matrix-bot-go-neb/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_bot_go_neb_requires_restart: false
|
||||
|
||||
- name: Ensure go-neb paths exist
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_bot_go_neb_config_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_go_neb_data_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true }
|
||||
when: "item.when|bool"
|
||||
|
||||
- name: Ensure go-neb image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_go_neb_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}"
|
||||
|
||||
- name: Ensure go-neb config installed
|
||||
copy:
|
||||
content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-bot-go-neb.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
|
||||
mode: 0644
|
||||
register: matrix_bot_go_neb_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_bot_go_neb_systemd_service_result.changed|bool"
|
||||
|
||||
- name: Ensure matrix-bot-go-neb.service restarted, if necessary
|
||||
service:
|
||||
name: "matrix-bot-go-neb.service"
|
||||
state: restarted
|
||||
when: "matrix_bot_go_neb_requires_restart|bool"
|
35
roles/matrix-bot-go-neb/tasks/setup_uninstall.yml
Normal file
35
roles/matrix-bot-go-neb/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-go-neb service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
|
||||
register: matrix_bot_go_neb_service_stat
|
||||
|
||||
- name: Ensure matrix-go-neb is stopped
|
||||
service:
|
||||
name: matrix-bot-go-neb
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-bot-go-neb.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
|
||||
state: absent
|
||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure Matrix go-neb paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_bot_go_neb_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure go-neb Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_go_neb_docker_image }}"
|
||||
state: absent
|
13
roles/matrix-bot-go-neb/tasks/validate_config.yml
Normal file
13
roles/matrix-bot-go-neb/tasks/validate_config.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: Fail if there's not at least 1 client
|
||||
fail:
|
||||
msg: >-
|
||||
You need at least 1 client in the matrix_bot_go_neb_clients block.
|
||||
when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined
|
||||
|
||||
- name: Fail if there's not at least 1 service
|
||||
fail:
|
||||
msg: >-
|
||||
You need at least 1 service in the matrix_bot_go_neb_services block.
|
||||
when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined
|
44
roles/matrix-bot-go-neb/templates/config.yaml.j2
Normal file
44
roles/matrix-bot-go-neb/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Go-NEB Configuration File
|
||||
#
|
||||
# This file provides an alternative way to configure Go-NEB which does not involve HTTP APIs.
|
||||
#
|
||||
# This file can be supplied to go-neb by the environment variable `CONFIG_FILE=config.yaml`.
|
||||
# It will force Go-NEB to operate in "config" mode. This means:
|
||||
# - Go-NEB will ONLY use the data contained inside this file.
|
||||
# - All of Go-NEB's /admin HTTP listeners will be disabled. You will be unable to add new services at runtime.
|
||||
# - The environment variable `DATABASE_URL` will be ignored and an in-memory database will be used instead.
|
||||
#
|
||||
# This file is broken down into 4 sections which matches the following HTTP APIs:
|
||||
# - /configureClient
|
||||
# - /configureAuthRealm
|
||||
# - /configureService
|
||||
# - /requestAuthSession (redirects not supported)
|
||||
|
||||
# The list of clients which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureClient for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig
|
||||
clients:
|
||||
{{ matrix_bot_go_neb_clients|to_json }}
|
||||
|
||||
# The list of realms which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureAuthRealm for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
|
||||
realms:
|
||||
{{ matrix_bot_go_neb_realms|to_json }}
|
||||
|
||||
# The list of *authenticated* sessions which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# The full list of options are shown below: there is no single HTTP endpoint
|
||||
# which maps to this section.
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
|
||||
sessions:
|
||||
{{ matrix_bot_go_neb_sessions|to_json }}
|
||||
|
||||
# The list of services which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureService for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
|
||||
services:
|
||||
{{ matrix_bot_go_neb_services|to_json }}
|
|
@ -0,0 +1,49 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Go-NEB bot
|
||||
{% for service in matrix_bot_go_neb_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_bot_go_neb_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_bot_go_neb_container_http_host_bind_port %}
|
||||
-p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \
|
||||
{% endif %}
|
||||
-e 'BIND_ADDRESS=:4050' \
|
||||
-e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \
|
||||
-e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \
|
||||
-e 'CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}' \
|
||||
-e 'DATABASE_URL={{ matrix_bot_go_neb_storage_database }}' \
|
||||
--mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \
|
||||
--mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \
|
||||
--entrypoint=/bin/sh \
|
||||
{% for arg in matrix_bot_go_neb_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_bot_go_neb_docker_image }} \
|
||||
-c "go-neb /config/config.yaml"
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-bot-go-neb
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
|
|||
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
|
||||
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
|
||||
|
||||
matrix_appservice_irc_version: release-0.23.0
|
||||
matrix_appservice_irc_version: release-0.25.0
|
||||
matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
|
||||
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ matrix_appservice_slack_slack_port: 9003
|
|||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
|
||||
matrix_appservice_slack_container_http_host_bind_port: ''
|
||||
|
||||
matrix_appservice_slack_homeserver_media_url: "matrix.{{ matrix_domain }}"
|
||||
matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_appservice_slack_homeserver_url: "http://matrix-synapse:8008"
|
||||
matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}"
|
||||
matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack'
|
||||
|
|
|
