From 51312b8250d0c3940839d6c7ffddb195bcefa20a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 12 Jan 2019 17:53:00 +0200 Subject: [PATCH 1/3] Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable. --- CHANGELOG.md | 16 +- docs/configuring-playbook-mxisd.md | 2 +- docs/configuring-playbook.md | 2 +- roles/matrix-base/defaults/main.yml | 37 ++ .../files/yum.repos.d/docker-ce.repo | 0 .../matrix-base/tasks/clean_up_old_files.yml | 9 + roles/matrix-base/tasks/main.yml | 33 ++ .../tasks/sanity_check.yml} | 0 .../tasks}/self_check_dns.yml | 2 +- .../tasks}/self_check_dns_srv.yml | 0 .../tasks/setup_matrix_base.yml} | 7 - .../tasks/setup_server_base.yml} | 0 roles/matrix-base/tasks/setup_well_known.yml | 21 + .../static-files}/well-known/matrix-client.j2 | 0 .../usr-local-bin/matrix-remove-all.j2 | 0 roles/matrix-base/vars/main.yml | 3 + roles/matrix-common-after/tasks/main.yml | 4 + roles/matrix-common-after/tasks/start.yml | 18 + roles/matrix-corporal/defaults/main.yml | 28 ++ .../tasks/init.yml} | 10 +- roles/matrix-corporal/tasks/main.yml | 16 + .../tasks}/self_check_corporal.yml | 0 .../tasks}/setup_corporal.yml | 9 +- .../templates}/config.json.j2 | 0 .../systemd/matrix-corporal.service.j2 | 2 +- roles/matrix-coturn/defaults/main.yml | 14 + roles/matrix-coturn/tasks/init.yml | 2 + roles/matrix-coturn/tasks/main.yml | 9 + .../tasks}/setup_coturn.yml | 2 +- .../systemd/matrix-coturn.service.j2 | 1 - .../templates}/turnserver.conf.j2 | 0 roles/matrix-mailer/defaults/main.yml | 16 + roles/matrix-mailer/tasks/init.yml | 3 + roles/matrix-mailer/tasks/main.yml | 9 + .../tasks}/setup_mailer.yml | 18 +- .../templates}/env-mailer.j2 | 0 .../systemd/matrix-mailer.service.j2 | 2 +- roles/matrix-mxisd/defaults/main.yml | 101 ++++ roles/matrix-mxisd/tasks/init.yml | 3 + roles/matrix-mxisd/tasks/main.yml | 13 + .../tasks}/self_check_mxisd.yml | 0 .../tasks}/setup_mxisd.yml | 0 .../templates/systemd/matrix-mxisd.service.j2 | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 50 ++ roles/matrix-nginx-proxy/tasks/init.yml | 3 + roles/matrix-nginx-proxy/tasks/main.yml | 23 + .../tasks}/self_check_well_known.yml | 0 .../tasks}/setup_nginx_proxy.yml | 0 .../tasks}/setup_well_known.yml | 4 +- .../tasks}/ssl/main.yml | 6 +- .../tasks}/ssl/setup_ssl_lets_encrypt.yml | 2 +- ...tup_ssl_lets_encrypt_obtain_for_domain.yml | 0 .../tasks}/ssl/setup_ssl_manually_managed.yml | 2 +- ...ssl_manually_managed_verify_for_domain.yml | 0 .../tasks}/ssl/setup_ssl_self_signed.yml | 2 +- ...etup_ssl_self_signed_obtain_for_domain.yml | 0 .../nginx-conf.d/matrix-riot-web.conf.j2 | 0 .../nginx-conf.d/matrix-synapse.conf.j2 | 0 .../templates/nginx-conf.d/nginx-http.conf.j2 | 0 .../systemd/matrix-nginx-proxy.service.j2 | 0 ...rix-ssl-lets-encrypt-certificates-renew.j2 | 0 roles/matrix-postgres/defaults/main.yml | 15 + .../tasks}/import_postgres.yml | 2 +- .../tasks}/import_sqlite_db.yml | 0 roles/matrix-postgres/tasks/init.yml | 3 + roles/matrix-postgres/tasks/main.yml | 24 + .../tasks/migrate_postgres_data_directory.yml | 70 +++ .../tasks}/setup_postgres.yml | 36 +- .../tasks/upgrade_postgres.yml | 6 +- .../util/detect_existing_postgres_version.yml | 0 .../templates/env-postgres-psql.j2} | 0 .../templates/env-postgres-server.j2} | 0 .../systemd/matrix-postgres.service.j2 | 2 +- .../usr-local-bin/matrix-make-user-admin.j2 | 2 +- .../usr-local-bin/matrix-postgres-cli.j2 | 2 +- roles/matrix-riot-web/defaults/main.yml | 32 ++ roles/matrix-riot-web/tasks/init.yml | 3 + roles/matrix-riot-web/tasks/main.yml | 16 + .../tasks}/self_check_riot_web.yml | 0 .../tasks}/setup_riot_web.yml | 2 +- .../templates}/config.json.j2 | 0 .../templates}/home.html.j2 | 0 .../systemd/matrix-riot-web.service.j2 | 0 roles/matrix-server/defaults/main.yml | 463 ------------------ roles/matrix-server/tasks/main.yml | 41 -- roles/matrix-server/tasks/self_check/main.yml | 18 - roles/matrix-server/tasks/setup/main.yml | 77 --- .../tasks/setup/synapse/ext/main.yml | 11 - .../tasks/setup/synapse/main.yml | 7 - roles/matrix-server/tasks/start.yml | 87 ---- roles/matrix-synapse/defaults/main.yml | 176 +++++++ roles/matrix-synapse/tasks/ext/init.yml | 5 + .../tasks/ext/ldap-auth/setup.yml} | 0 .../tasks/ext/mautrix-telegram/init.yml | 3 + .../tasks/ext/mautrix-telegram/setup.yml} | 4 +- .../tasks/ext/mautrix-whatsapp/init.yml | 3 + .../tasks/ext/mautrix-whatsapp/setup.yml} | 4 +- .../tasks/ext/rest-auth/setup.yml} | 0 roles/matrix-synapse/tasks/ext/setup.yml | 11 + .../tasks/ext/shared-secret-auth/setup.yml} | 0 .../tasks}/import_media_store.yml | 0 roles/matrix-synapse/tasks/init.yml | 8 + roles/matrix-synapse/tasks/main.yml | 33 ++ .../tasks/register_user.yml | 0 .../tasks}/self_check_client_api.yml | 0 .../tasks}/self_check_federation_api.yml | 0 .../tasks/setup_synapse_entrypoint.yml | 9 + .../tasks/setup_synapse_goofys.yml} | 8 +- .../tasks}/setup_synapse_main.yml | 11 +- .../tasks}/setup_synapse_pre.yml | 0 .../ext}/mautrix-telegram/config.yaml.j2 | 0 .../matrix-mautrix-telegram.service.j2 | 0 .../ext}/mautrix-whatsapp/config.yaml.j2 | 0 .../matrix-mautrix-whatsapp.service.j2 | 0 .../templates/goofys}/env-goofys.j2 | 0 .../goofys}/systemd/matrix-goofys.service.j2 | 2 +- .../templates/synapse}/env-synapse.j2 | 0 .../templates/synapse/homeserver.yaml.j2 | 0 .../templates/synapse/synapse.log.config.j2 | 0 .../systemd/matrix-synapse.service.j2 | 5 +- .../matrix-synapse-register-user.j2 | 0 setup.yml | 11 +- 122 files changed, 931 insertions(+), 787 deletions(-) create mode 100644 roles/matrix-base/defaults/main.yml rename roles/{matrix-server => matrix-base}/files/yum.repos.d/docker-ce.repo (100%) create mode 100644 roles/matrix-base/tasks/clean_up_old_files.yml create mode 100644 roles/matrix-base/tasks/main.yml rename roles/{matrix-server/tasks/setup/setup_sanity_check.yml => matrix-base/tasks/sanity_check.yml} (100%) rename roles/{matrix-server/tasks/self_check => matrix-base/tasks}/self_check_dns.yml (92%) rename roles/{matrix-server/tasks/self_check => matrix-base/tasks}/self_check_dns_srv.yml (100%) rename roles/{matrix-server/tasks/setup/setup_main.yml => matrix-base/tasks/setup_matrix_base.yml} (88%) rename roles/{matrix-server/tasks/setup/setup_base.yml => matrix-base/tasks/setup_server_base.yml} (100%) create mode 100644 roles/matrix-base/tasks/setup_well_known.yml rename roles/{matrix-server/templates => matrix-base/templates/static-files}/well-known/matrix-client.j2 (100%) rename roles/{matrix-server => matrix-base}/templates/usr-local-bin/matrix-remove-all.j2 (100%) create mode 100644 roles/matrix-base/vars/main.yml create mode 100644 roles/matrix-common-after/tasks/main.yml create mode 100644 roles/matrix-common-after/tasks/start.yml create mode 100644 roles/matrix-corporal/defaults/main.yml rename roles/{matrix-server/tasks/setup/setup_corporal_overrides.yml => matrix-corporal/tasks/init.yml} (53%) create mode 100644 roles/matrix-corporal/tasks/main.yml rename roles/{matrix-server/tasks/self_check => matrix-corporal/tasks}/self_check_corporal.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-corporal/tasks}/setup_corporal.yml (89%) rename roles/{matrix-server/templates/corporal => matrix-corporal/templates}/config.json.j2 (100%) rename roles/{matrix-server => matrix-corporal}/templates/systemd/matrix-corporal.service.j2 (95%) create mode 100644 roles/matrix-coturn/defaults/main.yml create mode 100644 roles/matrix-coturn/tasks/init.yml create mode 100644 roles/matrix-coturn/tasks/main.yml rename roles/{matrix-server/tasks/setup => matrix-coturn/tasks}/setup_coturn.yml (94%) rename roles/{matrix-server => matrix-coturn}/templates/systemd/matrix-coturn.service.j2 (92%) rename roles/{matrix-server/templates/coturn => matrix-coturn/templates}/turnserver.conf.j2 (100%) create mode 100644 roles/matrix-mailer/defaults/main.yml create mode 100644 roles/matrix-mailer/tasks/init.yml create mode 100644 roles/matrix-mailer/tasks/main.yml rename roles/{matrix-server/tasks/setup => matrix-mailer/tasks}/setup_mailer.yml (77%) rename roles/{matrix-server/templates/env => matrix-mailer/templates}/env-mailer.j2 (100%) rename roles/{matrix-server => matrix-mailer}/templates/systemd/matrix-mailer.service.j2 (87%) create mode 100644 roles/matrix-mxisd/defaults/main.yml create mode 100644 roles/matrix-mxisd/tasks/init.yml create mode 100644 roles/matrix-mxisd/tasks/main.yml rename roles/{matrix-server/tasks/self_check => matrix-mxisd/tasks}/self_check_mxisd.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-mxisd/tasks}/setup_mxisd.yml (100%) rename roles/{matrix-server => matrix-mxisd}/templates/systemd/matrix-mxisd.service.j2 (94%) create mode 100644 roles/matrix-nginx-proxy/defaults/main.yml create mode 100644 roles/matrix-nginx-proxy/tasks/init.yml create mode 100644 roles/matrix-nginx-proxy/tasks/main.yml rename roles/{matrix-server/tasks/self_check => matrix-nginx-proxy/tasks}/self_check_well_known.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/setup_nginx_proxy.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/setup_well_known.yml (85%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/main.yml (84%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/setup_ssl_lets_encrypt.yml (97%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/setup_ssl_manually_managed.yml (65%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/setup_ssl_manually_managed_verify_for_domain.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/setup_ssl_self_signed.yml (86%) rename roles/{matrix-server/tasks/setup => matrix-nginx-proxy/tasks}/ssl/setup_ssl_self_signed_obtain_for_domain.yml (100%) rename roles/{matrix-server => matrix-nginx-proxy}/templates/nginx-conf.d/matrix-riot-web.conf.j2 (100%) rename roles/{matrix-server => matrix-nginx-proxy}/templates/nginx-conf.d/matrix-synapse.conf.j2 (100%) rename roles/{matrix-server => matrix-nginx-proxy}/templates/nginx-conf.d/nginx-http.conf.j2 (100%) rename roles/{matrix-server => matrix-nginx-proxy}/templates/systemd/matrix-nginx-proxy.service.j2 (100%) rename roles/{matrix-server => matrix-nginx-proxy}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 (100%) create mode 100644 roles/matrix-postgres/defaults/main.yml rename roles/{matrix-server/tasks/import => matrix-postgres/tasks}/import_postgres.yml (95%) rename roles/{matrix-server/tasks/import => matrix-postgres/tasks}/import_sqlite_db.yml (100%) create mode 100644 roles/matrix-postgres/tasks/init.yml create mode 100644 roles/matrix-postgres/tasks/main.yml create mode 100644 roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml rename roles/{matrix-server/tasks/setup => matrix-postgres/tasks}/setup_postgres.yml (83%) rename roles/{matrix-server => matrix-postgres}/tasks/upgrade_postgres.yml (95%) rename roles/{matrix-server => matrix-postgres}/tasks/util/detect_existing_postgres_version.yml (100%) rename roles/{matrix-server/templates/env/env-postgres-pgsql-docker.j2 => matrix-postgres/templates/env-postgres-psql.j2} (100%) rename roles/{matrix-server/templates/env/env-postgres-server-docker.j2 => matrix-postgres/templates/env-postgres-server.j2} (100%) rename roles/{matrix-server => matrix-postgres}/templates/systemd/matrix-postgres.service.j2 (88%) rename roles/{matrix-server => matrix-postgres}/templates/usr-local-bin/matrix-make-user-admin.j2 (80%) rename roles/{matrix-server => matrix-postgres}/templates/usr-local-bin/matrix-postgres-cli.j2 (67%) create mode 100644 roles/matrix-riot-web/defaults/main.yml create mode 100644 roles/matrix-riot-web/tasks/init.yml create mode 100644 roles/matrix-riot-web/tasks/main.yml rename roles/{matrix-server/tasks/self_check => matrix-riot-web/tasks}/self_check_riot_web.yml (100%) rename roles/{matrix-server/tasks/setup => matrix-riot-web/tasks}/setup_riot_web.yml (95%) rename roles/{matrix-server/templates/riot-web => matrix-riot-web/templates}/config.json.j2 (100%) rename roles/{matrix-server/templates/riot-web => matrix-riot-web/templates}/home.html.j2 (100%) rename roles/{matrix-server => matrix-riot-web}/templates/systemd/matrix-riot-web.service.j2 (100%) delete mode 100644 roles/matrix-server/defaults/main.yml delete mode 100644 roles/matrix-server/tasks/main.yml delete mode 100644 roles/matrix-server/tasks/self_check/main.yml delete mode 100644 roles/matrix-server/tasks/setup/main.yml delete mode 100644 roles/matrix-server/tasks/setup/synapse/ext/main.yml delete mode 100644 roles/matrix-server/tasks/setup/synapse/main.yml delete mode 100644 roles/matrix-server/tasks/start.yml create mode 100644 roles/matrix-synapse/defaults/main.yml create mode 100644 roles/matrix-synapse/tasks/ext/init.yml rename roles/{matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_ldap_auth.yml => matrix-synapse/tasks/ext/ldap-auth/setup.yml} (100%) create mode 100644 roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml rename roles/{matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_telegram.yml => matrix-synapse/tasks/ext/mautrix-telegram/setup.yml} (93%) create mode 100644 roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml rename roles/{matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_whatsapp.yml => matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml} (93%) rename roles/{matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_rest_auth.yml => matrix-synapse/tasks/ext/rest-auth/setup.yml} (100%) create mode 100644 roles/matrix-synapse/tasks/ext/setup.yml rename roles/{matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_shared_secret_auth.yml => matrix-synapse/tasks/ext/shared-secret-auth/setup.yml} (100%) rename roles/{matrix-server/tasks/import => matrix-synapse/tasks}/import_media_store.yml (100%) create mode 100644 roles/matrix-synapse/tasks/init.yml create mode 100644 roles/matrix-synapse/tasks/main.yml rename roles/{matrix-server => matrix-synapse}/tasks/register_user.yml (100%) rename roles/{matrix-server/tasks/self_check => matrix-synapse/tasks}/self_check_client_api.yml (100%) rename roles/{matrix-server/tasks/self_check => matrix-synapse/tasks}/self_check_federation_api.yml (100%) create mode 100644 roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml rename roles/{matrix-server/tasks/setup/setup_goofys.yml => matrix-synapse/tasks/setup_synapse_goofys.yml} (89%) rename roles/{matrix-server/tasks/setup/synapse => matrix-synapse/tasks}/setup_synapse_main.yml (87%) rename roles/{matrix-server/tasks/setup/synapse => matrix-synapse/tasks}/setup_synapse_pre.yml (100%) rename roles/{matrix-server/templates => matrix-synapse/templates/ext}/mautrix-telegram/config.yaml.j2 (100%) rename roles/{matrix-server/templates => matrix-synapse/templates/ext/mautrix-telegram}/systemd/matrix-mautrix-telegram.service.j2 (100%) rename roles/{matrix-server/templates => matrix-synapse/templates/ext}/mautrix-whatsapp/config.yaml.j2 (100%) rename roles/{matrix-server/templates => matrix-synapse/templates/ext/mautrix-whatsapp}/systemd/matrix-mautrix-whatsapp.service.j2 (100%) rename roles/{matrix-server/templates/env => matrix-synapse/templates/goofys}/env-goofys.j2 (100%) rename roles/{matrix-server/templates => matrix-synapse/templates/goofys}/systemd/matrix-goofys.service.j2 (94%) rename roles/{matrix-server/templates/env => matrix-synapse/templates/synapse}/env-synapse.j2 (100%) rename roles/{matrix-server => matrix-synapse}/templates/synapse/homeserver.yaml.j2 (100%) rename roles/{matrix-server => matrix-synapse}/templates/synapse/synapse.log.config.j2 (100%) rename roles/{matrix-server/templates => matrix-synapse/templates/synapse}/systemd/matrix-synapse.service.j2 (89%) rename roles/{matrix-server/templates => matrix-synapse/templates/synapse}/usr-local-bin/matrix-synapse-register-user.j2 (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e81354c..d87d314c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +# 2019-01-xx + +## Splitting the playbook into multiple roles + +For better maintainability, the playbook logic (which all used to reside in a single `matrix-server` role) +has been split out into a number of different roles: `matrix-synapse`, `matrix-postgres`, `matrix-riot-web`, `matrix-mxisd`, etc. (see the `roles/` directory). + +To keep the filesystem more consistent with this separation, the **Postgres data had to be relocated**. + +The default value of `matrix_postgres_data_path` was changed from `/matrix/postgres` to `/matrix/postgres/data`. The `/matrix/postgres` directory is what we consider a base path now (new variable `matrix_postgres_base_path`). **Your Postgres data files will automatically be relocated by the playbook** (`/matrix/postgres/*` -> `/matrix/postgres/data/`) when you run with `--tags=setup-all` (or `--tags=setup-postgres`). While this shouldn't cause data-loss, **it's better if you do a Postgres backup just in case**. You'd need to restart all services after this migration (`--tags=start`). + + # 2019-01-11 ## (BC Break) mxisd configuration changes @@ -30,7 +42,7 @@ The following variables are no longer supported by this playbook: - `matrix_mxisd_template_config` You are encouraged to use the `matrix_mxisd_configuration_extension_yaml` variable to define your own mxisd configuration additions and overrides. -Refer to the [default variables file](roles/matrix-server/defaults/main.yml) for more information. +Refer to the [default variables file](roles/matrix-mxisd/defaults/main.yml) for more information. This new way of configuring mxisd is beneficial because: @@ -92,7 +104,7 @@ Based on feedback from others, running Synapse on Python 3 is supposed to decrea ## Riot homepage customization You can now customize some parts of the Riot homepage (or even completely replace it with your own custom page). -See the `matrix_riot_web_homepage_` variables in `roles/matrix-server/defaults/main.yml`. +See the `matrix_riot_web_homepage_` variables in `roles/matrix-riot-web/defaults/main.yml`. # 2018-12-04 diff --git a/docs/configuring-playbook-mxisd.md b/docs/configuring-playbook-mxisd.md index 5e95da45..70b6410c 100644 --- a/docs/configuring-playbook-mxisd.md +++ b/docs/configuring-playbook-mxisd.md @@ -29,7 +29,7 @@ You can refer to the [mxisd website](https://github.com/kamax-io/mxisd) for more To use a more custom configuration, you can define a `matrix_mxisd_configuration_extension_yaml` string variable and put your configuration in it. -To learn more about how to do this, refer to the information about `matrix_mxisd_configuration_extension_yaml` in the [default variables file](../roles/matrix-server/defaults/main.yml). +To learn more about how to do this, refer to the information about `matrix_mxisd_configuration_extension_yaml` in the [default variables file](../roles/matrix-mxisd/defaults/main.yml) of the mxisd component. ## Troubleshooting diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index d069f2e1..0c99a788 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -8,7 +8,7 @@ You can follow these steps: - copy the sample configuration file (`cp examples/host-vars.yml inventory/host_vars/matrix./vars.yml`) -- edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at `roles/matrix-server/defaults/main.yml` and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. +- edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. - copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml new file mode 100644 index 00000000..03f05488 --- /dev/null +++ b/roles/matrix-base/defaults/main.yml @@ -0,0 +1,37 @@ +# The bare hostname which represents your identity. +# This is something like "example.com". +# Note: this playbook does not touch the server referenced here. +hostname_identity: "{{ host_specific_hostname_identity|lower }}" + +# This is where your data lives and what we set up here. +# This and the Riot hostname (see below) are expected to be on the same server. +hostname_matrix: "matrix.{{ hostname_identity }}" + +# This is where you access the web UI from and what we set up here. +# This and the Matrix hostname (see above) are expected to be on the same server. +hostname_riot: "riot.{{ hostname_identity }}" + + +matrix_user_username: "matrix" +matrix_user_uid: 991 +matrix_user_gid: 991 + +matrix_base_data_path: "/matrix" + +matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" + +matrix_homeserver_url: "https://{{ hostname_matrix }}" +matrix_identity_server_url: "https://{{ matrix_synapse_trusted_third_party_id_servers[0] }}" + +# The Docker network that all services would be put into +matrix_docker_network: "matrix" + +# Variables to Control which parts of our roles run. +run_setup: true +run_import_postgres: true +run_upgrade_postgres: true +run_start: true +run_register_user: true +run_import_sqlite_db: true +run_import_media_store: true +run_self_check: true \ No newline at end of file diff --git a/roles/matrix-server/files/yum.repos.d/docker-ce.repo b/roles/matrix-base/files/yum.repos.d/docker-ce.repo similarity index 100% rename from roles/matrix-server/files/yum.repos.d/docker-ce.repo rename to roles/matrix-base/files/yum.repos.d/docker-ce.repo diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/matrix-base/tasks/clean_up_old_files.yml new file mode 100644 index 00000000..01d4a83d --- /dev/null +++ b/roles/matrix-base/tasks/clean_up_old_files.yml @@ -0,0 +1,9 @@ +--- + +- name: Get rid of old files and directories + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ matrix_base_data_path }}/environment-variables" + - "{{ matrix_base_data_path }}/scratchpad" \ No newline at end of file diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml new file mode 100644 index 00000000..facfc5b2 --- /dev/null +++ b/roles/matrix-base/tasks/main.yml @@ -0,0 +1,33 @@ +- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" + when: run_setup + tags: + - setup-all + +- import_tasks: "{{ role_path }}/tasks/setup_server_base.yml" + when: run_setup + tags: + - setup-all + +- import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml" + when: run_setup + tags: + - setup-all + +- import_tasks: "{{ role_path }}/tasks/setup_well_known.yml" + when: run_setup + tags: + - setup-all + - setup-mxisd + - setup-synapse + - setup-nginx-proxy + +- import_tasks: "{{ role_path }}/tasks/sanity_check.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml" + delegate_to: 127.0.0.1 + become: false + when: run_self_check + tags: + - self-check \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/setup_sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml similarity index 100% rename from roles/matrix-server/tasks/setup/setup_sanity_check.yml rename to roles/matrix-base/tasks/sanity_check.yml diff --git a/roles/matrix-server/tasks/self_check/self_check_dns.yml b/roles/matrix-base/tasks/self_check_dns.yml similarity index 92% rename from roles/matrix-server/tasks/self_check/self_check_dns.yml rename to roles/matrix-base/tasks/self_check_dns.yml index b9f1706e..371147fd 100644 --- a/roles/matrix-server/tasks/self_check/self_check_dns.yml +++ b/roles/matrix-base/tasks/self_check_dns.yml @@ -22,7 +22,7 @@ when: "matrix_mxisd_enabled" - name: Perform DNS SRV checks - include_tasks: "{{ role_path }}/tasks/self_check/self_check_dns_srv.yml" + include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml" with_items: "{{ dns_srv_record_checks }}" loop_control: loop_var: dns_srv_record_check \ No newline at end of file diff --git a/roles/matrix-server/tasks/self_check/self_check_dns_srv.yml b/roles/matrix-base/tasks/self_check_dns_srv.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_dns_srv.yml rename to roles/matrix-base/tasks/self_check_dns_srv.yml diff --git a/roles/matrix-server/tasks/setup/setup_main.yml b/roles/matrix-base/tasks/setup_matrix_base.yml similarity index 88% rename from roles/matrix-server/tasks/setup/setup_main.yml rename to roles/matrix-base/tasks/setup_matrix_base.yml index a147c862..424cd83d 100644 --- a/roles/matrix-server/tasks/setup/setup_main.yml +++ b/roles/matrix-base/tasks/setup_matrix_base.yml @@ -13,12 +13,6 @@ state: present group: "{{ matrix_user_username }}" -- name: Ensure environment variables data path exists - file: - path: "{{ matrix_environment_variables_data_path }}" - state: directory - mode: 0700 - - name: Ensure Matrix base path exists file: path: "{{ item }}" @@ -28,7 +22,6 @@ group: "{{ matrix_user_username }}" with_items: - "{{ matrix_base_data_path }}" - - "{{ matrix_synapse_base_path }}" # `docker_network` doesn't work as expected when the given network # is a substring of a network that already exists. diff --git a/roles/matrix-server/tasks/setup/setup_base.yml b/roles/matrix-base/tasks/setup_server_base.yml similarity index 100% rename from roles/matrix-server/tasks/setup/setup_base.yml rename to roles/matrix-base/tasks/setup_server_base.yml diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml new file mode 100644 index 00000000..7620c893 --- /dev/null +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -0,0 +1,21 @@ +# We need others to be able to read these directories too, +# so that matrix-nginx-proxy's nginx user can access the files. +# +# For running with another webserver, we recommend being part of the `matrix` group. +- name: Ensure Matrix static-files path exists + file: + path: "{{ item }}" + state: directory + mode: 0755 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_static_files_base_path }}/.well-known/matrix" + +- name: Ensure Matrix /.well-known/matrix/client configured + template: + src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2" + dest: "{{ matrix_static_files_base_path }}/.well-known/matrix" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" \ No newline at end of file diff --git a/roles/matrix-server/templates/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 similarity index 100% rename from roles/matrix-server/templates/well-known/matrix-client.j2 rename to roles/matrix-base/templates/static-files/well-known/matrix-client.j2 diff --git a/roles/matrix-server/templates/usr-local-bin/matrix-remove-all.j2 b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 similarity index 100% rename from roles/matrix-server/templates/usr-local-bin/matrix-remove-all.j2 rename to roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 diff --git a/roles/matrix-base/vars/main.yml b/roles/matrix-base/vars/main.yml new file mode 100644 index 00000000..e4e9c166 --- /dev/null +++ b/roles/matrix-base/vars/main.yml @@ -0,0 +1,3 @@ +# This will contain a list of enabled services that the playbook is managing. +# Each component is expected to append its service name to this list. +matrix_systemd_services_list: [] \ No newline at end of file diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml new file mode 100644 index 00000000..3b5c5428 --- /dev/null +++ b/roles/matrix-common-after/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: "{{ role_path }}/tasks/start.yml" + when: run_start + tags: + - start \ No newline at end of file diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml new file mode 100644 index 00000000..688b9244 --- /dev/null +++ b/roles/matrix-common-after/tasks/start.yml @@ -0,0 +1,18 @@ +--- + +- name: Ensure systemd reloaded + service: + daemon_reload: yes + +- name: Ensure Matrix services stopped + service: + name: "{{ item }}" + state: stopped + with_items: "{{ matrix_systemd_services_list }}" + +- name: Ensure Matrix services started + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: "{{ matrix_systemd_services_list }}" \ No newline at end of file diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml new file mode 100644 index 00000000..264c98dd --- /dev/null +++ b/roles/matrix-corporal/defaults/main.yml @@ -0,0 +1,28 @@ +# Enable this to add support for matrix-corporal. +# See: https://github.com/devture/matrix-corporal +matrix_corporal_enabled: false + +# Controls whether the matrix-corporal web server's ports are exposed outside of the container. +# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# matrix-corporal's web-server ports to the local host (`127.0.0.1:41080` and `127.0.0.1:41081`). +matrix_corporal_container_expose_ports: "{{ not matrix_nginx_proxy_enabled }}" + +matrix_corporal_docker_image: "devture/matrix-corporal:1.2.2" +matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" +matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config" +matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache" +matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" + +matrix_corporal_matrix_timeout_milliseconds: 45000 + +matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 +matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal" + +matrix_corporal_http_api_enabled: false +matrix_corporal_http_api_auth_token: "" + +# Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value) +matrix_corporal_policy_provider_config: "" + +matrix_corporal_debug: false \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/setup_corporal_overrides.yml b/roles/matrix-corporal/tasks/init.yml similarity index 53% rename from roles/matrix-server/tasks/setup/setup_corporal_overrides.yml rename to roles/matrix-corporal/tasks/init.yml index a410f801..4c63a447 100644 --- a/roles/matrix-server/tasks/setup/setup_corporal_overrides.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -1,11 +1,9 @@ -# These overrides run with the `always` tag, -# because they're important not only for the `setup-corporal` tag, but for other tags too. -# -# We want an nginx-proxy rebuild (`--tags=setup-nginx-proxy`) to also go through here -# and be affected by these overrides. - - name: Override configuration specifying where the Matrix Client API is set_fact: matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-corporal:41080" matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:41080" + when: "matrix_corporal_enabled" + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}" when: "matrix_corporal_enabled" \ No newline at end of file diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml new file mode 100644 index 00000000..ddb49ee4 --- /dev/null +++ b/roles/matrix-corporal/tasks/main.yml @@ -0,0 +1,16 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_corporal.yml" + when: run_setup + tags: + - setup-all + - setup-corporal + +- import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check and matrix_corporal_enabled" + tags: + - self-check \ No newline at end of file diff --git a/roles/matrix-server/tasks/self_check/self_check_corporal.yml b/roles/matrix-corporal/tasks/self_check_corporal.