Add Sygnal support

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
This commit is contained in:
Slavi Pantaleev 2021-03-20 13:31:34 +02:00
parent 54315505de
commit 9a0222fa47
20 changed files with 797 additions and 0 deletions

View file

@ -1,3 +1,15 @@
# 2021-03-20
## Sygnal push gateway support
The playbook can now install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
This is only useful to people who develop/build their own Matrix client applications.
Additional details are available in our [Setting up Sygnal](docs/configuring-playbook-sygnal.md) docs.
# 2021-03-16
## Go-NEB support

View file

@ -99,6 +99,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation
- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.

View file

@ -35,6 +35,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `goneb` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `sygnal` (*) | - | - | - | `matrix.<your-domain>` |
## Subdomains setup
@ -51,6 +52,8 @@ The `stats.<your-domain>` subdomain may be necessary, because this playbook coul
The `goneb.<your-domain>` subdomain may be necessary, because this playbook could install the [Go-NEB](https://github.com/matrix-org/go-neb) bot. The installation of Go-NEB is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Go-NEB guide](configuring-playbook-bot-go-neb.md). If you do not wish to set up Go-NEB, feel free to skip the `goneb.<your-domain>` DNS record.
The `sygnal.<your-domain>` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.<your-domain>` DNS record.
## `_matrix-identity._tcp` SRV record setup

View file

@ -0,0 +1,71 @@
# Setting up Sygnal (optional)
The playbook can install and configure the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
See the project's [documentation](https://github.com/matrix-org/sygnal) to learn what it does and why it might be useful to you.
**Note**: most people don't need to install their own gateway. As Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) documentation says:
> It is not feasible to allow end-users to configure their own Sygnal instance, because the Sygnal instance needs the appropriate FCM or APNs secrets that belong to the application.
This optional playbook component is only useful to people who develop/build their own Matrix client applications themselves.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
```yaml
matrix_sygnal_enabled: true
# You need at least 1 app defined.
# The configuration below is incomplete. Read more below.
matrix_sygnal_apps:
com.example.myapp.ios:
type: apns
keyfile: /data/my_key.p8
# .. more configuration ..
com.example.myapp.android:
type: gcm
api_key: your_api_key_for_gcm
# .. more configuration ..
matrix_aux_file_definitions:
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
content: |
some
content
here
mode: '0600'
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
```
For a more complete example of available fields and values they can take, see `roles/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
To do that, the above example configuration:
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
## Installing
Don't forget to add `sygnal.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
To make use of your Sygnal installation, you'd need to build your own Matrix client application, which uses the same API keys (for [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/)) and certificates (for [APNS](https://developer.apple.com/notifications/)) and is also pointed to `https://sygnal.DOMAIN` as the configured push server.
Refer to Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) document.

View file

@ -132,3 +132,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional)
- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (optional)
### Other specialized services
- [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)

View file

@ -97,3 +97,5 @@ These services are not part of our default installation, but can be enabled by [
- [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter/) - [Prometheus Node Exporter](https://github.com/prometheus/node_exporter/) is an addon for Prometheus that gathers standard system metrics
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
- [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix

View file

@ -1095,6 +1095,7 @@ matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -1169,6 +1170,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_grafana] if matrix_grafana_enabled else [])
+
([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
+
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
+
matrix_ssl_additional_domains_to_obtain_certificates_for
@ -1341,6 +1344,12 @@ matrix_postgres_additional_databases: |
'username': matrix_etherpad_database_username,
'password': matrix_etherpad_database_password,
}] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_sygnal_database_name,
'username': matrix_sygnal_database_username,
'password': matrix_sygnal_database_password,
}] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else [])
}}
matrix_postgres_import_roles_to_ignore: |
@ -1365,6 +1374,32 @@ matrix_postgres_import_databases_to_ignore: |
######################################################################
#
# matrix-sygnal
#
######################################################################
# Most people don't need their own push-server, because they also need their own app to utilize it from.
matrix_sygnal_enabled: false
# If someone instals Prometheus via the playbook, they most likely wish to monitor Sygnal.
matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}"
matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}"
######################################################################
#
# /matrix-sygnal
#
######################################################################
######################################################################
#
# matrix-redis

View file

@ -27,6 +27,9 @@ matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
# This is where you access Grafana.
matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
# This is where you access the Sygnal push gateway.
matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
matrix_federation_public_port: 8448
# The architecture that your server runs.