@ -28,7 +28,7 @@ matrix_appservice_webhooks_matrix_port: 6789
|
|||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
|
||||
matrix_appservice_webhooks_container_http_host_bind_port: ''
|
||||
|
||||
matrix_appservice_webhooks_homeserver_media_url: "matrix.{{ matrix_domain }}"
|
||||
matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008"
|
||||
matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
|
||||
matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'
|
||||
|
|
|
@ -110,5 +110,6 @@ matrix_mautrix_facebook_registration_yaml: |
|
|||
# See https://github.com/tulir/mautrix-signal/issues/43
|
||||
sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -110,5 +110,6 @@ matrix_mautrix_hangouts_registration_yaml: |
|
|||
# See https://github.com/tulir/mautrix-signal/issues/43
|
||||
sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -100,5 +100,6 @@ matrix_mautrix_instagram_registration_yaml: |
|
|||
# See https://github.com/tulir/mautrix-signal/issues/43
|
||||
sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -15,3 +15,4 @@ url: {{ matrix_mautrix_signal_appservice_address }}
|
|||
# See https://github.com/tulir/mautrix-signal/issues/43
|
||||
sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
|
|
@ -121,5 +121,6 @@ matrix_mautrix_telegram_registration_yaml: |
|
|||
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
|
||||
url: {{ matrix_mautrix_telegram_appservice_address }}
|
||||
rate_limited: false
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -105,5 +105,6 @@ matrix_mautrix_whatsapp_registration_yaml: |
|
|||
exclusive: true
|
||||
- exclusive: true
|
||||
regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -108,5 +108,6 @@ matrix_mx_puppet_discord_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: _discordpuppet_bot
|
||||
url: {{ matrix_mx_puppet_discord_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -107,5 +107,6 @@ matrix_mx_puppet_groupme_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: _groupmepuppet_bot
|
||||
url: {{ matrix_mx_puppet_groupme_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -98,5 +98,6 @@ matrix_mx_puppet_instagram_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: _instagrampuppet_bot
|
||||
url: {{ matrix_mx_puppet_instagram_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -106,5 +106,6 @@ matrix_mx_puppet_skype_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: _skypepuppet_bot
|
||||
url: {{ matrix_mx_puppet_skype_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_skype_registration: "{{ matrix_mx_puppet_skype_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -110,5 +110,6 @@ matrix_mx_puppet_slack_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: _slackpuppet_bot
|
||||
url: {{ matrix_mx_puppet_slack_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -107,5 +107,6 @@ matrix_mx_puppet_steam_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: _steampuppet_bot
|
||||
url: {{ matrix_mx_puppet_steam_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -117,5 +117,6 @@ matrix_mx_puppet_twitter_registration_yaml: |
|
|||
rate_limited: false
|
||||
sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}"
|
||||
url: {{ matrix_mx_puppet_twitter_appservice_address }}
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}"
|
||||
|
|
|
@ -3,7 +3,7 @@ matrix_client_element_enabled: true
|
|||
matrix_client_element_container_image_self_build: false
|
||||
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
||||
|
||||
matrix_client_element_version: v1.7.22
|
||||
matrix_client_element_version: v1.7.24
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
|
20
roles/matrix-common-after/tasks/awx_post.yml
Normal file
20
roles/matrix-common-after/tasks/awx_post.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
|
||||
- name: Create user account
|
||||
command: |
|
||||
/usr/local/bin/matrix-synapse-register-user janitor {{ matrix_awx_janitor_user_password | quote }} 1
|
||||
register: cmd
|
||||
when: not matrix_awx_janitor_user_created|bool
|
||||
no_log: True
|
||||
|
||||
- name: Update AWX janitor user created variable
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: 'AWX Settings'
|
||||
with_dict:
|
||||
'matrix_awx_janitor_user_created': 'true'
|
||||
when: not matrix_awx_janitor_user_created|bool
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
|
||||
- import_tasks: "{{ role_path }}/tasks/start.yml"
|
||||
when: run_start|bool
|
||||
tags:
|
||||
|
@ -11,7 +12,14 @@
|
|||
- import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/awx_post.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
|
||||
tags:
|
||||
- run-docker-prune
|
||||
|
||||
|
||||
|
|
|
@ -40,6 +40,7 @@
|
|||
- {'table': 'dimension_sticker_packs', 'column': 'isPublic', 'default': ''}
|
||||
- {'table': 'dimension_slack_bridges', 'column': 'isEnabled', 'default': ''}
|
||||
- {'table': 'dimension_neb_integrations', 'column': 'isPublic', 'default': ''}
|
||||
- {'table': 'dimension_neb_integrations', 'column': 'isEnabled', 'default': ''}
|
||||
- {'table': 'dimension_irc_bridges', 'column': 'isEnabled', 'default': ''}
|
||||
- {'table': 'dimension_irc_bridge_networks', 'column': 'isEnabled', 'default': ''}
|
||||
- {'table': 'dimension_gitter_bridges', 'column': 'isEnabled', 'default': ''}
|
||||
|
|
|
@ -2,7 +2,7 @@ matrix_etherpad_enabled: false
|
|||
|
||||
matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
|
||||
|
||||
matrix_etherpad_version: 1.8.7
|
||||
matrix_etherpad_version: 1.8.12
|
||||
matrix_etherpad_docker_image: "docker.io/etherpad/etherpad:{{ matrix_etherpad_version }}"
|
||||
matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -42,6 +42,9 @@
|
|||
"percentageToScrollWhenUserPressesArrowUp": 0
|
||||
},
|
||||
"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
|
||||
"socketIo": {
|
||||
"maxHttpBufferSize": 10000
|
||||
},
|
||||
"loadTest": false,
|
||||
"importExportRateLimiting": {
|
||||
"windowMs": 90000,
|
||||
|
|
|
@ -29,7 +29,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \
|
|||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_etherpad_docker_image }} \
|
||||
node --experimental-worker /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js \
|
||||
node --experimental-worker src/node/server.js \
|
||||
--settings /data/settings.json --credentials /data/credentials.json \
|
||||
--sessionkey /data/sessionkey.json --apikey /data/apijey.json
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@ matrix_jitsi_web_interface_config_native_app_name: "Jitsi Meet"
|
|||
matrix_jitsi_web_interface_config_provider_name: "Jitsi"