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_corporal.yml rename to roles/matrix-corporal/tasks/self_check_corporal.yml diff --git a/roles/matrix-server/tasks/setup/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml similarity index 89% rename from roles/matrix-server/tasks/setup/setup_corporal.yml rename to roles/matrix-corporal/tasks/setup_corporal.yml index db3edc1c..42b5ae02 100644 --- a/roles/matrix-server/tasks/setup/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -42,7 +42,7 @@ - name: Ensure Matrix Corporal config installed template: - src: "{{ role_path }}/templates/corporal/config.json.j2" + src: "{{ role_path }}/templates/config.json.j2" dest: "{{ matrix_corporal_config_dir_path }}/config.json" mode: 0644 when: "matrix_corporal_enabled" @@ -58,8 +58,11 @@ # Tasks related to getting rid of matrix-corporal (if it was previously enabled) # -- name: Ensure matrix-corporal.service doesn't exist +- name: Ensure matrix-corporal files don't exist file: - path: "/etc/systemd/system/matrix-corporal.service" + path: "{{ item }}" state: absent when: "not matrix_corporal_enabled" + with_items: + - /etc/systemd/system/matrix-corporal.service + - "{{ matrix_corporal_config_dir_path }}/config.json" diff --git a/roles/matrix-server/templates/corporal/config.json.j2 b/roles/matrix-corporal/templates/config.json.j2 similarity index 100% rename from roles/matrix-server/templates/corporal/config.json.j2 rename to roles/matrix-corporal/templates/config.json.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 similarity index 95% rename from roles/matrix-server/templates/systemd/matrix-corporal.service.j2 rename to roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 25b02ad2..7ac5f13a 100644 --- a/roles/matrix-server/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -13,7 +13,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --network={{ matrix_docker_network }} \ - {% if not matrix_nginx_proxy_enabled %} + {% if matrix_corporal_container_expose_ports %} -p 127.0.0.1:41080:41080 \ -p 127.0.0.1:41081:41081 \ {% endif %} diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml new file mode 100644 index 00000000..d3e48ef1 --- /dev/null +++ b/roles/matrix-coturn/defaults/main.yml @@ -0,0 +1,14 @@ +matrix_coturn_docker_image: "instrumentisto/coturn:4.5.0.8" + +matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn" +matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf" + +# A shared secret (between Synapse and Coturn) used for authentication. +# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). +matrix_coturn_turn_static_auth_secret: "" + +# UDP port-range to use for TURN +matrix_coturn_turn_udp_min_port: 49152 +matrix_coturn_turn_udp_max_port: 49172 + +matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" \ No newline at end of file diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml new file mode 100644 index 00000000..f25b2ed7 --- /dev/null +++ b/roles/matrix-coturn/tasks/init.yml @@ -0,0 +1,2 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}" \ No newline at end of file diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/matrix-coturn/tasks/main.yml new file mode 100644 index 00000000..8d90138d --- /dev/null +++ b/roles/matrix-coturn/tasks/main.yml @@ -0,0 +1,9 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_coturn.yml" + when: run_setup + tags: + - setup-coturn + - setup-all \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml similarity index 94% rename from roles/matrix-server/tasks/setup/setup_coturn.yml rename to roles/matrix-coturn/tasks/setup_coturn.yml index 36a4c9a5..e11326fc 100644 --- a/roles/matrix-server/tasks/setup/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -19,7 +19,7 @@ - name: Ensure turnserver.conf installed template: - src: "{{ role_path }}/templates/coturn/turnserver.conf.j2" + src: "{{ role_path }}/templates/turnserver.conf.j2" dest: "{{ matrix_coturn_config_path }}" mode: 0644 diff --git a/roles/matrix-server/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 similarity index 92% rename from roles/matrix-server/templates/systemd/matrix-coturn.service.j2 rename to roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 6c9f87ec..3387f772 100644 --- a/roles/matrix-server/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -13,7 +13,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \ -p 3478:3478 \ -p 3478:3478/udp \ -p {{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \ - -v {{ matrix_synapse_config_dir_path }}:/matrix-config:ro \ -v {{ matrix_coturn_config_path }}:/turnserver.conf:ro \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf diff --git a/roles/matrix-server/templates/coturn/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 similarity index 100% rename from roles/matrix-server/templates/coturn/turnserver.conf.j2 rename to roles/matrix-coturn/templates/turnserver.conf.j2 diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml new file mode 100644 index 00000000..fe303f1b --- /dev/null +++ b/roles/matrix-mailer/defaults/main.yml @@ -0,0 +1,16 @@ +# By default, this playbook sets up a postfix mailer server (running in a container). +# This is so that Matrix Synapse can send email reminders for unread messages. +# Other services (like mxisd), however, also use that mailer to send emails through it. +matrix_mailer_enabled: true + +matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" + +matrix_mailer_docker_image: "panubo/postfix:latest" + +matrix_mailer_sender_address: "matrix@{{ hostname_identity }}" +matrix_mailer_relay_use: false +matrix_mailer_relay_host_name: "mail.example.com" +matrix_mailer_relay_host_port: 587 +matrix_mailer_relay_auth: false +matrix_mailer_relay_auth_username: "" +matrix_mailer_relay_auth_password: "" \ No newline at end of file diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml new file mode 100644 index 00000000..c5f51ffe --- /dev/null +++ b/roles/matrix-mailer/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer'] }}" + when: "matrix_mailer_enabled" \ No newline at end of file diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/matrix-mailer/tasks/main.yml new file mode 100644 index 00000000..8019bf3d --- /dev/null +++ b/roles/matrix-mailer/tasks/main.yml @@ -0,0 +1,9 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_mailer.yml" + when: run_setup + tags: + - setup-mailer + - setup-all \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml similarity index 77% rename from roles/matrix-server/tasks/setup/setup_mailer.yml rename to roles/matrix-mailer/tasks/setup_mailer.yml index 1879917b..7155556c 100644 --- a/roles/matrix-server/tasks/setup/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -4,13 +4,21 @@ # Tasks related to setting up the mailer # +- name: Ensure mailer base path exists + file: + path: "{{ matrix_mailer_base_path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + when: matrix_mailer_enabled + - name: Ensure mailer environment variables file created template: - src: "{{ role_path }}/templates/env/{{ item }}.j2" - dest: "{{ matrix_environment_variables_data_path }}/{{ item }}" + src: "{{ role_path }}/templates/env-mailer.j2" + dest: "{{ matrix_mailer_base_path }}/env-mailer" mode: 0640 - with_items: - - "env-mailer" + when: matrix_mailer_enabled - name: Ensure mailer image is pulled docker_image: @@ -49,7 +57,7 @@ - name: Ensure Matrix mailer environment variables path doesn't exist file: - path: "{{ matrix_environment_variables_data_path }}/env-mailer" + path: "{{ matrix_mailer_base_path }}" state: absent when: "not matrix_mailer_enabled" diff --git a/roles/matrix-server/templates/env/env-mailer.j2 b/roles/matrix-mailer/templates/env-mailer.j2 similarity index 100% rename from roles/matrix-server/templates/env/env-mailer.j2 rename to roles/matrix-mailer/templates/env-mailer.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 similarity index 87% rename from roles/matrix-server/templates/systemd/matrix-mailer.service.j2 rename to roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 8b3ccf9d..f0adaa7c 100644 --- a/roles/matrix-server/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -10,7 +10,7 @@ ExecStartPre=-/usr/bin/docker rm matrix-mailer ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ --log-driver=none \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_environment_variables_data_path }}/env-mailer \ + --env-file={{ matrix_mailer_base_path }}/env-mailer \ {{ matrix_mailer_docker_image }} ExecStop=-/usr/bin/docker kill matrix-mailer ExecStop=-/usr/bin/docker rm matrix-mailer diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml new file mode 100644 index 00000000..6dbae4a5 --- /dev/null +++ b/roles/matrix-mxisd/defaults/main.yml @@ -0,0 +1,101 @@ +# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`). +# If you wish to use the public identity servers (matrix.org, vector.im, riot.im) instead of your own, +# you may wish to disable this. +matrix_mxisd_enabled: true +matrix_mxisd_docker_image: "kamax/mxisd:1.2.2" +matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" +matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" +matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data" + +# Controls whether the mxisd web server's port is exposed outside of the container. +# Normally, matrix-nginx-proxy is enabled and nginx can reach mxisd over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# mxisd's web-server port to the local host (`127.0.0.1:8090`). +matrix_mxisd_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}" + +# Your identity server is private by default. +# To ensure maximum discovery, you can make your identity server +# also forward lookups to the central matrix.org Identity server +# (at the cost of potentially leaking all your contacts information). +# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups +matrix_mxisd_matrixorg_forwarding_enabled: false + +# mxisd has serveral supported identity stores. +# One of them (which we enable by default) is storing identities directly in Synapse's database. +# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md +# +# If you need to disable this in favor of some other store, you can toggle it to disabled here +# and add your own mxisd configuration for the other store in `matrix_mxisd_configuration_extension_yaml`. +matrix_mxisd_synapsesql_enabled: true +matrix_mxisd_synapsesql_type: postgresql +matrix_mxisd_synapsesql_connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }} + +# Default mxisd configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mxisd_configuration_yaml: | + matrix: + domain: {{ hostname_identity }} + + server: + name: {{ hostname_matrix }} + + key: + path: /var/mxisd/sign.key + + storage: + provider: + sqlite: + database: /var/mxisd/mxisd.db + + {% if matrix_mxisd_matrixorg_forwarding_enabled %} + forward: + servers: ['matrix-org'] + {% endif %} + + threepid: + medium: + email: + identity: + from: {{ matrix_mailer_sender_address }} + connectors: + smtp: + host: matrix-mailer + port: 587 + tls: 0 + + synapseSql: + enabled: {{ matrix_mxisd_synapsesql_enabled }} + type: {{ matrix_mxisd_synapsesql_type }} + connection: {{ matrix_mxisd_synapsesql_connection }} + +matrix_mxisd_configuration_extension_yaml: | + # Your custom YAML configuration for mxisd goes here. + # This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mxisd_configuration_yaml`. + # + # Example configuration extension follows: + # + # ldap: + # enabled: true + # connection: + # host: ldapHostnameOrIp + # tls: false + # port: 389 + # baseDns: ['OU=Users,DC=example,DC=org'] + # bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org + # bindPassword: TheUserPassword + +# Doing `|from_yaml` when the extension contains nothing yields an empty string (""). +# We need to ensure it's a dictionary or `|combine` (when building `matrix_mxisd_configuration`) will fail later. +matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml else {} }}" + +# Holds the final mxisd configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`. +matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}" \ No newline at end of file diff --git a/roles/matrix-mxisd/tasks/init.yml b/roles/matrix-mxisd/tasks/init.yml new file mode 100644 index 00000000..b41ad7e3 --- /dev/null +++ b/roles/matrix-mxisd/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mxisd'] }}" + when: "matrix_mxisd_enabled" \ No newline at end of file diff --git a/roles/matrix-mxisd/tasks/main.yml b/roles/matrix-mxisd/tasks/main.yml new file mode 100644 index 00000000..8f22426a --- /dev/null +++ b/roles/matrix-mxisd/tasks/main.yml @@ -0,0 +1,13 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_mxisd.yml" + tags: + - setup-all + - setup-mxisd + +- import_tasks: "{{ role_path }}/tasks/self_check_mxisd.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check and matrix_mxisd_enabled" \ No newline at end of file diff --git a/roles/matrix-server/tasks/self_check/self_check_mxisd.yml b/roles/matrix-mxisd/tasks/self_check_mxisd.