View file

@ -133,6 +133,10 @@ matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
matrix_nginx_proxy_proxy_grafana_enabled: false
matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
# Controls whether proxying the sygnal domain should be done.
matrix_nginx_proxy_proxy_sygnal_enabled: false
matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -250,6 +254,9 @@ matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to Grafana's server configuration (matrix-grafana.conf).
matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf).
matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []

View file

@ -100,6 +100,13 @@
mode: 0644
when: matrix_nginx_proxy_proxy_grafana_enabled|bool
- name: Ensure Matrix nginx-proxy configuration for sygnal domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
mode: 0644
when: matrix_nginx_proxy_proxy_sygnal_enabled|bool
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
@ -221,6 +228,12 @@
state: absent
when: "not matrix_nginx_proxy_proxy_grafana_enabled|bool"
- name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool"
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
file:
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"

View file

@ -0,0 +1,79 @@
#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
{% for configuration_block in matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-sygnal:6000";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:6000;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }};
server_tokens off;
root /dev/null;
{% if matrix_nginx_proxy_https_enabled %}
location /.well-known/acme-challenge {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-certbot:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
{% endif %}
}
location / {
return 301 https://$http_host$request_uri;
}
{% else %}
{{ render_vhost_directives() }}
{% endif %}
}
{% if matrix_nginx_proxy_https_enabled %}
server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }};
server_tokens off;
root /dev/null;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
{% endif %}
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
{{ render_vhost_directives() }}
}
{% endif %}

View file

@ -0,0 +1,95 @@
# Sygnal is a reference Push Gateway for Matrix.
# To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app.
# Learn more here: https://github.com/matrix-org/sygnal
matrix_sygnal_enabled: false
matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data"
matrix_sygnal_version: v0.9.0
matrix_sygnal_docker_image: "docker.io/matrixdotorg/sygnal:{{ matrix_sygnal_version }}"
matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"
# List of systemd services that matrix-sygnal.service depends on.
matrix_sygnal_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-sygnal.service wants
matrix_sygnal_systemd_wanted_services_list: []
# Controls whether the matrix-sygnal container exposes its HTTP port (tcp/6000 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6000"), or empty string to not expose.
matrix_sygnal_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_sygnal_container_extra_arguments: []
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_sygnal_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables
matrix_sygnal_database_engine: 'sqlite'
matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db"
matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db"
matrix_sygnal_database_username: 'matrix_sygnal'
matrix_sygnal_database_password: 'some-password'
matrix_sygnal_database_hostname: 'matrix-postgres'
matrix_sygnal_database_port: 5432
matrix_sygnal_database_name: 'matrix_sygnal'
matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}'
# A map (dictionary) of apps instances that this server works with.
#
# Example configuration:
#
# matrix_sygnal_apps:
# com.example.myapp.ios:
# type: apns
# # .. more configuration ..
# com.example.myapp.android:
# type: gcm
# api_key: your_api_key_for_gcm
# # .. more configuration ..
#
# The APNS configuration needs to reference some certificate files.
# One can put these in the `matrix_sygnal_data_path` directory (`/matrix/sygnal/data`), mounted to `/data` in the container.
# The `matrix_sygnal_apps` paths need to use the in-container path (`/data`).
# To install these files via the playbook, one can use the `matrix-aux` role.
# Examples and more details are available in `docs/configuring-playbook-sygnal.md`.
matrix_sygnal_apps: []
matrix_sygnal_metrics_prometheus_enabled: false
# Default Sygnal configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_sygnal_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_sygnal_configuration_yaml: "{{ lookup('template', 'templates/sygnal.yaml.j2') }}"
matrix_sygnal_configuration_extension_yaml: |
# Your custom YAML configuration for Sygnal goes here.
# This configuration extends the default starting configuration (`matrix_sygnal_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_sygnal_configuration_yaml`.
#
# Example configuration extension follows:
# metrics:
# opentracing:
# enabled: true
matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension_yaml|from_yaml if matrix_sygnal_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final sygnal configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_sygnal_configuration_yaml`.
matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml|from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}"

View file

@ -0,0 +1,3 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}"
when: matrix_sygnal_enabled|bool

View file

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup|bool
tags:
- setup-all
- setup-sygnal
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: run_setup|bool and matrix_sygnal_enabled|bool
tags:
- setup-all
- setup-sygnal
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: run_setup|bool and not matrix_sygnal_enabled|bool
tags:
- setup-all
- setup-sygnal

View file

@ -0,0 +1,73 @@
---
- set_fact:
matrix_sygnal_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
path: "{{ matrix_sygnal_sqlite_database_path_local }}"
register: matrix_sygnal_sqlite_database_path_local_stat_result
- block:
- set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_sygnal_sqlite_database_path_local }}"
dst: "{{ matrix_sygnal_database_connection_string }}"
caller: "{{ role_path|basename }}"
engine_variable_name: 'matrix_sygnal_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-sygnal.service']
pgloader_options: ['--with "quote identifiers"']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- set_fact:
matrix_sygnal_requires_restart: true
when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_sygnal_database_engine == 'postgres'"
- name: Ensure Sygnal image is pulled
docker_image:
name: "{{ matrix_sygnal_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}"
- name: Ensure Sygnal paths exists
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_sygnal_base_path }}"
- "{{ matrix_sygnal_config_path }}"
- "{{ matrix_sygnal_data_path }}"
- name: Ensure Sygnal config installed
copy:
content: "{{ matrix_sygnal_configuration|to_nice_yaml }}"
dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-sygnal.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-sygnal.service"
mode: 0644
register: matrix_sygnal_systemd_service_result
- name: Ensure systemd reloaded after matrix-sygnal.service installation
service:
daemon_reload: yes
when: "matrix_sygnal_systemd_service_result.changed|bool"
- name: Ensure matrix-sygnal.service restarted, if necessary
service:
name: "matrix-sygnal.service"
state: restarted
when: "matrix_sygnal_requires_restart|bool"

View file

@ -0,0 +1,35 @@
---
- name: Check existence of matrix-sygnal service
stat:
path: "{{ matrix_systemd_path }}/matrix-sygnal.service"
register: matrix_sygnal_service_stat
- name: Ensure matrix-sygnal is stopped
service:
name: matrix-sygnal
state: stopped
daemon_reload: yes
register: stopping_result
when: "matrix_sygnal_service_stat.stat.exists|bool"
- name: Ensure matrix-sygnal.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-sygnal.service"
state: absent
when: "matrix_sygnal_service_stat.stat.exists|bool"
- name: Ensure systemd reloaded after matrix-sygnal.service removal
service:
daemon_reload: yes
when: "matrix_sygnal_service_stat.stat.exists|bool"
- name: Ensure Sygnal base directory doesn't exist
file:
path: "{{ matrix_sygnal_base_path }}"
state: absent
- name: Ensure Sygnal Docker image doesn't exist
docker_image:
name: "{{ matrix_sygnal_docker_image }}"
state: absent

View file

@ -0,0 +1,7 @@
- name: Fail if no Sygnal apps defined
fail:
msg: >-
Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps`
with_items:
- "matrix_sygnal_access_token"
when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0"

View file

@ -0,0 +1,288 @@
##
# This is a configuration for Sygnal, the reference Push Gateway for Matrix
# See: matrix.org
##
# The 'database' setting defines the database that sygnal uses to store all of
# its data.
#
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
# 'psycopg2' (for PostgreSQL).
#
# 'args' gives options which are passed through to the database engine,
# except for options starting 'cp_', which are used to configure the Twisted
# connection pool. For a reference to valid arguments, see:
# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
#
#
# Example SQLite configuration:
#
#database:
# name: sqlite3
# args:
# dbfile: /path/to/database.db
#
#
# Example Postgres configuration:
#
#database:
# name: psycopg2
# args:
# host: localhost
# database: sygnal
# user: sygnal
# password: pass
# cp_min: 1
# cp_max: 5
#
{% if matrix_sygnal_database_engine == 'sqlite' %}
database:
name: sqlite3
args:
dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }}
{% else %}
database:
name: psycopg2
args:
host: {{ matrix_sygnal_database_hostname|to_json }}
database: {{ matrix_sygnal_database_name|to_json }}
user: {{ matrix_sygnal_database_username|to_json }}
password: {{ matrix_sygnal_database_password|to_json }}
cp_min: 1
cp_max: 5
{% endif %}
## Logging #
#
log:
# Specify a Python logging 'dictConfig', as described at:
# https://docs.python.org/3.7/library/logging.config.html#logging.config.dictConfig
#
setup:
version: 1
formatters:
normal:
format: "%(asctime)s [%(process)d] %(levelname)-5s %(name)s %(message)s"
handlers:
# This handler prints to Standard Error
#
stderr:
class: "logging.StreamHandler"
formatter: "normal"
stream: "ext://sys.stderr"
# This handler prints to Standard Output.
#
stdout:
class: "logging.StreamHandler"
formatter: "normal"
stream: "ext://sys.stdout"
# This handler demonstrates logging to a text file on the filesystem.
# You can use logrotate(8) to perform log rotation.
#
#file:
# class: "logging.handlers.WatchedFileHandler"
# formatter: "normal"
# filename: "./sygnal.log"
loggers:
# sygnal.access contains the access logging lines.
# Comment out this section if you don't want to give access logging
# any special treatment.
#
sygnal.access:
propagate: false
handlers: ["stdout"]
level: "INFO"
# sygnal contains log lines from Sygnal itself.
# You can comment out this section to fall back to the root logger.
#
sygnal:
propagate: false
handlers: ["stderr"]
root:
# Specify the handler(s) to send log messages to.
handlers: ["stderr"]
level: "INFO"
disable_existing_loggers: false
access:
# Specify whether or not to trust the IP address in the `X-Forwarded-For`
# header. In general, you want to enable this if and only if you are using a
# reverse proxy which is configured to emit it.
#
x_forwarded_for: true
## HTTP Server (Matrix Push Gateway API) #
#
http:
# Specify a list of interface addresses to bind to.
#
# This example listens on the IPv4 loopback device:
#bind_addresses: ['127.0.0.1']
# This example listens on all IPv4 interfaces:
#bind_addresses: ['0.0.0.0']
# This example listens on all IPv4 and IPv6 interfaces:
#bind_addresses: ['0.0.0.0', '::']
bind_addresses: ['::']
# Specify the port number to listen on.
#
port: 6000
## Proxying for outgoing connections #
#
# Specify the URL of a proxy to use for outgoing traffic
# (e.g. to Apple & Google) if desired.
# Currently only HTTP proxies with CONNECT capability are supported.
#
# If you do not specify a value, the `HTTPS_PROXY` environment variable will
# be used if present. Otherwise, no proxy will be used.
#
# Default is unspecified.
#
#proxy: 'http://user:secret@prox:8080'
## Metrics #
#
metrics:
## Prometheus #
#
prometheus:
# Specify whether or not to enable Prometheus.
#
enabled: false
# Specify an address for the Prometheus HTTP Server to listen on.
#
address: '0.0.0.0'
# Specify a port for the Prometheus HTTP Server to listen on.
#
port: 8000
## OpenTracing #
#
opentracing:
# Specify whether or not to enable OpenTracing.
#
enabled: false
# Specify an implementation of OpenTracing to use. Currently only 'jaeger'
# is supported.
#
implementation: jaeger
# Specify the service name to be reported to the tracer.
#
service_name: sygnal
# Specify configuration values to pass to jaeger_client.
#
jaeger:
sampler:
type: 'const'
param: 1
# local_agent:
# reporting_host: '127.0.0.1'
# reporting_port:
logging: true
## Sentry #
#
sentry:
# Specify whether or not to enable Sentry.
#
enabled: false
# Specify your Sentry DSN if you enable Sentry
#
#dsn: "https://<key>@sentry.example.org/<project>"
## Pushkins/Apps #
#
# Add a section for every push application here.
# Specify the pushkey for the application and also the type.
# For the type, you may specify a fully-qualified Python classname if desired.
#
#apps:
# This is an example APNs push configuration
#
#com.example.myapp.ios:
# type: apns
#
# # Authentication
# #
# # Two methods of authentication to APNs are currently supported.
# #
# # You can authenticate using a key:
# keyfile: my_key.p8
# key_id: MY_KEY_ID
# team_id: MY_TEAM_ID
# topic: MY_TOPIC
#
# # Or, a certificate can be used instead:
# certfile: com.example.myApp_prod_APNS.pem
#
# # This is the maximum number of in-flight requests *for this pushkin*
# # before additional notifications will be failed.
# # (This is a robustness measure to prevent one pushkin stacking up with
# # queued requests and saturating the inbound connection queue of a load
# # balancer or reverse proxy).
# # Defaults to 512 if unset.
# #
# #inflight_request_limit: 512
#
# # Specifies whether to use the production or sandbox APNs server. Note that
# # sandbox tokens should only be used with the sandbox server and vice versa.
# #
# # Valid options are:
# # * production
# # * sandbox
# #
# # The default is 'production'. Uncomment to use the sandbox instance.
# #platform: sandbox
# This is an example GCM/FCM push configuration.
#
#com.example.myapp.android:
# type: gcm
# api_key: your_api_key_for_gcm
#
# # This is the maximum number of connections to GCM servers at any one time
# # the default is 20.
# #max_connections: 20
#
# # This is the maximum number of in-flight requests *for this pushkin*
# # before additional notifications will be failed.
# # (This is a robustness measure to prevent one pushkin stacking up with
# # queued requests and saturating the inbound connection queue of a load
# # balancer or reverse proxy).
# # Defaults to 512 if unset.
# #
# #inflight_request_limit: 512
#
# # This allows you to specify additional options to send to Firebase.
# #
# # Of particular interest, admins who wish to support iOS apps using Firebase
# # probably wish to set content_available, and may need to set mutable_content.
# # (content_available allows your iOS app to be woken up by data messages,
# # and mutable_content allows your notification to be modified by a
# # Notification Service app extension).
# #
# # See https://firebase.google.com/docs/cloud-messaging/http-server-ref
# # for the exhaustive list of valid options.
# #
# # Do not specify `data`, `priority`, `to` or `registration_ids` as they may
# # be overwritten or lead to an invalid request.
# #
# #fcm_options:
# # content_available: true
# # mutable_content: true
apps: {{ matrix_sygnal_apps|to_json }}

View file

@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Sygnal
{% for service in matrix_sygnal_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_sygnal_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--env=SYGNAL_CONF=/config/sygnal.yaml \
--network={{ matrix_docker_network }} \
{% if matrix_sygnal_container_http_host_bind_port %}
-p {{ matrix_sygnal_container_http_host_bind_port }}:6000 \
{% endif %}
--mount type=bind,src={{ matrix_sygnal_config_path }},dst=/config \
--mount type=bind,src={{ matrix_sygnal_data_path }},dst=/data \
{% for arg in matrix_sygnal_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_sygnal_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-sygnal
[Install]
WantedBy=multi-user.target

View file

@ -46,6 +46,7 @@
- matrix-dimension
- matrix-etherpad
- matrix-email2matrix
- matrix-sygnal
- matrix-nginx-proxy
- matrix-coturn
- matrix-aux