|
||||
matrix_jitsi_web_interface_config_show_powered_by: false
|
||||
matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
|
||||
matrix_jisti_web_interface_config_show_deep_linking_image: false
|
||||
matrix_jitsi_web_interface_config_show_deep_linking_image: false
|
||||
|
||||
# Custom configuration to be injected into `interface_config.js`, passed to Jitsi Web.
|
||||
# This configuration gets appended to the final interface configuration that Jitsi Web uses.
|
||||
|
|
|
@ -40,3 +40,4 @@
|
|||
- {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_video_muted_after_nth_participant>'}
|
||||
- {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': '<Not applicable anymore>'}
|
||||
- {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': '<Not applicable anymore>'}
|
||||
- {'old': 'matrix_jisti_web_interface_config_show_deep_linking_image', 'new': 'matrix_jitsi_web_interface_config_show_deep_linking_image'}
|
||||
|
|
|
@ -177,7 +177,7 @@ var interfaceConfig = {
|
|||
*/
|
||||
SHOW_CHROME_EXTENSION_BANNER: false,
|
||||
|
||||
SHOW_DEEP_LINKING_IMAGE: {{ matrix_jisti_web_interface_config_show_deep_linking_image|to_json }},
|
||||
SHOW_DEEP_LINKING_IMAGE: {{ matrix_jitsi_web_interface_config_show_deep_linking_image|to_json }},
|
||||
SHOW_JITSI_WATERMARK: {{ matrix_jitsi_web_interface_config_show_jitsi_watermark|to_json }},
|
||||
SHOW_POWERED_BY: {{ matrix_jitsi_web_interface_config_show_powered_by|to_json }},
|
||||
SHOW_PROMOTIONAL_CLOSE_PAGE: false,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
matrix_nginx_proxy_enabled: true
|
||||
matrix_nginx_proxy_version: 1.19.6-alpine
|
||||
matrix_nginx_proxy_version: 1.19.8-alpine
|
||||
|
||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||
|
@ -9,6 +9,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.
|
|||
|
||||
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
||||
matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"
|
||||
matrix_nginx_proxy_data_path_in_container: "/nginx-data"
|
||||
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d"
|
||||
|
||||
# List of systemd services that matrix-nginx-proxy.service depends on
|
||||
|
@ -103,6 +104,10 @@ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }
|
|||
# Controls whether proxying the Synapse domain should be done.
|
||||
matrix_nginx_proxy_proxy_synapse_enabled: false
|
||||
matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
|
||||
# The addresses where the Federation API is, when using Synapse.
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:8048"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:8048"
|
||||
|
||||
# Controls whether proxying the Element domain should be done.
|
||||
matrix_nginx_proxy_proxy_element_enabled: false
|
||||
|
@ -120,6 +125,10 @@ matrix_nginx_proxy_proxy_matrix_federation_port: 8448
|
|||
matrix_nginx_proxy_proxy_dimension_enabled: false
|
||||
matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
|
||||
|
||||
# Controls whether proxying the goneb domain should be done.
|
||||
matrix_nginx_proxy_proxy_bot_go_neb_enabled: false
|
||||
matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
|
||||
|
||||
# Controls whether proxying the jitsi domain should be done.
|
||||
matrix_nginx_proxy_proxy_jitsi_enabled: false
|
||||
matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
|
||||
|
@ -128,6 +137,10 @@ matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
|
|||
matrix_nginx_proxy_proxy_grafana_enabled: false
|
||||
matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
|
||||
|
||||
# Controls whether proxying the sygnal domain should be done.
|
||||
matrix_nginx_proxy_proxy_sygnal_enabled: false
|
||||
matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
|
||||
|
||||
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||
|
@ -211,10 +224,6 @@ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (mat
|
|||
matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem"
|
||||
|
||||
# The addresses where the Federation API is, when using Synapse.
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:8048"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:8048"
|
||||
|
||||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||
matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"
|
||||
|
||||
|
@ -236,12 +245,18 @@ matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks: []
|
|||
# A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf).
|
||||
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to GoNEB's server configuration (matrix-bot-go-neb.conf).
|
||||
matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to Jitsi's server configuration (matrix-jitsi.conf).
|
||||
matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to Grafana's server configuration (matrix-grafana.conf).
|
||||
matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf).
|
||||
matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
|
||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
follow_redirects: none
|
||||
return_content: true
|
||||
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
||||
headers:
|
||||
Origin: example.com
|
||||
check_mode: no
|
||||
register: result_well_known_matrix
|
||||
ignore_errors: true
|
||||
|
@ -40,6 +42,8 @@
|
|||
follow_redirects: "{{ well_known_file_check.follow_redirects }}"
|
||||
return_content: true
|
||||
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
||||
headers:
|
||||
Origin: example.com
|
||||
check_mode: no
|
||||
register: result_well_known_identity
|
||||
ignore_errors: true
|
||||
|
|
|
@ -79,6 +79,13 @@
|
|||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_dimension_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for goneb domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
|
||||
|
@ -93,6 +100,13 @@
|
|||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_grafana_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for sygnal domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_sygnal_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
||||
|
@ -196,6 +210,12 @@
|
|||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for goneb domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
||||
|
@ -208,6 +228,12 @@
|
|||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_grafana_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
|
|
|
@ -40,8 +40,8 @@
|
|||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
msg: "The `{{ item }}` variable must be defined and have a non-null value"
|
||||
with_items:
|
||||
- "matrix_ssl_lets_encrypt_support_email"
|
||||
when: "vars[item] is none"
|
||||
when: "vars[item] == '' or vars[item] is none"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-bot-go-neb:4050";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:4050;
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
server_name {{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-certbot:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$http_host$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
{{ render_vhost_directives() }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
server {
|
||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}/privkey.pem;
|
||||
|
||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
|
||||
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||
{% endif %}
|
||||
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||
|
||||
{{ render_vhost_directives() }}
|
||||
}
|
||||
{% endif %}
|
|
@ -241,6 +241,7 @@ server {
|
|||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options DENY;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-sygnal:6000";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:6000;
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-certbot:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$http_host$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
{{ render_vhost_directives() }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
server {
|
||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/privkey.pem;
|
||||
|
||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
|
||||
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||
{% endif %}
|
||||
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||
|
||||
{{ render_vhost_directives() }}
|
||||
}
|
||||
{% endif %}
|
2
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
Normal file → Executable file
2
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
Normal file → Executable file
|
@ -33,7 +33,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
|
|||
-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst={{ matrix_nginx_proxy_data_path_in_container }},ro \
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_confd_path }},dst=/etc/nginx/conf.d,ro \
|
||||
{% if matrix_ssl_retrieval_method != 'none' %}
|
||||
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst={{ matrix_ssl_config_dir_path }},ro \