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_mxisd.yml rename to roles/matrix-mxisd/tasks/self_check_mxisd.yml diff --git a/roles/matrix-server/tasks/setup/setup_mxisd.yml b/roles/matrix-mxisd/tasks/setup_mxisd.yml similarity index 100% rename from roles/matrix-server/tasks/setup/setup_mxisd.yml rename to roles/matrix-mxisd/tasks/setup_mxisd.yml diff --git a/roles/matrix-server/templates/systemd/matrix-mxisd.service.j2 b/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 similarity index 94% rename from roles/matrix-server/templates/systemd/matrix-mxisd.service.j2 rename to roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 index fd4af2e1..895cf4f4 100644 --- a/roles/matrix-server/templates/systemd/matrix-mxisd.service.j2 +++ b/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 @@ -15,7 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --network={{ matrix_docker_network }} \ - {% if not matrix_nginx_proxy_enabled %} + {% if matrix_mxisd_container_expose_port %} -p 127.0.0.1:8090:8090 \ {% endif %} -v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \ diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml new file mode 100644 index 00000000..0562ca56 --- /dev/null +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -0,0 +1,50 @@ +# By default, this playbook sets up its own nginx proxy server on port 80/443. +# This is fine if you're dedicating the whole server to Matrix. +# But in case that's not the case, you may wish to prevent that +# and take care of proxying by yourself. +matrix_nginx_proxy_enabled: true + +matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine" + +matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy" +matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d" + +# The addresses where the Matrix Client API is. +# Certain extensions (like matrix-corporal) may override this in order to capture all traffic. +matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-synapse:8008" +matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:8008" + +# Specifies when to reload the matrix-nginx-proxy service so that +# a new SSL certificate could go into effect. +matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *" + +# Specifies which SSL protocols to use when serving Riot and Synapse +# Note TLSv1.3 is not yet available in dockerized nginx +# See: https://github.com/nginxinc/docker-nginx/issues/190 +matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2" + +# By default, this playbook automatically retrieves and auto-renews +# free SSL certificates from Let's Encrypt. +# +# The following retrieval methods are supported: +# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt +# - "self-signed" - the playbook generates and self-signs certificates +# - "manually-managed" - lets you manage certificates by yourself (manually; see below) +# +# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`), +# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path` +# obeying the following hierarchy: +# - /live//fullchain.pem +# - /live//privkey.pem +# where refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`). +matrix_ssl_retrieval_method: "lets-encrypt" + +# Controls whether to obtain production or staging certificates from Let's Encrypt. +matrix_ssl_lets_encrypt_staging: false +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0" +matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 +matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}" + +matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" +matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" +matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" \ No newline at end of file diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml new file mode 100644 index 00000000..dc27f789 --- /dev/null +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy'] }}" + when: "matrix_nginx_proxy_enabled" \ No newline at end of file diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml new file mode 100644 index 00000000..022d5272 --- /dev/null +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -0,0 +1,23 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/ssl/main.yml" + when: run_setup + tags: + - setup-all + - setup-nginx-proxy + - setup-ssl + +- import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml" + when: run_setup + tags: + - setup-all + - setup-nginx-proxy + +- import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" + delegate_to: 127.0.0.1 + become: false + when: run_self_check + tags: + - self-check \ No newline at end of file diff --git a/roles/matrix-server/tasks/self_check/self_check_well_known.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_well_known.yml rename to roles/matrix-nginx-proxy/tasks/self_check_well_known.yml diff --git a/roles/matrix-server/tasks/setup/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml similarity index 100% rename from roles/matrix-server/tasks/setup/setup_nginx_proxy.yml rename to roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml diff --git a/roles/matrix-server/tasks/setup/setup_well_known.yml b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml similarity index 85% rename from roles/matrix-server/tasks/setup/setup_well_known.yml rename to roles/matrix-nginx-proxy/tasks/setup_well_known.yml index d6c4eebd..5cd54cc8 100644 --- a/roles/matrix-server/tasks/setup/setup_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_well_known.yml @@ -13,12 +13,12 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" with_items: - - "{{ matrix_well_known_file_path|dirname }}" + - "{{ matrix_static_files_base_path }}/.well-known/matrix" - name: Ensure Matrix /.well-known/matrix/client configured template: src: "{{ role_path }}/templates/well-known/matrix-client.j2" - dest: "{{ matrix_well_known_file_path }}" + dest: "{{ matrix_static_files_base_path }}/.well-known/matrix" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml similarity index 84% rename from roles/matrix-server/tasks/setup/ssl/main.yml rename to roles/matrix-nginx-proxy/tasks/ssl/main.yml index d81c8f34..7e269eb6 100644 --- a/roles/matrix-server/tasks/setup/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -31,8 +31,8 @@ # Method specific tasks follow -- import_tasks: tasks/setup/ssl/setup_ssl_lets_encrypt.yml +- import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml -- import_tasks: tasks/setup/ssl/setup_ssl_self_signed.yml +- import_tasks: tasks/ssl/setup_ssl_self_signed.yml -- import_tasks: tasks/setup/ssl/setup_ssl_manually_managed.yml +- import_tasks: tasks/ssl/setup_ssl_manually_managed.yml diff --git a/roles/matrix-server/tasks/setup/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml similarity index 97% rename from roles/matrix-server/tasks/setup/ssl/setup_ssl_lets_encrypt.yml rename to roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index add067d2..a798881e 100644 --- a/roles/matrix-server/tasks/setup/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -38,7 +38,7 @@ when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: Obtain Let's Encrypt certificates - include_tasks: "{{ role_path }}/tasks/setup/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" + include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" with_items: "{{ domains_requiring_certificates }}" loop_control: loop_var: domain_name diff --git a/roles/matrix-server/tasks/setup/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml similarity index 100% rename from roles/matrix-server/tasks/setup/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml rename to roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml diff --git a/roles/matrix-server/tasks/setup/ssl/setup_ssl_manually_managed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml similarity index 65% rename from roles/matrix-server/tasks/setup/ssl/setup_ssl_manually_managed.yml rename to roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index 10cd0765..27937c43 100644 --- a/roles/matrix-server/tasks/setup/ssl/setup_ssl_manually_managed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -1,7 +1,7 @@ --- - name: Verify certificates - include_tasks: "{{ role_path }}/tasks/setup/ssl/setup_ssl_manually_managed_verify_for_domain.yml" + include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" with_items: "{{ domains_requiring_certificates }}" loop_control: loop_var: domain_name diff --git a/roles/matrix-server/tasks/setup/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml similarity index 100% rename from roles/matrix-server/tasks/setup/ssl/setup_ssl_manually_managed_verify_for_domain.yml rename to roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml diff --git a/roles/matrix-server/tasks/setup/ssl/setup_ssl_self_signed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml similarity index 86% rename from roles/matrix-server/tasks/setup/ssl/setup_ssl_self_signed.yml rename to roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 69ca0659..e67340e6 100644 --- a/roles/matrix-server/tasks/setup/ssl/setup_ssl_self_signed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -17,7 +17,7 @@ when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'Debian'" - name: Generate self-signed certificates - include_tasks: "{{ role_path }}/tasks/setup/ssl/setup_ssl_self_signed_obtain_for_domain.yml" + include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" with_items: "{{ domains_requiring_certificates }}" loop_control: loop_var: domain_name diff --git a/roles/matrix-server/tasks/setup/ssl/setup_ssl_self_signed_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml similarity index 100% rename from roles/matrix-server/tasks/setup/ssl/setup_ssl_self_signed_obtain_for_domain.yml rename to roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml diff --git a/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-riot-web.conf.j2 similarity index 100% rename from roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2 rename to roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-riot-web.conf.j2 diff --git a/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 similarity index 100% rename from roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2 rename to roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 diff --git a/roles/matrix-server/templates/nginx-conf.d/nginx-http.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx-conf.d/nginx-http.conf.j2 similarity index 100% rename from roles/matrix-server/templates/nginx-conf.d/nginx-http.conf.j2 rename to roles/matrix-nginx-proxy/templates/nginx-conf.d/nginx-http.conf.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 similarity index 100% rename from roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 rename to roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 diff --git a/roles/matrix-server/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 similarity index 100% rename from roles/matrix-server/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 rename to roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml new file mode 100644 index 00000000..7d4b8574 --- /dev/null +++ b/roles/matrix-postgres/defaults/main.yml @@ -0,0 +1,15 @@ +# The defaults below cause a postgres server to be configured (running within a container). +# Using an external server is possible by tweaking all of the parameters below. +matrix_postgres_use_external: false +matrix_postgres_connection_hostname: "matrix-postgres" +matrix_postgres_connection_username: "synapse" +matrix_postgres_connection_password: "synapse-password" +matrix_postgres_db_name: "homeserver" + +matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" +matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" + +matrix_postgres_docker_image_v9: "postgres:9.6.11-alpine" +matrix_postgres_docker_image_v10: "postgres:10.6-alpine" +matrix_postgres_docker_image_v11: "postgres:11.1-alpine" +matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" \ No newline at end of file diff --git a/roles/matrix-server/tasks/import/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml similarity index 95% rename from roles/matrix-server/tasks/import/import_postgres.yml rename to roles/matrix-postgres/tasks/import_postgres.yml index 1c5989b1..98df10e9 100644 --- a/roles/matrix-server/tasks/import/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -51,7 +51,7 @@ command: | /usr/bin/docker run --rm --name matrix-postgres-import \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_environment_variables_data_path }}/env-postgres-pgsql-docker \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ -v {{ server_path_postgres_dump }}:{{ server_path_postgres_dump }}:ro \ --entrypoint=/bin/sh {{ matrix_postgres_docker_image_latest }} diff --git a/roles/matrix-server/tasks/import/import_sqlite_db.yml b/roles/matrix-postgres/tasks/import_sqlite_db.yml similarity index 100% rename from roles/matrix-server/tasks/import/import_sqlite_db.yml rename to roles/matrix-postgres/tasks/import_sqlite_db.yml diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml new file mode 100644 index 00000000..433020df --- /dev/null +++ b/roles/matrix-postgres/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres'] }}" + when: "not matrix_postgres_use_external" \ No newline at end of file diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/matrix-postgres/tasks/main.yml new file mode 100644 index 00000000..123ddde4 --- /dev/null +++ b/roles/matrix-postgres/tasks/main.yml @@ -0,0 +1,24 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_postgres.yml" + when: run_setup + tags: + - setup-postgres + - setup-all + +- import_tasks: "{{ role_path }}/tasks/import_postgres.yml" + when: run_import_postgres + tags: + - import-postgres + +- import_tasks: "{{ role_path }}/tasks/import_sqlite_db.yml" + when: run_import_sqlite_db + tags: + - import-sqlite-db + +- import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml" + when: run_upgrade_postgres + tags: + - upgrade-postgres diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml new file mode 100644 index 00000000..5a4e0689 --- /dev/null +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -0,0 +1,70 @@ +--- + +# We used to store Postgres data directly under `/matrix/postgres` (what is now considered `matrix_postgres_base_path`). +# +# From now on, we expect to store Postgres data one directory below now (`/matrix/postgres/data` - `matrix_postgres_data_path`). +# We wish to use the base directory for other purposes (storing environment variable files, etc.). +# Mixing those with the Postgres data is no good and it leads to Postgres's `initdb` complaining to initialize +# a database in a non-empty directory. +# +# For this reason, we store the Postgres data in `/matrix/postgres/data` and need to relocate any installations +# which still store it in the parent directory (`/matrix/postgres`). + +- name: Check if old Postgres data directory is used + stat: + path: "{{ matrix_postgres_base_path }}/PG_VERSION" + register: result_pg_old_data_dir_stat + +- name: Warn if old Postgres data directory detected + debug: + msg: > + Found that you have Postgres data in `{{ matrix_postgres_base_path }}`. + From now on, Postgres data is supposed to be stored in `{{ matrix_postgres_data_path }}` instead. + We'll stop Postgres and relocate the files there for you. + when: "result_pg_old_data_dir_stat.stat.exists" + +- name: Find files and directories in old Postgres data path + find: + paths: "{{ matrix_postgres_base_path }}" + file_type: any + excludes: ["data"] + register: "result_pg_old_data_dir_find" + when: "result_pg_old_data_dir_stat.stat.exists" + +- name: Ensure new Postgres data path exists + file: + path: "{{ matrix_postgres_data_path }}" + state: directory + mode: 0700 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + when: "result_pg_old_data_dir_stat.stat.exists" + +- name: Ensure matrix-postgres is stopped + service: + name: matrix-postgres + state: stopped + daemon_reload: yes + when: "result_pg_old_data_dir_stat.stat.exists" + +- block: + - name: Relocate Postgres data files from old directory to new + command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path|basename }}" + with_items: "{{ result_pg_old_data_dir_find.files }}" + when: "result_pg_old_data_dir_stat.stat.exists" + +# Intentionally not starting matrix-postgres here. +# It likely needs to be updated to point to the new directory. +# In fact, let's even get rid of the outdated service, to ensure no one will start it +# and have it initialize a new database. + +- name: Ensure outdated matrix-postgres.service doesn't exist + file: + path: "/etc/systemd/system/matrix-postgres.service" + state: absent + when: "result_pg_old_data_dir_stat.stat.exists" + +- name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service + service: + daemon_reload: yes + when: "result_pg_old_data_dir_stat.stat.exists" \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml similarity index 83% rename from roles/matrix-server/tasks/setup/setup_postgres.yml rename to roles/matrix-postgres/tasks/setup_postgres.yml index 5ffa3ebc..89e8104f 100644 --- a/roles/matrix-server/tasks/setup/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -4,7 +4,9 @@ # Generic tasks, no matter what kind of server we're using (internal/external) # -- import_tasks: tasks/util/detect_existing_postgres_version.yml +- import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml" + +- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" # If we have found an existing version (installed from before), we use its corresponding Docker image. # If not, we install using the latest Postgres. @@ -23,14 +25,27 @@ docker_image: name: "{{ matrix_postgres_docker_image_to_use }}" +# We always create these directories, even if an external Postgres is used, +# because we store environment variable files there. +- name: Ensure Postgres paths exist + file: + path: "{{ item }}" + state: directory + mode: 0700 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_postgres_base_path }}" + - "{{ matrix_postgres_data_path }}" + - name: Ensure Postgres environment variables file created template: - src: "{{ role_path }}/templates/env/{{ item }}.j2" - dest: "{{ matrix_environment_variables_data_path }}/{{ item }}" + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_postgres_base_path }}/{{ item }}" mode: 0640 with_items: - - "env-postgres-pgsql-docker" - - "env-postgres-server-docker" + - "env-postgres-psql" + - "env-postgres-server" - name: Ensure matrix-postgres-cli script created template: @@ -48,15 +63,6 @@ # Tasks related to setting up an internal postgres server # -- name: Ensure postgres data path exists - file: - path: "{{ matrix_postgres_data_path }}" - state: directory - mode: 0700 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" - when: "not matrix_postgres_use_external" - - name: Ensure matrix-postgres.service installed template: src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" @@ -96,5 +102,5 @@ # We just want to notify the user. Deleting data is too destructive. - name: Notify if matrix-postgres local data remains debug: - msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in {{ matrix_postgres_data_path }}. Feel free to delete that." + msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in {{ matrix_postgres_data_path }}. Feel free to delete it." when: "matrix_postgres_use_external and matrix_postgres_data_path_stat.stat.exists" diff --git a/roles/matrix-server/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml similarity index 95% rename from roles/matrix-server/tasks/upgrade_postgres.yml rename to roles/matrix-postgres/tasks/upgrade_postgres.yml index 69955b30..b73bc030 100644 --- a/roles/matrix-server/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -71,7 +71,7 @@ command: | /usr/bin/docker run --rm --name matrix-postgres-dump \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_environment_variables_data_path }}/env-postgres-pgsql-docker \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ -v {{ postgres_dump_dir }}:/out \ {{ matrix_postgres_detected_version_corresponding_docker_image }} pg_dump -h matrix-postgres {{ matrix_postgres_db_name }} -f /out/{{ postgres_dump_name }} @@ -86,7 +86,7 @@ - debug: msg: "NOTE: Your Postgres data directory has been moved from `{{ matrix_postgres_data_path }}` to `{{ postgres_auto_upgrade_backup_data_path }}`. In the event of failure, you can move it back and run the playbook with --tags=setup-postgres to restore operation." -- import_tasks: tasks/setup/setup_postgres.yml +- import_tasks: tasks/setup_postgres.yml - name: Ensure matrix-postgres autoruns and is restarted service: @@ -105,7 +105,7 @@ command: | /usr/bin/docker run --rm --name matrix-postgres-import \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_environment_variables_data_path }}/env-postgres-pgsql-docker \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ -v {{ postgres_dump_dir }}:/in:ro \ {{ matrix_postgres_docker_image_latest }} psql -v ON_ERROR_STOP=1 -h matrix-postgres -f /in/{{ postgres_dump_name }} diff --git a/roles/matrix-server/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml similarity index 100% rename from roles/matrix-server/tasks/util/detect_existing_postgres_version.yml rename to roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml diff --git a/roles/matrix-server/templates/env/env-postgres-pgsql-docker.j2 b/roles/matrix-postgres/templates/env-postgres-psql.j2 similarity index 100% rename from roles/matrix-server/templates/env/env-postgres-pgsql-docker.j2 rename to roles/matrix-postgres/templates/env-postgres-psql.j2 diff --git a/roles/matrix-server/templates/env/env-postgres-server-docker.j2 b/roles/matrix-postgres/templates/env-postgres-server.j2 similarity index 100% rename from roles/matrix-server/templates/env/env-postgres-server-docker.j2 rename to roles/matrix-postgres/templates/env-postgres-server.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 similarity index 88% rename from roles/matrix-server/templates/systemd/matrix-postgres.service.j2 rename to roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 0988f61d..40509e8c 100644 --- a/roles/matrix-server/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -11,7 +11,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --network={{ matrix_docker_network }} \ - --env-file={{ matrix_environment_variables_data_path }}/env-postgres-server-docker \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-server \ -v {{ matrix_postgres_data_path }}:/var/lib/postgresql/data \ -v /etc/passwd:/etc/passwd:ro \ {{ matrix_postgres_docker_image_to_use }} diff --git a/roles/matrix-server/templates/usr-local-bin/matrix-make-user-admin.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 similarity index 80% rename from roles/matrix-server/templates/usr-local-bin/matrix-make-user-admin.j2 rename to roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 index 37d72370..3e5b6ebe 100644 --- a/roles/matrix-server/templates/usr-local-bin/matrix-make-user-admin.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 @@ -8,7 +8,7 @@ fi docker run \ -it \ --rm \ - --env-file={{ matrix_environment_variables_data_path }}/env-postgres-pgsql-docker \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --network {{ matrix_docker_network }} \ {{ matrix_postgres_docker_image_to_use }} \ psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ host_specific_hostname_identity }}'" diff --git a/roles/matrix-server/templates/usr-local-bin/matrix-postgres-cli.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 similarity index 67% rename from roles/matrix-server/templates/usr-local-bin/matrix-postgres-cli.j2 rename to roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 index 6cae5e5e..07e1f43b 100644 --- a/roles/matrix-server/templates/usr-local-bin/matrix-postgres-cli.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 @@ -3,7 +3,7 @@ docker run \ -it \ --rm \ - --env-file={{ matrix_environment_variables_data_path }}/env-postgres-pgsql-docker \ + --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --network {{ matrix_docker_network }} \ {{ matrix_postgres_docker_image_to_use }} \ psql -h {{ matrix_postgres_connection_hostname }} diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml new file mode 100644 index 00000000..bd2b42d2 --- /dev/null +++ b/roles/matrix-riot-web/defaults/main.yml @@ -0,0 +1,32 @@ +# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain. +# If you wish to connect to your Matrix server by other means, +# you may wish to disable this. +matrix_riot_web_enabled: true + +matrix_riot_web_docker_image: "bubuntux/riot-web:v0.17.8" + +matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" + +# Riot config.json customizations +matrix_riot_web_disable_custom_urls: true +matrix_riot_web_disable_guests: true +matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/" +matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api" +matrix_riot_web_integrations_widgets_urls: "https://scalar.vector.im/api" +matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" +# Riot public room directory server(s) +matrix_riot_web_roomdir_servers: ['matrix.org'] +matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org" + + +# Riot home.html customizations +# Default home.html template file +matrix_riot_web_homepage_template: "{{ role_path }}/templates/home.html.j2" +# Show general discussion about Matrix and Riot row +matrix_riot_web_homepage_template_general: true +# Show Matrix technical discussions row +matrix_riot_web_homepage_template_technical: true +# Show building services on Matrix row +matrix_riot_web_homepage_template_building: true +# Show contributing code to Matrix and Riot row +matrix_riot_web_homepage_template_contributing: true \ No newline at end of file diff --git a/roles/matrix-riot-web/tasks/init.yml b/roles/matrix-riot-web/tasks/init.yml new file mode 100644 index 00000000..1fd0c7eb --- /dev/null +++ b/roles/matrix-riot-web/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}" + when: matrix_riot_web_enabled \ No newline at end of file diff --git a/roles/matrix-riot-web/tasks/main.yml b/roles/matrix-riot-web/tasks/main.yml new file mode 100644 index 00000000..da57a88a --- /dev/null +++ b/roles/matrix-riot-web/tasks/main.yml @@ -0,0 +1,16 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_riot_web.yml" + when: run_setup + tags: + - setup-all + - setup-riot-web + +- import_tasks: "{{ role_path }}/tasks/self_check_riot_web.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check and matrix_riot_web_enabled" + tags: + - self-check \ No newline at end of file diff --git a/roles/matrix-server/tasks/self_check/self_check_riot_web.yml b/roles/matrix-riot-web/tasks/self_check_riot_web.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_riot_web.yml rename to roles/matrix-riot-web/tasks/self_check_riot_web.yml diff --git a/roles/matrix-server/tasks/setup/setup_riot_web.yml b/roles/matrix-riot-web/tasks/setup_riot_web.yml similarity index 95% rename from roles/matrix-server/tasks/setup/setup_riot_web.yml rename to roles/matrix-riot-web/tasks/setup_riot_web.yml index c3a2fa31..1eadf933 100644 --- a/roles/matrix-server/tasks/setup/setup_riot_web.yml +++ b/roles/matrix-riot-web/tasks/setup_riot_web.yml @@ -26,7 +26,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" with_items: - - {src: "{{ role_path }}/templates/riot-web/config.json.j2", name: "config.json"} + - {src: "{{ role_path }}/templates/config.json.j2", name: "config.json"} - {src: "{{ matrix_riot_web_homepage_template }}", name: "home.html"} when: matrix_riot_web_enabled diff --git a/roles/matrix-server/templates/riot-web/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 similarity index 100% rename from roles/matrix-server/templates/riot-web/config.json.j2 rename to roles/matrix-riot-web/templates/config.json.j2 diff --git a/roles/matrix-server/templates/riot-web/home.html.j2 b/roles/matrix-riot-web/templates/home.html.j2 similarity index 100% rename from roles/matrix-server/templates/riot-web/home.html.j2 rename to roles/matrix-riot-web/templates/home.html.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 similarity index 100% rename from roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 rename to roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml deleted file mode 100644 index 148eb97a..00000000 --- a/roles/matrix-server/defaults/main.yml +++ /dev/null @@ -1,463 +0,0 @@ -# The bare hostname which represents your identity. -# This is something like "example.com". -# Note: this playbook does not touch the server referenced here. -hostname_identity: "{{ host_specific_hostname_identity|lower }}" - -# This is where your data lives and what we set up here. -# This and the Riot hostname (see below) are expected to be on the same server. -hostname_matrix: "matrix.{{ hostname_identity }}" - -# This is where you access the web UI from and what we set up here. -# This and the Matrix hostname (see above) are expected to be on the same server. -hostname_riot: "riot.{{ hostname_identity }}" - - -matrix_user_username: "matrix" -matrix_user_uid: 991 -matrix_user_gid: 991 - -matrix_base_data_path: "/matrix" -matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables" -matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" - -matrix_homeserver_url: "https://{{ hostname_matrix }}" -matrix_identity_server_url: "https://{{ matrix_synapse_trusted_third_party_id_servers[0] }}" - -# The Docker network that all services would be put into -matrix_docker_network: "matrix" - - -matrix_synapse_docker_image: "matrixdotorg/synapse:v0.34.1.1-py3" - -matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" -matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" -matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run" -matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" -matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" -matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" - -matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages" - -# Specifies which template files to use when configuring Synapse. -# If you'd like to have your own different configuration, feel free to copy and paste -# the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: -# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars//homeserver.yaml.j2" -matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" -matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" - -matrix_synapse_macaroon_secret_key: "" -matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}" -matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" - -# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled -matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] - -# These are the identity servers that would be trusted by Synapse if mxisd IS enabled -matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']" - -# The final list of identity servers to use for Synapse. -# The first one would also be used as riot-web's default identity server. -matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}" - -matrix_synapse_max_upload_size_mb: 10 -matrix_synapse_max_log_file_size_mb: 100 -matrix_synapse_max_log_files_count: 10 - -# Log levels -# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels -# warning: setting log level to DEBUG will make synapse log sensitive information such -# as access tokens -matrix_synapse_log_level: "INFO" -matrix_synapse_storage_sql_log_level: "INFO" -matrix_synapse_root_log_level: "INFO" - -# Rate limits -matrix_synapse_rc_messages_per_second: 0.2 -matrix_synapse_rc_message_burst_count: 10.0 - -# Enable this to allow Synapse to report utilization statistics about your server to matrix.org -# (things like number of users, number of messages sent, uptime, load, etc.) -matrix_synapse_report_stats: false - -# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users. -# If users participate in large rooms with many other servers, -# disabling this will decrease server load significantly. -matrix_synapse_use_presence: true - -# Controls whether people with access to the homeserver can register by themselves. -matrix_synapse_enable_registration: false - -# Users who register on this homeserver will automatically be joined to these rooms. -# Rooms are to be specified using addresses (e.g. `#address:example.com`) -matrix_synapse_auto_join_rooms: [] - -# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created -# automatically if they don't already exist. -matrix_synapse_autocreate_auto_join_rooms: true - -# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup. -matrix_synapse_password_config_pepper: "" - -# Controls the number of events that Matrix Synapse caches in memory. -matrix_synapse_event_cache_size: "100K" - -# Controls cache sizes for Matrix Synapse via the SYNAPSE_CACHE_FACTOR environment variable. -# Raise this to increase cache sizes or lower it to potentially lower memory use. -# To learn more, see: -# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram -# - https://github.com/matrix-org/synapse/issues/3939 -matrix_synapse_cache_factor: 0.5 - -# Controls whether Matrix Synapse will federate at all. -# Disable this to completely isolate your server from the rest of the Matrix network. -matrix_synapse_federation_enabled: true - -# A list of domain names that are allowed to federate with the given Matrix Synapse server. -# An empty list value (`[]`) will also effectively stop federation, but if that's the desired -# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`. -matrix_synapse_federation_domain_whitelist: ~ - -# A list of additional "volumes" to mount in the container. -# This list gets populated dynamically based on Synapse extensions that have been enabled. -# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} -matrix_synapse_container_additional_volumes: [] - -# A list of additional loggers to register in synapse.log.config. -# This list gets populated dynamically based on Synapse extensions that have been enabled. -# Contains definition objects like this: `{"name": "..", "level": "DEBUG"} -matrix_synapse_additional_loggers: [] - -# A list of service config files -# This list gets populated dynamically based on Synapse extensions that have been enabled. -# Contains fs paths -matrix_synapse_app_service_config_files: [] - -# This is set dynamically during execution depending on whether -# any password providers have been enabled or not. -matrix_synapse_password_providers_enabled: false - - -# Enable this to activate the REST auth password provider module. -# See: https://github.com/kamax-io/matrix-synapse-rest-auth -matrix_synapse_ext_password_provider_rest_auth_enabled: false -matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.1/rest_auth_provider.py" -matrix_synapse_ext_password_provider_rest_auth_endpoint: "" -matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false -matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true -matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false - -# Enable this to activate the Shared Secret Auth password provider module. -# See: https://github.com/devture/matrix-synapse-shared-secret-auth -matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false -matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py" -matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" - -# Enable this to activate LDAP password provider -matrix_synapse_ext_password_provider_ldap_enabled: false -matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" -matrix_synapse_ext_password_provider_ldap_start_tls: true -matrix_synapse_ext_password_provider_ldap_base: "" -matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid" -matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail" -matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" -matrix_synapse_ext_password_provider_ldap_bind_dn: "" -matrix_synapse_ext_password_provider_ldap_bind_password: "" -matrix_synapse_ext_password_provider_ldap_filter: "" - - -# The defaults below cause a postgres server to be configured (running within a container). -# Using an external server is possible by tweaking all of the parameters below. -matrix_postgres_use_external: false -matrix_postgres_connection_hostname: "matrix-postgres" -matrix_postgres_connection_username: "synapse" -matrix_postgres_connection_password: "synapse-password" -matrix_postgres_db_name: "homeserver" - -matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres" - -matrix_postgres_docker_image_v9: "postgres:9.6.11-alpine" -matrix_postgres_docker_image_v10: "postgres:10.6-alpine" -matrix_postgres_docker_image_v11: "postgres:11.1-alpine" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" - - -matrix_coturn_docker_image: "instrumentisto/coturn:4.5.0.8" - -matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn" -matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf" - -# A shared secret (between Synapse and Coturn) used for authentication. -# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). -matrix_coturn_turn_static_auth_secret: "" - -# UDP port-range to use for TURN -matrix_coturn_turn_udp_min_port: 49152 -matrix_coturn_turn_udp_max_port: 49172 - -matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" - - -matrix_s3_media_store_enabled: false -matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" -matrix_s3_media_store_bucket_name: "your-bucket-name" -matrix_s3_media_store_aws_access_key: "your-aws-access-key" -matrix_s3_media_store_aws_secret_key: "your-aws-secret-key" -matrix_s3_media_store_region: "eu-central-1" - - -# By default, this playbook sets up a postfix mailer server (running in a container). -# This is so that Matrix Synapse can send email reminders for unread messages. -# Other services (like mxisd), however, also use that mailer to send emails through it. -matrix_mailer_enabled: true - -matrix_mailer_docker_image: "panubo/postfix:latest" - -matrix_mailer_sender_address: "matrix@{{ hostname_identity }}" -matrix_mailer_relay_use: false -matrix_mailer_relay_host_name: "mail.example.com" -matrix_mailer_relay_host_port: 587 -matrix_mailer_relay_auth: false -matrix_mailer_relay_auth_username: "" -matrix_mailer_relay_auth_password: "" - - -# By default, this playbook installs the mxisd identity server on the same domain as Synapse (`hostname_matrix`). -# If you wish to use the public identity servers (matrix.org, vector.im, riot.im) instead of your own, -# you may wish to disable this. -matrix_mxisd_enabled: true -matrix_mxisd_docker_image: "kamax/mxisd:1.2.2" -matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" -matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" -matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data" - -# Your identity server is private by default. -# To ensure maximum discovery, you can make your identity server -# also forward lookups to the central matrix.org Identity server -# (at the cost of potentially leaking all your contacts information). -# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups -matrix_mxisd_matrixorg_forwarding_enabled: false - -# mxisd has serveral supported identity stores. -# One of them (which we enable by default) is storing identities directly in Synapse's database. -# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md -# -# If you need to disable this in favor of some other store, you can toggle it to disabled here -# and add your own mxisd configuration for the other store in `matrix_mxisd_configuration_extension_yaml`. -matrix_mxisd_synapsesql_enabled: true -matrix_mxisd_synapsesql_type: postgresql -matrix_mxisd_synapsesql_connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }} - -# Default mxisd configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_mxisd_configuration_yaml: | - matrix: - domain: {{ hostname_identity }} - - server: - name: {{ hostname_matrix }} - - key: - path: /var/mxisd/sign.key - - storage: - provider: - sqlite: - database: /var/mxisd/mxisd.db - - {% if matrix_mxisd_matrixorg_forwarding_enabled %} - forward: - servers: ['matrix-org'] - {% endif %} - - threepid: - medium: - email: - identity: - from: {{ matrix_mailer_sender_address }} - connectors: - smtp: - host: matrix-mailer - port: 587 - tls: 0 - - synapseSql: - enabled: {{ matrix_mxisd_synapsesql_enabled }} - type: {{ matrix_mxisd_synapsesql_type }} - connection: {{ matrix_mxisd_synapsesql_connection }} - -matrix_mxisd_configuration_extension_yaml: | - # Your custom YAML configuration for mxisd goes here. - # This configuration extends the default starting configuration (`matrix_mxisd_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_mxisd_configuration_yaml`. - # - # Example configuration extension follows: - # - # ldap: - # enabled: true - # connection: - # host: ldapHostnameOrIp - # tls: false - # port: 389 - # baseDns: ['OU=Users,DC=example,DC=org'] - # bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org - # bindPassword: TheUserPassword - -# Doing `|from_yaml` when the extension contains nothing yields an empty string (""). -# We need to ensure it's a dictionary or `|combine` (when building `matrix_mxisd_configuration`) will fail later. -matrix_mxisd_configuration_extension: "{{ matrix_mxisd_configuration_extension_yaml|from_yaml if matrix_mxisd_configuration_extension_yaml|from_yaml else {} }}" - -# Holds the final mxisd configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_mxisd_configuration_yaml`. -matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}" - - -# Enable this to add support for matrix-corporal. -# See: https://github.com/devture/matrix-corporal -matrix_corporal_enabled: false - -matrix_corporal_docker_image: "devture/matrix-corporal:1.2.2" -matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" -matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config" -matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache" -matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" - -matrix_corporal_matrix_timeout_milliseconds: 45000 - -matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 -matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal" - -matrix_corporal_http_api_enabled: false -matrix_corporal_http_api_auth_token: "" - -# Matrix Corporal policy provider configuration (goes directly into the configuration's `PolicyProvider` value) -matrix_corporal_policy_provider_config: "" - -matrix_corporal_debug: false - - -# By default, this playbook installs the Riot.IM web UI on the `hostname_riot` domain. -# If you wish to connect to your Matrix server by other means, -# you may wish to disable this. -matrix_riot_web_enabled: true - -matrix_riot_web_docker_image: "bubuntux/riot-web:v0.17.8" - -matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" - -# Riot config.json customizations -matrix_riot_web_disable_custom_urls: true -matrix_riot_web_disable_guests: true -matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/" -matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api" -matrix_riot_web_integrations_widgets_urls: "https://scalar.vector.im/api" -matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" -# Riot public room directory server(s) -matrix_riot_web_roomdir_servers: ['matrix.org'] -matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org" - - -# Riot home.html customizations -# Default home.html template file -matrix_riot_web_homepage_template: "{{ role_path }}/templates/riot-web/home.html.j2" -# Show general discussion about Matrix and Riot row -matrix_riot_web_homepage_template_general: true -# Show Matrix technical discussions row -matrix_riot_web_homepage_template_technical: true -# Show building services on Matrix row -matrix_riot_web_homepage_template_building: true -# Show contributing code to Matrix and Riot row -matrix_riot_web_homepage_template_contributing: true - -# Matrix mautrix is a Matrix <-> Telegram bridge -# Enable telegram bridge -matrix_mautrix_telegram_enabled: false - -matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.4.0" - -matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" - -# Get your own API keys at https://my.telegram.org/apps -matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID -matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH -# Mautrix telegram public endpoint to log in to telegram -# Use an uuid so it's not easily discoverable -matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" - - -# Matrix mautrix is a Matrix <-> Whatsapp bridge -# Enable whatsapp bridge -matrix_mautrix_whatsapp_enabled: false - -matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" - -matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" - - -# By default, this playbook sets up its own nginx proxy server on port 80/443. -# This is fine if you're dedicating the whole server to Matrix. -# But in case that's not the case, you may wish to prevent that -# and take care of proxying by yourself. -matrix_nginx_proxy_enabled: true - -matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine" - -matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy" -matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d" - -# The addresses where the Matrix Client API is. -# Certain extensions (like matrix-corporal) may override this in order to capture all traffic. -matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-synapse:8008" -matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:8008" - -# Specifies when to reload the matrix-nginx-proxy service so that -# a new SSL certificate could go into effect. -matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *" - -# Specifies which SSL protocols to use when serving Riot and Synapse -# Note TLSv1.3 is not yet available in dockerized nginx -# See: https://github.com/nginxinc/docker-nginx/issues/190 -matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2" - -# By default, this playbook automatically retrieves and auto-renews -# free SSL certificates from Let's Encrypt. -# -# The following retrieval methods are supported: -# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt -# - "self-signed" - the playbook generates and self-signs certificates -# - "manually-managed" - lets you manage certificates by yourself (manually; see below) -# -# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`), -# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path` -# obeying the following hierarchy: -# - /live//fullchain.pem -# - /live//privkey.pem -# where refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`). -matrix_ssl_retrieval_method: "lets-encrypt" - -# Controls whether to obtain production or staging certificates from Let's Encrypt. -matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0" -matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 -matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}" - -matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" -matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" -matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" - -# Variables to Control which parts of the role run. -run_setup: true -run_import_postgres: true -run_upgrade_postgres: true -run_start: true -run_register_user: true -run_import_sqlite_db: true -run_import_media_store: true -run_self_check: true diff --git a/roles/matrix-server/tasks/main.yml b/roles/matrix-server/tasks/main.yml deleted file mode 100644 index a6ba542b..00000000 --- a/roles/matrix-server/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -- import_tasks: tasks/setup/main.yml - when: run_setup - -- import_tasks: tasks/import/import_postgres.yml - tags: - - import-postgres - when: run_import_postgres - -- import_tasks: tasks/upgrade_postgres.yml - tags: - - upgrade-postgres - when: run_upgrade_postgres - -- import_tasks: tasks/start.yml - tags: - - start - when: run_start - -- import_tasks: tasks/register_user.yml - tags: - - register-user - when: run_register_user - -- import_tasks: tasks/import/import_sqlite_db.yml - tags: - - import-sqlite-db - when: run_import_sqlite_db - -- import_tasks: tasks/import/import_media_store.yml - tags: - - import-media-store - when: run_import_media_store - -- import_tasks: tasks/self_check/main.yml - delegate_to: 127.0.0.1 - become: false - tags: - - self-check - when: run_self_check diff --git a/roles/matrix-server/tasks/self_check/main.yml b/roles/matrix-server/tasks/self_check/main.yml deleted file mode 100644 index fdd73dd6..00000000 --- a/roles/matrix-server/tasks/self_check/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- import_tasks: tasks/self_check/self_check_dns.yml - -- import_tasks: tasks/self_check/self_check_client_api.yml - -- import_tasks: tasks/self_check/self_check_federation_api.yml - -- import_tasks: tasks/self_check/self_check_riot_web.yml - when: "matrix_riot_web_enabled" - -- import_tasks: tasks/self_check/self_check_mxisd.yml - when: "matrix_mxisd_enabled" - -- import_tasks: tasks/self_check/self_check_well_known.yml - -- import_tasks: tasks/self_check/self_check_corporal.yml - when: "matrix_corporal_enabled" \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/main.yml b/roles/matrix-server/tasks/setup/main.yml deleted file mode 100644 index 34876faa..00000000 --- a/roles/matrix-server/tasks/setup/main.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - -- import_tasks: tasks/setup/setup_sanity_check.yml - tags: - - always - -- import_tasks: tasks/setup/setup_base.yml - tags: - - setup-all - -- import_tasks: tasks/setup/setup_main.yml - tags: - - setup-all - -- import_tasks: tasks/setup/ssl/main.yml - tags: - - setup-all - - setup-ssl - -- import_tasks: tasks/setup/setup_postgres.yml - tags: - - setup-all - - setup-postgres - -- import_tasks: tasks/setup/setup_goofys.yml - tags: - - setup-all - - setup-goofys - -- import_tasks: tasks/setup/setup_coturn.yml - tags: - - setup-all - - setup-coturn - -- import_tasks: tasks/setup/setup_mailer.yml - tags: - - setup-all - - setup-mailer - -- import_tasks: tasks/setup/setup_mxisd.yml - tags: - - setup-all - - setup-mxisd - -- import_tasks: tasks/setup/setup_corporal_overrides.yml - tags: - - always - -- import_tasks: tasks/setup/setup_corporal.yml - tags: - - setup-all - - setup-corporal - -- import_tasks: tasks/setup/synapse/main.yml - tags: - - setup-all - - setup-synapse - - setup-coturn - -- import_tasks: tasks/setup/setup_riot_web.yml - tags: - - setup-all - - setup-riot-web - -- import_tasks: tasks/setup/setup_well_known.yml - tags: - - setup-all - - setup-mxisd - - setup-synapse - - setup-nginx-proxy - - setup-well-known - -- import_tasks: tasks/setup/setup_nginx_proxy.yml - tags: - - setup-all - - setup-nginx-proxy - - setup-well-known \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/synapse/ext/main.yml b/roles/matrix-server/tasks/setup/synapse/ext/main.yml deleted file mode 100644 index a53cc9aa..00000000 --- a/roles/matrix-server/tasks/setup/synapse/ext/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- import_tasks: tasks/setup/synapse/ext/setup_synapse_ext_rest_auth.yml - -- import_tasks: tasks/setup/synapse/ext/setup_synapse_ext_shared_secret_auth.yml - -- import_tasks: tasks/setup/synapse/ext/setup_synapse_ext_ldap_auth.yml - -- import_tasks: tasks/setup/synapse/ext/setup_synapse_ext_mautrix_telegram.yml - -- import_tasks: tasks/setup/synapse/ext/setup_synapse_ext_mautrix_whatsapp.yml diff --git a/roles/matrix-server/tasks/setup/synapse/main.yml b/roles/matrix-server/tasks/setup/synapse/main.yml deleted file mode 100644 index 86e7087c..00000000 --- a/roles/matrix-server/tasks/setup/synapse/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- import_tasks: tasks/setup/synapse/setup_synapse_pre.yml - -- import_tasks: tasks/setup/synapse/ext/main.yml - -- import_tasks: tasks/setup/synapse/setup_synapse_main.yml diff --git a/roles/matrix-server/tasks/start.yml b/roles/matrix-server/tasks/start.yml deleted file mode 100644 index bbdf09f6..00000000 --- a/roles/matrix-server/tasks/start.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- - -- name: Ensure matrix-postgres autoruns and is restarted - service: - name: matrix-postgres - enabled: yes - state: restarted - daemon_reload: yes - when: "not matrix_postgres_use_external" - -- name: Ensure matrix-goofys autoruns and is restarted - service: - name: matrix-goofys - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_s3_media_store_enabled - -- name: Ensure matrix-coturn autoruns and is restarted - service: - name: matrix-coturn - enabled: yes - state: restarted - daemon_reload: yes - -- name: Ensure matrix-mailer autoruns and is restarted - service: - name: matrix-mailer - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_mailer_enabled - -- name: Ensure matrix-mxisd autoruns and is restarted - service: - name: matrix-mxisd - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_mxisd_enabled - -- name: Ensure matrix-synapse autoruns and is restarted - service: - name: matrix-synapse - enabled: yes - state: restarted - daemon_reload: yes - -- name: Ensure matrix-riot-web autoruns and is restarted - service: - name: matrix-riot-web - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_riot_web_enabled - -- name: Ensure matrix-nginx-proxy autoruns and is restarted - service: - name: matrix-nginx-proxy - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_nginx_proxy_enabled - -- name: Ensure matrix-corporal autoruns and is restarted - service: - name: matrix-corporal - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_corporal_enabled - -- name: Ensure matrix-mautrix-telegram autoruns and is restarted - service: - name: matrix-mautrix-telegram - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_mautrix_telegram_enabled - -- name: Ensure matrix-mautrix-whatsapp autoruns and is restarted - service: - name: matrix-mautrix-whatsapp - enabled: yes - state: restarted - daemon_reload: yes - when: matrix_mautrix_whatsapp_enabled diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml new file mode 100644 index 00000000..6ebb3fa9 --- /dev/null +++ b/roles/matrix-synapse/defaults/main.yml @@ -0,0 +1,176 @@ +matrix_synapse_docker_image: "matrixdotorg/synapse:v0.34.1.1-py3" + +matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" +matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" +matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run" +matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" +matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" +matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" + +# Controls whether the Synapse container exposes the Client/Server API port (tcp/8008). +# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# the Client/Server API's port to the local host (`127.0.0.1:8008`). +matrix_synapse_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" + +matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages" + +# Specifies which template files to use when configuring Synapse. +# If you'd like to have your own different configuration, feel free to copy and paste +# the original files into your inventory (e.g. in `inventory/host_vars//`) +# and then change the specific host's `vars.yaml` file like this: +# matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars//homeserver.yaml.j2" +matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" +matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" + +matrix_synapse_macaroon_secret_key: "" +matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}" +matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" + +# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled +matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] + +# These are the identity servers that would be trusted by Synapse if mxisd IS enabled +matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']" + +# The final list of identity servers to use for Synapse. +# The first one would also be used as riot-web's default identity server. +matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}" + +matrix_synapse_max_upload_size_mb: 10 +matrix_synapse_max_log_file_size_mb: 100 +matrix_synapse_max_log_files_count: 10 + +# Log levels +# Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels +# warning: setting log level to DEBUG will make synapse log sensitive information such +# as access tokens +matrix_synapse_log_level: "INFO" +matrix_synapse_storage_sql_log_level: "INFO" +matrix_synapse_root_log_level: "INFO" + +# Rate limits +matrix_synapse_rc_messages_per_second: 0.2 +matrix_synapse_rc_message_burst_count: 10.0 + +# Enable this to allow Synapse to report utilization statistics about your server to matrix.org +# (things like number of users, number of messages sent, uptime, load, etc.) +matrix_synapse_report_stats: false + +# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users. +# If users participate in large rooms with many other servers, +# disabling this will decrease server load significantly. +matrix_synapse_use_presence: true + +# Controls whether people with access to the homeserver can register by themselves. +matrix_synapse_enable_registration: false + +# Users who register on this homeserver will automatically be joined to these rooms. +# Rooms are to be specified using addresses (e.g. `#address:example.com`) +matrix_synapse_auto_join_rooms: [] + +# Controls whether auto-join rooms (`matrix_synapse_auto_join_rooms`) are to be created +# automatically if they don't already exist. +matrix_synapse_autocreate_auto_join_rooms: true + +# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup. +matrix_synapse_password_config_pepper: "" + +# Controls the number of events that Matrix Synapse caches in memory. +matrix_synapse_event_cache_size: "100K" + +# Controls cache sizes for Matrix Synapse via the SYNAPSE_CACHE_FACTOR environment variable. +# Raise this to increase cache sizes or lower it to potentially lower memory use. +# To learn more, see: +# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram +# - https://github.com/matrix-org/synapse/issues/3939 +matrix_synapse_cache_factor: 0.5 + +# Controls whether Matrix Synapse will federate at all. +# Disable this to completely isolate your server from the rest of the Matrix network. +matrix_synapse_federation_enabled: true + +# A list of domain names that are allowed to federate with the given Matrix Synapse server. +# An empty list value (`[]`) will also effectively stop federation, but if that's the desired +# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`. +matrix_synapse_federation_domain_whitelist: ~ + +# A list of additional "volumes" to mount in the container. +# This list gets populated dynamically based on Synapse extensions that have been enabled. +# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} +matrix_synapse_container_additional_volumes: [] + +# A list of additional loggers to register in synapse.log.config. +# This list gets populated dynamically based on Synapse extensions that have been enabled. +# Contains definition objects like this: `{"name": "..", "level": "DEBUG"} +matrix_synapse_additional_loggers: [] + +# A list of service config files +# This list gets populated dynamically based on Synapse extensions that have been enabled. +# Contains fs paths +matrix_synapse_app_service_config_files: [] + +# This is set dynamically during execution depending on whether +# any password providers have been enabled or not. +matrix_synapse_password_providers_enabled: false + + +# Enable this to activate the REST auth password provider module. +# See: https://github.com/kamax-io/matrix-synapse-rest-auth +matrix_synapse_ext_password_provider_rest_auth_enabled: false +matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.1/rest_auth_provider.py" +matrix_synapse_ext_password_provider_rest_auth_endpoint: "" +matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false +matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true +matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false + +# Enable this to activate the Shared Secret Auth password provider module. +# See: https://github.com/devture/matrix-synapse-shared-secret-auth +matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" + +# Enable this to activate LDAP password provider +matrix_synapse_ext_password_provider_ldap_enabled: false +matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" +matrix_synapse_ext_password_provider_ldap_start_tls: true +matrix_synapse_ext_password_provider_ldap_base: "" +matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid" +matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail" +matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" +matrix_synapse_ext_password_provider_ldap_bind_dn: "" +matrix_synapse_ext_password_provider_ldap_bind_password: "" +matrix_synapse_ext_password_provider_ldap_filter: "" + + +matrix_s3_media_store_enabled: false +matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" +matrix_s3_media_store_bucket_name: "your-bucket-name" +matrix_s3_media_store_aws_access_key: "your-aws-access-key" +matrix_s3_media_store_aws_secret_key: "your-aws-secret-key" +matrix_s3_media_store_region: "eu-central-1" + + +# Matrix mautrix is a Matrix <-> Telegram bridge +# Enable telegram bridge +matrix_mautrix_telegram_enabled: false + +matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.4.0" + +matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" + +# Get your own API keys at https://my.telegram.org/apps +matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID +matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH +# Mautrix telegram public endpoint to log in to telegram +# Use an uuid so it's not easily discoverable +matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" + + +# Matrix mautrix is a Matrix <-> Whatsapp bridge +# Enable whatsapp bridge +matrix_mautrix_whatsapp_enabled: false + +matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" + +matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" \ No newline at end of file diff --git a/roles/matrix-synapse/tasks/ext/init.yml b/roles/matrix-synapse/tasks/ext/init.yml new file mode 100644 index 00000000..a33c2738 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/init.yml @@ -0,0 +1,5 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/init.yml" + +- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml" diff --git a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_ldap_auth.