|
||||
|
|
95
roles/matrix-sygnal/defaults/main.yml
Normal file
95
roles/matrix-sygnal/defaults/main.yml
Normal file
|
@ -0,0 +1,95 @@
|
|||
# Sygnal is a reference Push Gateway for Matrix.
|
||||
# To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app.
|
||||
# Learn more here: https://github.com/matrix-org/sygnal
|
||||
matrix_sygnal_enabled: false
|
||||
|
||||
matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
|
||||
matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
|
||||
matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data"
|
||||
|
||||
matrix_sygnal_version: v0.9.0
|
||||
matrix_sygnal_docker_image: "docker.io/matrixdotorg/sygnal:{{ matrix_sygnal_version }}"
|
||||
matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"
|
||||
|
||||
# List of systemd services that matrix-sygnal.service depends on.
|
||||
matrix_sygnal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-sygnal.service wants
|
||||
matrix_sygnal_systemd_wanted_services_list: []
|
||||
|
||||
# Controls whether the matrix-sygnal container exposes its HTTP port (tcp/6000 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6000"), or empty string to not expose.
|
||||
matrix_sygnal_container_http_host_bind_port: ''
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_sygnal_container_extra_arguments: []
|
||||
|
||||
# Database-related configuration fields.
|
||||
#
|
||||
# To use SQLite, stick to these defaults.
|
||||
#
|
||||
# To use Postgres:
|
||||
# - change the engine (`matrix_sygnal_database_engine: 'postgres'`)
|
||||
# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables
|
||||
matrix_sygnal_database_engine: 'sqlite'
|
||||
|
||||
matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db"
|
||||
matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db"
|
||||
|
||||
matrix_sygnal_database_username: 'matrix_sygnal'
|
||||
matrix_sygnal_database_password: 'some-password'
|
||||
matrix_sygnal_database_hostname: 'matrix-postgres'
|
||||
matrix_sygnal_database_port: 5432
|
||||
matrix_sygnal_database_name: 'matrix_sygnal'
|
||||
|
||||
matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}'
|
||||
|
||||
# A map (dictionary) of apps instances that this server works with.
|
||||
#
|
||||
# Example configuration:
|
||||
#
|
||||
# matrix_sygnal_apps:
|
||||
# com.example.myapp.ios:
|
||||
# type: apns
|
||||
# # .. more configuration ..
|
||||
# com.example.myapp.android:
|
||||
# type: gcm
|
||||
# api_key: your_api_key_for_gcm
|
||||
# # .. more configuration ..
|
||||
#
|
||||
# The APNS configuration needs to reference some certificate files.
|
||||
# One can put these in the `matrix_sygnal_data_path` directory (`/matrix/sygnal/data`), mounted to `/data` in the container.
|
||||
# The `matrix_sygnal_apps` paths need to use the in-container path (`/data`).
|
||||
# To install these files via the playbook, one can use the `matrix-aux` role.
|
||||
# Examples and more details are available in `docs/configuring-playbook-sygnal.md`.
|
||||
matrix_sygnal_apps: []
|
||||
|
||||
matrix_sygnal_metrics_prometheus_enabled: false
|
||||
|
||||
# Default Sygnal configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_sygnal_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_sygnal_configuration_yaml: "{{ lookup('template', 'templates/sygnal.yaml.j2') }}"
|
||||
|
||||
matrix_sygnal_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for Sygnal goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_sygnal_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_sygnal_configuration_yaml`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
# metrics:
|
||||
# opentracing:
|
||||
# enabled: true
|
||||
|
||||
matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension_yaml|from_yaml if matrix_sygnal_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final sygnal configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_sygnal_configuration_yaml`.
|
||||
matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml|from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}"
|
3
roles/matrix-sygnal/tasks/init.yml
Normal file
3
roles/matrix-sygnal/tasks/init.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}"
|
||||
when: matrix_sygnal_enabled|bool
|
21
roles/matrix-sygnal/tasks/main.yml
Normal file
21
roles/matrix-sygnal/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-sygnal
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: run_setup|bool and matrix_sygnal_enabled|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-sygnal
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: run_setup|bool and not matrix_sygnal_enabled|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-sygnal
|
73
roles/matrix-sygnal/tasks/setup_install.yml
Normal file
73
roles/matrix-sygnal/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_sygnal_requires_restart: false
|
||||
|
||||
- block:
|
||||
- name: Check if an SQLite database already exists
|
||||
stat:
|
||||
path: "{{ matrix_sygnal_sqlite_database_path_local }}"
|
||||
register: matrix_sygnal_sqlite_database_path_local_stat_result
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
matrix_postgres_db_migration_request:
|
||||
src: "{{ matrix_sygnal_sqlite_database_path_local }}"
|
||||
dst: "{{ matrix_sygnal_database_connection_string }}"
|
||||
caller: "{{ role_path|basename }}"
|
||||
engine_variable_name: 'matrix_sygnal_database_engine'
|
||||
engine_old: 'sqlite'
|
||||
systemd_services_to_stop: ['matrix-sygnal.service']
|
||||
pgloader_options: ['--with "quote identifiers"']
|
||||
|
||||
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
|
||||
|
||||
- set_fact:
|
||||
matrix_sygnal_requires_restart: true
|
||||
when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool"
|
||||
when: "matrix_sygnal_database_engine == 'postgres'"
|
||||
|
||||
- name: Ensure Sygnal image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_sygnal_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}"
|
||||
|
||||
- name: Ensure Sygnal paths exists
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_sygnal_base_path }}"
|
||||
- "{{ matrix_sygnal_config_path }}"
|
||||
- "{{ matrix_sygnal_data_path }}"
|
||||
|
||||
- name: Ensure Sygnal config installed
|
||||
copy:
|
||||
content: "{{ matrix_sygnal_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml"
|
||||
mode: 0640
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-sygnal.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-sygnal.service"
|
||||
mode: 0644
|
||||
register: matrix_sygnal_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-sygnal.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_sygnal_systemd_service_result.changed|bool"
|
||||
|
||||
- name: Ensure matrix-sygnal.service restarted, if necessary
|
||||
service:
|
||||
name: "matrix-sygnal.service"
|
||||
state: restarted
|
||||
when: "matrix_sygnal_requires_restart|bool"
|
35
roles/matrix-sygnal/tasks/setup_uninstall.yml
Normal file
35
roles/matrix-sygnal/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-sygnal service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-sygnal.service"
|
||||
register: matrix_sygnal_service_stat
|
||||
|
||||
- name: Ensure matrix-sygnal is stopped
|
||||
service:
|
||||
name: matrix-sygnal
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "matrix_sygnal_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-sygnal.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-sygnal.service"
|
||||
state: absent
|
||||
when: "matrix_sygnal_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-sygnal.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_sygnal_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure Sygnal base directory doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_sygnal_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure Sygnal Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_sygnal_docker_image }}"
|
||||
state: absent
|
13
roles/matrix-sygnal/tasks/validate_config.yml
Normal file
13
roles/matrix-sygnal/tasks/validate_config.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
- name: Fail if no Sygnal apps defined
|
||||
fail:
|
||||
msg: >-
|
||||
Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps`
|
||||
when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0"
|
||||
|
||||
- name: Fail if running on a non-supported architecture
|
||||
fail:
|
||||
msg: >-
|
||||
Sygnal can only be used on the amd64 architecture for now.
|
||||
Only amd64 container images are pushed for the `docker.io/matrixdotorg/sygnal` container image.
|
||||
Either use a different image (by redefining `matrix_sygnal_docker_image`) or consider contributing self-building support to this role.
|
||||
when: "matrix_sygnal_enabled and matrix_architecture != 'amd64' and matrix_sygnal_docker_image.startswith('docker.io/matrixdotorg/sygnal')"
|
288
roles/matrix-sygnal/templates/sygnal.yaml.j2
Normal file
288
roles/matrix-sygnal/templates/sygnal.yaml.j2
Normal file
|
@ -0,0 +1,288 @@
|
|||
##
|
||||
# This is a configuration for Sygnal, the reference Push Gateway for Matrix
|
||||
# See: matrix.org
|
||||
##
|
||||
|
||||
# The 'database' setting defines the database that sygnal uses to store all of
|
||||
# its data.
|
||||
#
|
||||
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
|
||||
# 'psycopg2' (for PostgreSQL).
|
||||
#
|
||||
# 'args' gives options which are passed through to the database engine,
|
||||
# except for options starting 'cp_', which are used to configure the Twisted
|
||||
# connection pool. For a reference to valid arguments, see:
|
||||
# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
|
||||
# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
|
||||
# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
|
||||
#
|
||||
#
|
||||
# Example SQLite configuration:
|
||||
#
|
||||
#database:
|
||||
# name: sqlite3
|
||||
# args:
|
||||
# dbfile: /path/to/database.db
|
||||
#
|
||||
#
|
||||
# Example Postgres configuration:
|
||||
#
|
||||
#database:
|
||||
# name: psycopg2
|
||||
# args:
|
||||
# host: localhost
|
||||
# database: sygnal
|
||||
# user: sygnal
|
||||
# password: pass
|
||||
# cp_min: 1
|
||||
# cp_max: 5
|
||||
#
|
||||
{% if matrix_sygnal_database_engine == 'sqlite' %}
|
||||
database:
|
||||
name: sqlite3
|
||||
args:
|
||||
dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }}
|
||||
{% else %}
|
||||
database:
|
||||
name: psycopg2
|
||||
args:
|
||||
host: {{ matrix_sygnal_database_hostname|to_json }}
|
||||
database: {{ matrix_sygnal_database_name|to_json }}
|
||||
user: {{ matrix_sygnal_database_username|to_json }}
|
||||
password: {{ matrix_sygnal_database_password|to_json }}
|
||||
cp_min: 1
|
||||
cp_max: 5
|
||||
{% endif %}
|
||||
|
||||
## Logging #
|
||||
#
|
||||
log:
|
||||
# Specify a Python logging 'dictConfig', as described at:
|
||||
# https://docs.python.org/3.7/library/logging.config.html#logging.config.dictConfig
|
||||
#
|
||||
setup:
|
||||
version: 1
|
||||
formatters:
|
||||
normal:
|
||||
format: "%(asctime)s [%(process)d] %(levelname)-5s %(name)s %(message)s"
|
||||
handlers:
|
||||
# This handler prints to Standard Error
|
||||
#
|
||||
stderr:
|
||||
class: "logging.StreamHandler"
|
||||
formatter: "normal"
|
||||
stream: "ext://sys.stderr"
|
||||
|
||||
# This handler prints to Standard Output.
|
||||
#
|
||||
stdout:
|
||||
class: "logging.StreamHandler"
|
||||
formatter: "normal"
|
||||
stream: "ext://sys.stdout"
|
||||
|
||||
# This handler demonstrates logging to a text file on the filesystem.
|
||||
# You can use logrotate(8) to perform log rotation.
|
||||
#
|
||||
#file:
|
||||
# class: "logging.handlers.WatchedFileHandler"
|
||||
# formatter: "normal"
|
||||
# filename: "./sygnal.log"
|
||||
loggers:
|
||||
# sygnal.access contains the access logging lines.
|
||||
# Comment out this section if you don't want to give access logging
|
||||
# any special treatment.
|
||||
#
|
||||
sygnal.access:
|
||||
propagate: false
|
||||
handlers: ["stdout"]
|
||||
level: "INFO"
|
||||
|
||||
# sygnal contains log lines from Sygnal itself.
|
||||
# You can comment out this section to fall back to the root logger.
|
||||
#
|
||||
sygnal:
|
||||
propagate: false
|
||||
handlers: ["stderr"]
|
||||
|
||||
root:
|
||||
# Specify the handler(s) to send log messages to.
|
||||
handlers: ["stderr"]
|
||||
level: "INFO"
|
||||
|
||||
disable_existing_loggers: false
|
||||
|
||||
|
||||
access:
|
||||
# Specify whether or not to trust the IP address in the `X-Forwarded-For`
|
||||
# header. In general, you want to enable this if and only if you are using a
|
||||
# reverse proxy which is configured to emit it.
|
||||
#
|
||||
x_forwarded_for: true
|
||||
|
||||
## HTTP Server (Matrix Push Gateway API) #
|
||||
#
|
||||
http:
|
||||
# Specify a list of interface addresses to bind to.
|
||||
#
|
||||
# This example listens on the IPv4 loopback device:
|
||||
#bind_addresses: ['127.0.0.1']
|
||||
# This example listens on all IPv4 interfaces:
|
||||
#bind_addresses: ['0.0.0.0']
|
||||
# This example listens on all IPv4 and IPv6 interfaces:
|
||||
#bind_addresses: ['0.0.0.0', '::']
|
||||
bind_addresses: ['::']
|
||||
|
||||
# Specify the port number to listen on.
|
||||
#
|
||||
port: 6000
|
||||
|
||||
## Proxying for outgoing connections #
|
||||
#
|
||||
# Specify the URL of a proxy to use for outgoing traffic
|
||||
# (e.g. to Apple & Google) if desired.
|
||||
# Currently only HTTP proxies with CONNECT capability are supported.
|
||||
#
|
||||
# If you do not specify a value, the `HTTPS_PROXY` environment variable will
|
||||
# be used if present. Otherwise, no proxy will be used.
|
||||
#
|
||||
# Default is unspecified.
|
||||
#
|
||||
#proxy: 'http://user:secret@prox:8080'
|
||||
|
||||
## Metrics #
|
||||
#
|
||||
metrics:
|
||||
## Prometheus #
|
||||
#
|
||||
prometheus:
|
||||
# Specify whether or not to enable Prometheus.
|
||||
#
|
||||
enabled: false
|
||||
|
||||
# Specify an address for the Prometheus HTTP Server to listen on.
|
||||
#
|
||||
address: '0.0.0.0'
|
||||
|
||||
# Specify a port for the Prometheus HTTP Server to listen on.
|
||||
#
|
||||
port: 8000
|
||||
|
||||
## OpenTracing #
|
||||
#
|
||||
opentracing:
|
||||
# Specify whether or not to enable OpenTracing.
|
||||
#
|
||||
enabled: false
|
||||
|
||||
# Specify an implementation of OpenTracing to use. Currently only 'jaeger'
|
||||
# is supported.
|
||||
#
|
||||
implementation: jaeger
|
||||
|
||||
# Specify the service name to be reported to the tracer.
|
||||
#
|
||||
service_name: sygnal
|
||||
|
||||
# Specify configuration values to pass to jaeger_client.
|
||||
#
|
||||
jaeger:
|
||||
sampler:
|
||||
type: 'const'
|
||||
param: 1
|
||||
# local_agent:
|
||||
# reporting_host: '127.0.0.1'
|
||||
# reporting_port:
|
||||
logging: true
|
||||
|
||||
## Sentry #
|
||||
#
|
||||
sentry:
|
||||
# Specify whether or not to enable Sentry.
|
||||
#
|
||||
enabled: false
|
||||
|
||||
# Specify your Sentry DSN if you enable Sentry
|
||||
#
|
||||
#dsn: "https://<key>@sentry.example.org/<project>"
|
||||
|
||||
## Pushkins/Apps #
|
||||
#
|
||||
# Add a section for every push application here.
|
||||
# Specify the pushkey for the application and also the type.
|
||||
# For the type, you may specify a fully-qualified Python classname if desired.
|
||||
#
|
||||
#apps:
|
||||
# This is an example APNs push configuration
|
||||
#
|
||||
#com.example.myapp.ios:
|
||||
# type: apns
|
||||
#
|
||||
# # Authentication
|
||||
# #
|
||||
# # Two methods of authentication to APNs are currently supported.
|
||||
# #
|
||||
# # You can authenticate using a key:
|
||||
# keyfile: my_key.p8
|
||||
# key_id: MY_KEY_ID
|
||||
# team_id: MY_TEAM_ID
|
||||
# topic: MY_TOPIC
|
||||
#
|
||||
# # Or, a certificate can be used instead:
|
||||
# certfile: com.example.myApp_prod_APNS.pem
|
||||
#
|
||||
# # This is the maximum number of in-flight requests *for this pushkin*
|
||||
# # before additional notifications will be failed.
|
||||
# # (This is a robustness measure to prevent one pushkin stacking up with
|
||||
# # queued requests and saturating the inbound connection queue of a load
|
||||
# # balancer or reverse proxy).
|
||||
# # Defaults to 512 if unset.
|
||||
# #
|
||||
# #inflight_request_limit: 512
|
||||
#
|
||||
# # Specifies whether to use the production or sandbox APNs server. Note that
|
||||
# # sandbox tokens should only be used with the sandbox server and vice versa.
|
||||
# #
|
||||
# # Valid options are:
|
||||
# # * production
|
||||
# # * sandbox
|
||||
# #
|
||||
# # The default is 'production'. Uncomment to use the sandbox instance.
|
||||
# #platform: sandbox
|
||||
|
||||
# This is an example GCM/FCM push configuration.
|
||||
#
|
||||
#com.example.myapp.android:
|
||||
# type: gcm
|
||||
# api_key: your_api_key_for_gcm
|
||||
#
|
||||
# # This is the maximum number of connections to GCM servers at any one time
|
||||
# # the default is 20.
|
||||
# #max_connections: 20
|
||||
#
|
||||
# # This is the maximum number of in-flight requests *for this pushkin*
|
||||
# # before additional notifications will be failed.
|
||||
# # (This is a robustness measure to prevent one pushkin stacking up with
|
||||
# # queued requests and saturating the inbound connection queue of a load
|
||||
# # balancer or reverse proxy).
|
||||
# # Defaults to 512 if unset.
|
||||
# #
|
||||
# #inflight_request_limit: 512
|
||||
#
|
||||
# # This allows you to specify additional options to send to Firebase.
|
||||
# #
|
||||
# # Of particular interest, admins who wish to support iOS apps using Firebase
|
||||
# # probably wish to set content_available, and may need to set mutable_content.
|
||||
# # (content_available allows your iOS app to be woken up by data messages,
|
||||
# # and mutable_content allows your notification to be modified by a
|
||||
# # Notification Service app extension).
|
||||
# #
|
||||
# # See https://firebase.google.com/docs/cloud-messaging/http-server-ref
|
||||
# # for the exhaustive list of valid options.
|
||||
# #
|
||||
# # Do not specify `data`, `priority`, `to` or `registration_ids` as they may
|
||||
# # be overwritten or lead to an invalid request.
|
||||
# #
|
||||
# #fcm_options:
|
||||
# # content_available: true
|
||||
# # mutable_content: true
|
||||
apps: {{ matrix_sygnal_apps|to_json }}
|
|
@ -0,0 +1,42 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Sygnal
|
||||
{% for service in matrix_sygnal_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_sygnal_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null'
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null'
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--env=SYGNAL_CONF=/config/sygnal.yaml \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_sygnal_container_http_host_bind_port %}
|
||||
-p {{ matrix_sygnal_container_http_host_bind_port }}:6000 \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_sygnal_config_path }},dst=/config \
|
||||
--mount type=bind,src={{ matrix_sygnal_data_path }},dst=/data \
|
||||
{% for arg in matrix_sygnal_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_sygnal_docker_image }}
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-sygnal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||
# amd64 gets released first.
|
||||
# arm32 relies on self-building, so the same version can be built immediately.
|
||||
# arm64 users need to wait for a prebuilt image to become available.
|
||||
matrix_synapse_version: v1.29.0
|
||||
matrix_synapse_version_arm64: v1.29.0
|
||||
matrix_synapse_version: v1.30.1
|
||||
matrix_synapse_version_arm64: v1.30.1
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
@ -181,6 +181,26 @@ matrix_synapse_allow_public_rooms_without_auth: false
|
|||
# For private servers, you most likely wish to forbid it.
|
||||
matrix_synapse_allow_public_rooms_over_federation: false
|
||||
|
||||
# Whether to require authentication to retrieve profile data (avatars,
|
||||
# display names) of other users through the client API. Defaults to
|
||||
# 'false'. Note that profile data is also available via the federation
|
||||
# API, so this setting is of limited value if federation is enabled on
|
||||
# the server.
|
||||
matrix_synapse_require_auth_for_profile_requests: false
|
||||
|
||||
# Set to true to require a user to share a room with another user in order
|
||||
# to retrieve their profile information. Only checked on Client-Server
|
||||
# requests. Profile requests from other servers should be checked by the
|
||||
# requesting server. Defaults to 'false'.
|
||||
matrix_synapse_limit_profile_requests_to_users_who_share_rooms: false
|
||||
|
||||
# Set to false to prevent a user's profile data from being retrieved and
|
||||
# displayed in a room until they have joined it. By default, a user's
|
||||
# profile data is included in an invite event, regardless of the values
|
||||
# of the above two settings, and whether or not the users share a server.
|
||||
# Defaults to 'true'.
|
||||
matrix_synapse_include_profile_data_on_invite: true
|
||||
|
||||
# Controls whether people with access to the homeserver can register by themselves.
|
||||
matrix_synapse_enable_registration: false
|
||||
|
||||
|
|
|
@ -65,17 +65,16 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|||
# Whether to require authentication to retrieve profile data (avatars,
|
||||
# display names) of other users through the client API. Defaults to
|
||||
# 'false'. Note that profile data is also available via the federation
|
||||
# API, so this setting is of limited value if federation is enabled on
|
||||
# the server.
|
||||
# API, unless allow_profile_lookup_over_federation is set to false.
|
||||
#
|
||||
#require_auth_for_profile_requests: true
|
||||
require_auth_for_profile_requests: {{ matrix_synapse_require_auth_for_profile_requests|to_json }}
|
||||
|
||||
# Uncomment to require a user to share a room with another user in order
|
||||
# to retrieve their profile information. Only checked on Client-Server
|
||||
# requests. Profile requests from other servers should be checked by the
|
||||
# requesting server. Defaults to 'false'.
|
||||
#
|
||||
#limit_profile_requests_to_users_who_share_rooms: true
|
||||
limit_profile_requests_to_users_who_share_rooms: {{ matrix_synapse_limit_profile_requests_to_users_who_share_rooms|to_json }}
|
||||
|
||||
# Uncomment to prevent a user's profile data from being retrieved and
|
||||
# displayed in a room until they have joined it. By default, a user's
|
||||
|
@ -83,7 +82,7 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|||
# of the above two settings, and whether or not the users share a server.
|
||||
# Defaults to 'true'.
|
||||
#
|
||||
#include_profile_data_on_invite: false
|
||||
include_profile_data_on_invite: {{ matrix_synapse_include_profile_data_on_invite|to_json }}
|
||||
|
||||
# If set to 'true', removes the need for authentication to access the server's
|
||||
# public rooms directory through the client API, meaning that anyone can
|
||||
|
@ -1777,10 +1776,14 @@ saml2_config:
|
|||
# offer the user a choice of login mechanisms.
|
||||
#
|
||||
# idp_icon: An optional icon for this identity provider, which is presented
|
||||
# by identity picker pages. If given, must be an MXC URI of the format
|
||||
# mxc://<server-name>/<media-id>. (An easy way to obtain such an MXC URI
|
||||
# is to upload an image to an (unencrypted) room and then copy the "url"
|
||||
# from the source of the event.)
|
||||
# by clients and Synapse's own IdP picker page. If given, must be an
|
||||
# MXC URI of the format mxc://<server-name>/<media-id>. (An easy way to
|
||||
# obtain such an MXC URI is to upload an image to an (unencrypted) room
|
||||
# and then copy the "url" from the source of the event.)
|
||||
#
|
||||
# idp_brand: An optional brand for this identity provider, allowing clients
|
||||
# to style the login flow according to the identity provider in question.
|
||||
# See the spec for possible options here.
|
||||
#
|
||||
# discover: set to 'false' to disable the use of the OIDC discovery mechanism
|
||||
# to discover endpoints. Defaults to true.
|
||||
|
@ -1790,7 +1793,26 @@ saml2_config:
|
|||
#
|
||||
# client_id: Required. oauth2 client id to use.
|
||||
#
|
||||
# client_secret: Required. oauth2 client secret to use.
|
||||
# client_secret: oauth2 client secret to use. May be omitted if
|
||||
# client_secret_jwt_key is given, or if client_auth_method is 'none'.
|
||||
#
|
||||
# client_secret_jwt_key: Alternative to client_secret: details of a key used
|
||||
# to create a JSON Web Token to be used as an OAuth2 client secret. If
|
||||
# given, must be a dictionary with the following properties:
|
||||
#
|
||||
# key: a pem-encoded signing key. Must be a suitable key for the
|
||||
# algorithm specified. Required unless 'key_file' is given.
|
||||
#
|
||||
# key_file: the path to file containing a pem-encoded signing key file.
|
||||
# Required unless 'key' is given.
|
||||
#
|
||||
# jwt_header: a dictionary giving properties to include in the JWT
|
||||
# header. Must include the key 'alg', giving the algorithm used to
|
||||
# sign the JWT, such as "ES256", using the JWA identifiers in
|
||||
# RFC7518.
|
||||
#
|
||||
# jwt_payload: an optional dictionary giving properties to include in
|
||||
# the JWT payload. Normally this should include an 'iss' key.
|
||||
#
|
||||
# client_auth_method: auth method to use when exchanging the token. Valid
|
||||
# values are 'client_secret_basic' (default), 'client_secret_post' and
|
||||
|
@ -1910,7 +1932,7 @@ oidc_providers:
|
|||
#
|
||||
#- idp_id: github
|
||||
# idp_name: Github
|
||||
# idp_brand: org.matrix.github
|
||||
# idp_brand: github
|
||||
# discover: false
|
||||
# issuer: "https://github.com/"
|
||||
# client_id: "your-client-id" # TO BE FILLED
|
||||
|
@ -2675,19 +2697,20 @@ user_directory:
|
|||
|
||||
|
||||
|
||||
# Local statistics collection. Used in populating the room directory.
|
||||
# Settings for local room and user statistics collection. See
|
||||
# docs/room_and_user_statistics.md.
|
||||
#
|
||||
# 'bucket_size' controls how large each statistics timeslice is. It can
|
||||
# be defined in a human readable short form -- e.g. "1d", "1y".
|
||||
#
|
||||
# 'retention' controls how long historical statistics will be kept for.
|
||||
# It can be defined in a human readable short form -- e.g. "1d", "1y".
|
||||
#
|
||||
#
|
||||
#stats:
|
||||
# enabled: true
|
||||
# bucket_size: 1d
|
||||
# retention: 1y
|
||||
stats:
|
||||
# Uncomment the following to disable room and user statistics. Note that doing
|
||||
# so may cause certain features (such as the room directory) not to work
|
||||
# correctly.
|
||||
#
|
||||
#enabled: false
|
||||
|
||||
# The size of each timeslice in the room_stats_historical and
|
||||
# user_stats_historical tables, as a time period. Defaults to "1d".
|
||||
#
|
||||
#bucket_size: 1h
|
||||
|
||||
|
||||
# Server Notices room configuration
|
||||
|
|
|
@ -17,8 +17,9 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
|
|||
ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
-e UID={{ matrix_user_uid }} \
|
||||
-e GID={{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--entrypoint=python \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
--network={{ matrix_docker_network }} \
|
||||
|
@ -44,7 +45,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor
|
|||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_synapse_docker_image }} \
|
||||
-m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }}
|
||||
run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }}
|
||||
|
||||
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }}
|
||||
|
|
|
@ -33,8 +33,9 @@ ExecStartPre={{ matrix_host_command_sleep }} 3
|
|||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--env=UID={{ matrix_user_uid }} \
|
||||
--env=GID={{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--entrypoint=python \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
--network={{ matrix_docker_network }} \
|
||||
|
@ -62,7 +63,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
|||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_synapse_docker_image }} \
|
||||
-m synapse.app.homeserver -c /data/homeserver.yaml
|
||||
run -m synapse.app.homeserver -c /data/homeserver.yaml
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null'
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
- roles/matrix-synapse/vars/workers.yml
|
||||
|
||||
roles:
|
||||
- matrix-awx
|
||||
- matrix-base
|
||||
- matrix-dynamic-dns
|
||||
- matrix-mailer
|
||||
|
@ -32,6 +33,7 @@
|
|||
- matrix-bridge-mx-puppet-instagram
|
||||
- matrix-bridge-sms
|
||||
- matrix-bot-matrix-reminder-bot
|
||||
- matrix-bot-go-neb
|
||||
- matrix-synapse
|
||||
- matrix-synapse-admin
|
||||
- matrix-prometheus-node-exporter
|
||||
|
@ -44,6 +46,7 @@
|
|||
- matrix-dimension
|
||||
- matrix-etherpad
|
||||
- matrix-email2matrix
|
||||
- matrix-sygnal
|
||||
- matrix-nginx-proxy
|
||||
- matrix-coturn
|
||||
- matrix-aux
|
||||
|
|
Loading…
Add table
Reference in a new issue