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml similarity index 100% rename from roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_ldap_auth.yml rename to roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml b/roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml new file mode 100644 index 00000000..566d7321 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}" + when: matrix_mautrix_telegram_enabled \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_telegram.yml b/roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml similarity index 93% rename from roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_telegram.yml rename to roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml index 25a04d56..6e0c3249 100644 --- a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_telegram.yml +++ b/roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml @@ -19,7 +19,7 @@ - name: Ensure Matrix Mautrix telegram config installed template: - src: "{{ role_path }}/templates/mautrix-telegram/config.yaml.j2" + src: "{{ role_path }}/templates/ext/mautrix-telegram/config.yaml.j2" dest: "{{ matrix_mautrix_telegram_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -28,7 +28,7 @@ - name: Ensure matrix-mautrix-telegram.service installed template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" + src: "{{ role_path }}/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2" dest: "/etc/systemd/system/matrix-mautrix-telegram.service" mode: 0644 when: "matrix_mautrix_telegram_enabled" diff --git a/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml b/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml new file mode 100644 index 00000000..fdc0d1b9 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}" + when: matrix_mautrix_whatsapp_enabled \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_whatsapp.yml b/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml similarity index 93% rename from roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_whatsapp.yml rename to roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml index 6afc4947..ee9b3358 100644 --- a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_mautrix_whatsapp.yml +++ b/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml @@ -19,7 +19,7 @@ - name: Ensure Matrix Mautrix whatsapp config installed template: - src: "{{ role_path }}/templates/mautrix-whatsapp/config.yaml.j2" + src: "{{ role_path }}/templates/ext/mautrix-whatsapp/config.yaml.j2" dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -28,7 +28,7 @@ - name: Ensure matrix-mautrix-whatsapp.service installed template: - src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" + src: "{{ role_path }}/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2" dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service" mode: 0644 when: "matrix_mautrix_whatsapp_enabled" diff --git a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_rest_auth.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml similarity index 100% rename from roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_rest_auth.yml rename to roles/matrix-synapse/tasks/ext/rest-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml new file mode 100644 index 00000000..c7936c71 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -0,0 +1,11 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml" diff --git a/roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_shared_secret_auth.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml similarity index 100% rename from roles/matrix-server/tasks/setup/synapse/ext/setup_synapse_ext_shared_secret_auth.yml rename to roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml diff --git a/roles/matrix-server/tasks/import/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml similarity index 100% rename from roles/matrix-server/tasks/import/import_media_store.yml rename to roles/matrix-synapse/tasks/import_media_store.yml diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml new file mode 100644 index 00000000..ede7105d --- /dev/null +++ b/roles/matrix-synapse/tasks/init.yml @@ -0,0 +1,8 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse'] }}" + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys'] }}" + when: matrix_s3_media_store_enabled + +- import_tasks: "{{ role_path }}/tasks/ext/init.yml" \ No newline at end of file diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml new file mode 100644 index 00000000..e385fe11 --- /dev/null +++ b/roles/matrix-synapse/tasks/main.yml @@ -0,0 +1,33 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup_synapse_entrypoint.yml" + when: run_setup + tags: + - setup-all + - setup-synapse + +- import_tasks: "{{ role_path }}/tasks/import_media_store.yml" + when: run_import_media_store + tags: + - import-media-store + +- import_tasks: "{{ role_path }}/tasks/register_user.yml" + when: run_register_user + tags: + - register-user + +- import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" + delegate_to: 127.0.0.1 + become: false + when: run_self_check + tags: + - self-check + +- import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" + delegate_to: 127.0.0.1 + become: false + when: run_self_check + tags: + - self-check diff --git a/roles/matrix-server/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml similarity index 100% rename from roles/matrix-server/tasks/register_user.yml rename to roles/matrix-synapse/tasks/register_user.yml diff --git a/roles/matrix-server/tasks/self_check/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_client_api.yml rename to roles/matrix-synapse/tasks/self_check_client_api.yml diff --git a/roles/matrix-server/tasks/self_check/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml similarity index 100% rename from roles/matrix-server/tasks/self_check/self_check_federation_api.yml rename to roles/matrix-synapse/tasks/self_check_federation_api.yml diff --git a/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml b/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml new file mode 100644 index 00000000..46639cdd --- /dev/null +++ b/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml @@ -0,0 +1,9 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/setup_synapse_pre.yml" + +- import_tasks: "{{ role_path }}/tasks/ext/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/setup_synapse_main.yml" + +- import_tasks: "{{ role_path }}/tasks/setup_synapse_goofys.yml" diff --git a/roles/matrix-server/tasks/setup/setup_goofys.yml b/roles/matrix-synapse/tasks/setup_synapse_goofys.yml similarity index 89% rename from roles/matrix-server/tasks/setup/setup_goofys.yml rename to roles/matrix-synapse/tasks/setup_synapse_goofys.yml index d08940ce..f37a1eb6 100644 --- a/roles/matrix-server/tasks/setup/setup_goofys.yml +++ b/roles/matrix-synapse/tasks/setup_synapse_goofys.yml @@ -26,15 +26,15 @@ - name: Ensure goofys environment variables file created template: - src: "{{ role_path }}/templates/env/env-goofys.j2" - dest: "{{ matrix_environment_variables_data_path }}/goofys" + src: "{{ role_path }}/templates/goofys/env-goofys.j2" + dest: "{{ matrix_synapse_config_dir_path }}/env-goofys" owner: root mode: 0600 when: matrix_s3_media_store_enabled - name: Ensure matrix-goofys.service installed template: - src: "{{ role_path }}/templates/systemd/matrix-goofys.service.j2" + src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" dest: "/etc/systemd/system/matrix-goofys.service" mode: 0644 when: matrix_s3_media_store_enabled @@ -64,7 +64,7 @@ - name: Ensure goofys environment variables file doesn't exist file: - path: "{{ matrix_environment_variables_data_path }}/goofys" + path: "{{ matrix_synapse_config_dir_path }}/env-goofys" state: absent when: "not matrix_s3_media_store_enabled" diff --git a/roles/matrix-server/tasks/setup/synapse/setup_synapse_main.yml b/roles/matrix-synapse/tasks/setup_synapse_main.yml similarity index 87% rename from roles/matrix-server/tasks/setup/synapse/setup_synapse_main.yml rename to roles/matrix-synapse/tasks/setup_synapse_main.yml index 8466770c..7d86428c 100644 --- a/roles/matrix-server/tasks/setup/synapse/setup_synapse_main.yml +++ b/roles/matrix-synapse/tasks/setup_synapse_main.yml @@ -57,22 +57,15 @@ dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config" mode: 0644 -- name: Ensure Synapse environment variables file created - template: - src: "{{ role_path }}/templates/env/env-synapse.j2" - dest: "{{ matrix_environment_variables_data_path }}/synapse" - owner: root - mode: 0600 - - name: Ensure matrix-synapse.service installed template: - src: "{{ role_path }}/templates/systemd/matrix-synapse.service.j2" + src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" dest: "/etc/systemd/system/matrix-synapse.service" mode: 0644 - name: Ensure matrix-synapse-register-user script created template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-synapse-register-user.j2" + src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "/usr/local/bin/matrix-synapse-register-user" mode: 0750 diff --git a/roles/matrix-server/tasks/setup/synapse/setup_synapse_pre.yml b/roles/matrix-synapse/tasks/setup_synapse_pre.yml similarity index 100% rename from roles/matrix-server/tasks/setup/synapse/setup_synapse_pre.yml rename to roles/matrix-synapse/tasks/setup_synapse_pre.yml diff --git a/roles/matrix-server/templates/mautrix-telegram/config.yaml.j2 b/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 similarity index 100% rename from roles/matrix-server/templates/mautrix-telegram/config.yaml.j2 rename to roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 similarity index 100% rename from roles/matrix-server/templates/systemd/matrix-mautrix-telegram.service.j2 rename to roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 diff --git a/roles/matrix-server/templates/mautrix-whatsapp/config.yaml.j2 b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 similarity index 100% rename from roles/matrix-server/templates/mautrix-whatsapp/config.yaml.j2 rename to roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 similarity index 100% rename from roles/matrix-server/templates/systemd/matrix-mautrix-whatsapp.service.j2 rename to roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 diff --git a/roles/matrix-server/templates/env/env-goofys.j2 b/roles/matrix-synapse/templates/goofys/env-goofys.j2 similarity index 100% rename from roles/matrix-server/templates/env/env-goofys.j2 rename to roles/matrix-synapse/templates/goofys/env-goofys.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 similarity index 94% rename from roles/matrix-server/templates/systemd/matrix-goofys.service.j2 rename to roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index ea54fb94..c123b2c4 100644 --- a/roles/matrix-server/templates/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -17,7 +17,7 @@ ExecStart=/usr/bin/docker run --rm --name %n \ --cap-add sys_admin \ --device=/dev/fuse \ -v {{ matrix_synapse_media_store_path }}:/s3:shared \ - --env-file={{ matrix_environment_variables_data_path }}/goofys \ + --env-file={{ matrix_synapse_config_dir_path }}/env-goofys \ --entrypoint /bin/sh \ {{ matrix_s3_goofys_docker_image }} \ -c 'goofys -f --storage-class=STANDARD_IA --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' diff --git a/roles/matrix-server/templates/env/env-synapse.j2 b/roles/matrix-synapse/templates/synapse/env-synapse.j2 similarity index 100% rename from roles/matrix-server/templates/env/env-synapse.j2 rename to roles/matrix-synapse/templates/synapse/env-synapse.j2 diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 similarity index 100% rename from roles/matrix-server/templates/synapse/homeserver.yaml.j2 rename to roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 diff --git a/roles/matrix-server/templates/synapse/synapse.log.config.j2 b/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 similarity index 100% rename from roles/matrix-server/templates/synapse/synapse.log.config.j2 rename to roles/matrix-synapse/templates/synapse/synapse.log.config.j2 diff --git a/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 similarity index 89% rename from roles/matrix-server/templates/systemd/matrix-synapse.service.j2 rename to roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 1e7c7570..7654c7a0 100644 --- a/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -27,12 +27,13 @@ ExecStartPre=/bin/sleep 5 {% endif %} ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ --log-driver=none \ - --env-file={{ matrix_environment_variables_data_path }}/synapse \ --network={{ matrix_docker_network }} \ + -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml \ + -e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \ {% if matrix_synapse_federation_enabled %} -p 8448:8448 \ {% endif %} - {% if not matrix_nginx_proxy_enabled %} + {% if matrix_synapse_container_expose_client_server_api_port %} -p 127.0.0.1:8008:8008 \ {% endif %} -v {{ matrix_synapse_config_dir_path }}:/data \ diff --git a/roles/matrix-server/templates/usr-local-bin/matrix-synapse-register-user.j2 b/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 similarity index 100% rename from roles/matrix-server/templates/usr-local-bin/matrix-synapse-register-user.j2 rename to roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 diff --git a/setup.yml b/setup.yml index d0364f76..a15d6063 100644 --- a/setup.yml +++ b/setup.yml @@ -4,4 +4,13 @@ become: true roles: - - matrix-server + - matrix-base + - matrix-mailer + - matrix-coturn + - matrix-postgres + - matrix-corporal + - matrix-synapse + - matrix-riot-web + - matrix-mxisd + - matrix-nginx-proxy + - matrix-common-after From b80d44afaaa3e4cd79676685b0da60843e9826c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 12 Jan 2019 18:16:08 +0200 Subject: [PATCH 2/3] Stop Postgres before finding files to move over --- .../tasks/migrate_postgres_data_directory.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index 5a4e0689..22d584a9 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -23,6 +23,15 @@ We'll stop Postgres and relocate the files there for you. when: "result_pg_old_data_dir_stat.stat.exists" +# We should stop Postgres first, before building a list of files, +# as to ignore any `postmaster.pid` files, etc. +- name: Ensure matrix-postgres is stopped + service: + name: matrix-postgres + state: stopped + daemon_reload: yes + when: "result_pg_old_data_dir_stat.stat.exists" + - name: Find files and directories in old Postgres data path find: paths: "{{ matrix_postgres_base_path }}" @@ -40,13 +49,6 @@ group: "{{ matrix_user_username }}" when: "result_pg_old_data_dir_stat.stat.exists" -- name: Ensure matrix-postgres is stopped - service: - name: matrix-postgres - state: stopped - daemon_reload: yes - when: "result_pg_old_data_dir_stat.stat.exists" - - block: - name: Relocate Postgres data files from old directory to new command: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path|basename }}" From f8ebd94d08ff63835f826d712c2cc1e24a546ca6 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Mon, 14 Jan 2019 13:28:37 +0000 Subject: [PATCH 3/3] Make the mode of the base path configurable --- roles/matrix-base/defaults/main.yml | 3 ++- roles/matrix-base/tasks/setup_matrix_base.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 03f05488..762bcc5f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -17,6 +17,7 @@ matrix_user_uid: 991 matrix_user_gid: 991 matrix_base_data_path: "/matrix" +matrix_base_data_path_mode: "750" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" @@ -34,4 +35,4 @@ run_start: true run_register_user: true run_import_sqlite_db: true run_import_media_store: true -run_self_check: true \ No newline at end of file +run_self_check: true diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/matrix-base/tasks/setup_matrix_base.yml index 424cd83d..85a05dcf 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/matrix-base/tasks/setup_matrix_base.yml @@ -17,7 +17,7 @@ file: path: "{{ item }}" state: directory - mode: 0750 + mode: "{{ matrix_base_data_path_mode }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" with_items: