Add Sygnal support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
This commit is contained in:
parent
54315505de
commit
9a0222fa47
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -1,3 +1,15 @@
|
|||
|
||||
# 2021-03-20
|
||||
|
||||
## Sygnal push gateway support
|
||||
|
||||
The playbook can now install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
|
||||
|
||||
This is only useful to people who develop/build their own Matrix client applications.
|
||||
|
||||
Additional details are available in our [Setting up Sygnal](docs/configuring-playbook-sygnal.md) docs.
|
||||
|
||||
|
||||
# 2021-03-16
|
||||
|
||||
## Go-NEB support
|
||||
|
|
|
@ -99,6 +99,8 @@ Using this playbook, you can get the following services configured on your serve
|
|||
|
||||
- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation
|
||||
|
||||
- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
|
||||
|
||||
Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
|
||||
|
||||
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
|
||||
|
|
|
@ -35,6 +35,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
|
|||
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `goneb` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `sygnal` (*) | - | - | - | `matrix.<your-domain>` |
|
||||
|
||||
## Subdomains setup
|
||||
|
||||
|
@ -51,6 +52,8 @@ The `stats.<your-domain>` subdomain may be necessary, because this playbook coul
|
|||
|
||||
The `goneb.<your-domain>` subdomain may be necessary, because this playbook could install the [Go-NEB](https://github.com/matrix-org/go-neb) bot. The installation of Go-NEB is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Go-NEB guide](configuring-playbook-bot-go-neb.md). If you do not wish to set up Go-NEB, feel free to skip the `goneb.<your-domain>` DNS record.
|
||||
|
||||
The `sygnal.<your-domain>` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.<your-domain>` DNS record.
|
||||
|
||||
|
||||
## `_matrix-identity._tcp` SRV record setup
|
||||
|
||||
|
|
71
docs/configuring-playbook-sygnal.md
Normal file
71
docs/configuring-playbook-sygnal.md
Normal file
|
@ -0,0 +1,71 @@
|
|||
# Setting up Sygnal (optional)
|
||||
|
||||
The playbook can install and configure the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
|
||||
|
||||
See the project's [documentation](https://github.com/matrix-org/sygnal) to learn what it does and why it might be useful to you.
|
||||
|
||||
**Note**: most people don't need to install their own gateway. As Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) documentation says:
|
||||
|
||||
> It is not feasible to allow end-users to configure their own Sygnal instance, because the Sygnal instance needs the appropriate FCM or APNs secrets that belong to the application.
|
||||
|
||||
This optional playbook component is only useful to people who develop/build their own Matrix client applications themselves.
|
||||
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
```yaml
|
||||
matrix_sygnal_enabled: true
|
||||
|
||||
# You need at least 1 app defined.
|
||||
# The configuration below is incomplete. Read more below.
|
||||
matrix_sygnal_apps:
|
||||
com.example.myapp.ios:
|
||||
type: apns
|
||||
keyfile: /data/my_key.p8
|
||||
# .. more configuration ..
|
||||
com.example.myapp.android:
|
||||
type: gcm
|
||||
api_key: your_api_key_for_gcm
|
||||
# .. more configuration ..
|
||||
|
||||
matrix_aux_file_definitions:
|
||||
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
||||
content: |
|
||||
some
|
||||
content
|
||||
here
|
||||
mode: '0600'
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
```
|
||||
|
||||
For a more complete example of available fields and values they can take, see `roles/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
|
||||
|
||||
Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.
|
||||
|
||||
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
||||
To do that, the above example configuration:
|
||||
|
||||
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
|
||||
|
||||
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Don't forget to add `sygnal.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To make use of your Sygnal installation, you'd need to build your own Matrix client application, which uses the same API keys (for [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/)) and certificates (for [APNS](https://developer.apple.com/notifications/)) and is also pointed to `https://sygnal.DOMAIN` as the configured push server.
|
||||
|
||||
Refer to Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) document.
|
|
@ -132,3 +132,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional)
|
||||
|
||||
- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (optional)
|
||||
|
||||
|
||||
### Other specialized services
|
||||
|
||||
- [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)
|
||||
|
|
|
@ -97,3 +97,5 @@ These services are not part of our default installation, but can be enabled by [
|
|||
- [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter/) - [Prometheus Node Exporter](https://github.com/prometheus/node_exporter/) is an addon for Prometheus that gathers standard system metrics
|
||||
|
||||
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
|
||||
|
||||
- [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix
|
||||
|
|
|
@ -1095,6 +1095,7 @@ matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
|
|||
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
|
||||
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
|
||||
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
|
||||
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||
|
@ -1169,6 +1170,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
|||
+
|
||||
([matrix_server_fqn_grafana] if matrix_grafana_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
|
||||
+
|
||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||
+
|
||||
matrix_ssl_additional_domains_to_obtain_certificates_for
|
||||
|
@ -1341,6 +1344,12 @@ matrix_postgres_additional_databases: |
|
|||
'username': matrix_etherpad_database_username,
|
||||
'password': matrix_etherpad_database_password,
|
||||
}] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
|
||||
+
|
||||
([{
|
||||
'name': matrix_sygnal_database_name,
|
||||
'username': matrix_sygnal_database_username,
|
||||
'password': matrix_sygnal_database_password,
|
||||
}] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else [])
|
||||
}}
|
||||
|
||||
matrix_postgres_import_roles_to_ignore: |
|
||||
|
@ -1365,6 +1374,32 @@ matrix_postgres_import_databases_to_ignore: |
|
|||
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-sygnal
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# Most people don't need their own push-server, because they also need their own app to utilize it from.
|
||||
matrix_sygnal_enabled: false
|
||||
|
||||
# If someone instals Prometheus via the playbook, they most likely wish to monitor Sygnal.
|
||||
matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}"
|
||||
|
||||
matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}"
|
||||
|
||||
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
|
||||
matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
|
||||
matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-sygnal
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-redis
|
||||
|
|
|
@ -27,6 +27,9 @@ matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
|||
# This is where you access Grafana.
|
||||
matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access the Sygnal push gateway.
|
||||
matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
|
||||
|
||||
matrix_federation_public_port: 8448
|
||||
|
||||
# The architecture that your server runs.
|
||||
|
|
|
@ -133,6 +133,10 @@ matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
|
|||
matrix_nginx_proxy_proxy_grafana_enabled: false
|
||||
matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
|
||||
|
||||
# Controls whether proxying the sygnal domain should be done.
|
||||
matrix_nginx_proxy_proxy_sygnal_enabled: false
|
||||
matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
|
||||
|
||||
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||
|
@ -250,6 +254,9 @@ matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
|
|||
# A list of strings containing additional configuration blocks to add to Grafana's server configuration (matrix-grafana.conf).
|
||||
matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf).
|
||||
matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
|
||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||
|
||||
|
|
|
@ -100,6 +100,13 @@
|
|||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_grafana_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for sygnal domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_sygnal_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
||||
|
@ -221,6 +228,12 @@
|
|||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_grafana_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options DENY;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-sygnal:6000";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:6000;
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-certbot:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$http_host$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
{{ render_vhost_directives() }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
server {
|
||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/privkey.pem;
|
||||
|
||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
|
||||
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||
{% endif %}
|
||||
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||
|
||||
{{ render_vhost_directives() }}
|
||||
}
|
||||
{% endif %}
|
95
roles/matrix-sygnal/defaults/main.yml
Normal file
95
roles/matrix-sygnal/defaults/main.yml
Normal file
|
@ -0,0 +1,95 @@
|
|||
# Sygnal is a reference Push Gateway for Matrix.
|
||||
# To make use of it for delivering push notificatins, you'll need to develop/build your own Matrix app.
|
||||
# Learn more here: https://github.com/matrix-org/sygnal
|
||||
matrix_sygnal_enabled: false
|
||||
|
||||
matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
|
||||
matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
|
||||
matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data"
|
||||
|
||||
matrix_sygnal_version: v0.9.0
|
||||
matrix_sygnal_docker_image: "docker.io/matrixdotorg/sygnal:{{ matrix_sygnal_version }}"
|
||||
matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"
|
||||
|
||||
# List of systemd services that matrix-sygnal.service depends on.
|
||||
matrix_sygnal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-sygnal.service wants
|
||||
matrix_sygnal_systemd_wanted_services_list: []
|
||||
|
||||
# Controls whether the matrix-sygnal container exposes its HTTP port (tcp/6000 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6000"), or empty string to not expose.
|
||||
matrix_sygnal_container_http_host_bind_port: ''
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_sygnal_container_extra_arguments: []
|
||||
|
||||
# Database-related configuration fields.
|
||||
#
|
||||
# To use SQLite, stick to these defaults.
|
||||
#
|
||||
# To use Postgres:
|
||||
# - change the engine (`matrix_sygnal_database_engine: 'postgres'`)
|
||||
# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables
|
||||
matrix_sygnal_database_engine: 'sqlite'
|
||||
|
||||
matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db"
|
||||
matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db"
|
||||
|
||||
matrix_sygnal_database_username: 'matrix_sygnal'
|
||||
matrix_sygnal_database_password: 'some-password'
|
||||
matrix_sygnal_database_hostname: 'matrix-postgres'
|
||||
matrix_sygnal_database_port: 5432
|
||||
matrix_sygnal_database_name: 'matrix_sygnal'
|
||||
|
||||
matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}'
|
||||
|
||||
# A map (dictionary) of apps instances that this server works with.
|
||||
#
|
||||
# Example configuration:
|
||||
#
|
||||
# matrix_sygnal_apps:
|
||||
# com.example.myapp.ios:
|
||||
# type: apns
|
||||
# # .. more configuration ..
|
||||
# com.example.myapp.android:
|
||||
# type: gcm
|
||||
# api_key: your_api_key_for_gcm
|
||||
# # .. more configuration ..
|
||||
#
|
||||
# The APNS configuration needs to reference some certificate files.
|
||||
# One can put these in the `matrix_sygnal_data_path` directory (`/matrix/sygnal/data`), mounted to `/data` in the container.
|
||||
# The `matrix_sygnal_apps` paths need to use the in-container path (`/data`).
|
||||
# To install these files via the playbook, one can use the `matrix-aux` role.
|
||||
# Examples and more details are available in `docs/configuring-playbook-sygnal.md`.
|
||||
matrix_sygnal_apps: []
|
||||
|
||||
matrix_sygnal_metrics_prometheus_enabled: false
|
||||
|
||||
# Default Sygnal configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_sygnal_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_sygnal_configuration_yaml: "{{ lookup('template', 'templates/sygnal.yaml.j2') }}"
|
||||
|
||||
matrix_sygnal_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for Sygnal goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_sygnal_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_sygnal_configuration_yaml`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
# metrics:
|
||||
# opentracing:
|
||||
# enabled: true
|
||||
|
||||
matrix_sygnal_configuration_extension: "{{ matrix_sygnal_configuration_extension_yaml|from_yaml if matrix_sygnal_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final sygnal configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_sygnal_configuration_yaml`.
|
||||
matrix_sygnal_configuration: "{{ matrix_sygnal_configuration_yaml|from_yaml|combine(matrix_sygnal_configuration_extension, recursive=True) }}"
|
3
roles/matrix-sygnal/tasks/init.yml
Normal file
3
roles/matrix-sygnal/tasks/init.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}"
|
||||
when: matrix_sygnal_enabled|bool
|
21
roles/matrix-sygnal/tasks/main.yml
Normal file
21
roles/matrix-sygnal/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-sygnal
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: run_setup|bool and matrix_sygnal_enabled|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-sygnal
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: run_setup|bool and not matrix_sygnal_enabled|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-sygnal
|
73
roles/matrix-sygnal/tasks/setup_install.yml
Normal file
73
roles/matrix-sygnal/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_sygnal_requires_restart: false
|
||||
|
||||
- block:
|
||||
- name: Check if an SQLite database already exists
|
||||
stat:
|
||||
path: "{{ matrix_sygnal_sqlite_database_path_local }}"
|
||||
register: matrix_sygnal_sqlite_database_path_local_stat_result
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
matrix_postgres_db_migration_request:
|
||||
src: "{{ matrix_sygnal_sqlite_database_path_local }}"
|
||||
dst: "{{ matrix_sygnal_database_connection_string }}"
|
||||
caller: "{{ role_path|basename }}"
|
||||
engine_variable_name: 'matrix_sygnal_database_engine'
|
||||
engine_old: 'sqlite'
|
||||
systemd_services_to_stop: ['matrix-sygnal.service']
|
||||
pgloader_options: ['--with "quote identifiers"']
|
||||
|
||||
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
|
||||
|
||||
- set_fact:
|
||||
matrix_sygnal_requires_restart: true
|
||||
when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool"
|
||||
when: "matrix_sygnal_database_engine == 'postgres'"
|
||||
|
||||
- name: Ensure Sygnal image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_sygnal_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}"
|
||||
|
||||
- name: Ensure Sygnal paths exists
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_sygnal_base_path }}"
|
||||
- "{{ matrix_sygnal_config_path }}"
|
||||
- "{{ matrix_sygnal_data_path }}"
|
||||
|
||||
- name: Ensure Sygnal config installed
|
||||
copy:
|
||||
content: "{{ matrix_sygnal_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml"
|
||||
mode: 0640
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-sygnal.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-sygnal.service"
|
||||
mode: 0644
|
||||
register: matrix_sygnal_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-sygnal.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_sygnal_systemd_service_result.changed|bool"
|
||||
|
||||
- name: Ensure matrix-sygnal.service restarted, if necessary
|
||||
service:
|
||||
name: "matrix-sygnal.service"
|
||||
state: restarted
|
||||
when: "matrix_sygnal_requires_restart|bool"
|
35
roles/matrix-sygnal/tasks/setup_uninstall.yml
Normal file
35
roles/matrix-sygnal/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-sygnal service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-sygnal.service"
|
||||
register: matrix_sygnal_service_stat
|
||||
|
||||
- name: Ensure matrix-sygnal is stopped
|
||||
service:
|
||||
name: matrix-sygnal
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "matrix_sygnal_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-sygnal.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-sygnal.service"
|
||||
state: absent
|
||||
when: "matrix_sygnal_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-sygnal.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_sygnal_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure Sygnal base directory doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_sygnal_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure Sygnal Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_sygnal_docker_image }}"
|
||||
state: absent
|
7
roles/matrix-sygnal/tasks/validate_config.yml
Normal file
7
roles/matrix-sygnal/tasks/validate_config.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
- name: Fail if no Sygnal apps defined
|
||||
fail:
|
||||
msg: >-
|
||||
Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps`
|
||||
with_items:
|
||||
- "matrix_sygnal_access_token"
|
||||
when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0"
|
288
roles/matrix-sygnal/templates/sygnal.yaml.j2
Normal file
288
roles/matrix-sygnal/templates/sygnal.yaml.j2
Normal file
|
@ -0,0 +1,288 @@
|
|||
##
|
||||
# This is a configuration for Sygnal, the reference Push Gateway for Matrix
|
||||
# See: matrix.org
|
||||
##
|
||||
|
||||
# The 'database' setting defines the database that sygnal uses to store all of
|
||||
# its data.
|
||||
#
|
||||
# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
|
||||
# 'psycopg2' (for PostgreSQL).
|
||||
#
|
||||
# 'args' gives options which are passed through to the database engine,
|
||||
# except for options starting 'cp_', which are used to configure the Twisted
|
||||
# connection pool. For a reference to valid arguments, see:
|
||||
# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
|
||||
# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
|
||||
# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
|
||||
#
|
||||
#
|
||||
# Example SQLite configuration:
|
||||
#
|
||||
#database:
|
||||
# name: sqlite3
|
||||
# args:
|
||||
# dbfile: /path/to/database.db
|
||||
#
|
||||
#
|
||||
# Example Postgres configuration:
|
||||
#
|
||||
#database:
|
||||
# name: psycopg2
|
||||
# args:
|
||||
# host: localhost
|
||||
# database: sygnal
|
||||
# user: sygnal
|
||||
# password: pass
|
||||
# cp_min: 1
|
||||
# cp_max: 5
|
||||
#
|
||||
{% if matrix_sygnal_database_engine == 'sqlite' %}
|
||||
database:
|
||||
name: sqlite3
|
||||
args:
|
||||
dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }}
|
||||
{% else %}
|
||||
database:
|
||||
name: psycopg2
|
||||
args:
|
||||
host: {{ matrix_sygnal_database_hostname|to_json }}
|
||||
database: {{ matrix_sygnal_database_name|to_json }}
|
||||
user: {{ matrix_sygnal_database_username|to_json }}
|
||||
password: {{ matrix_sygnal_database_password|to_json }}
|
||||
cp_min: 1
|
||||
cp_max: 5
|
||||
{% endif %}
|
||||
|
||||
## Logging #
|
||||
#
|
||||
log:
|
||||
# Specify a Python logging 'dictConfig', as described at:
|
||||
# https://docs.python.org/3.7/library/logging.config.html#logging.config.dictConfig
|
||||
#
|
||||
setup:
|
||||
version: 1
|
||||
formatters:
|
||||
normal:
|
||||
format: "%(asctime)s [%(process)d] %(levelname)-5s %(name)s %(message)s"
|
||||
handlers:
|
||||
# This handler prints to Standard Error
|
||||
#
|
||||
stderr:
|
||||
class: "logging.StreamHandler"
|
||||
formatter: "normal"
|
||||
stream: "ext://sys.stderr"
|
||||
|
||||
# This handler prints to Standard Output.
|
||||
#
|
||||
stdout:
|
||||
class: "logging.StreamHandler"
|
||||
formatter: "normal"
|
||||
stream: "ext://sys.stdout"
|
||||
|
||||
# This handler demonstrates logging to a text file on the filesystem.
|
||||
# You can use logrotate(8) to perform log rotation.
|
||||
#
|
||||
#file:
|
||||
# class: "logging.handlers.WatchedFileHandler"
|
||||
# formatter: "normal"
|
||||
# filename: "./sygnal.log"
|
||||
loggers:
|
||||
# sygnal.access contains the access logging lines.
|
||||
# Comment out this section if you don't want to give access logging
|
||||
# any special treatment.
|
||||
#
|
||||
sygnal.access:
|
||||
propagate: false
|
||||
handlers: ["stdout"]
|
||||
level: "INFO"
|
||||
|
||||
# sygnal contains log lines from Sygnal itself.
|
||||
# You can comment out this section to fall back to the root logger.
|
||||
#
|
||||
sygnal:
|
||||
propagate: false
|
||||
handlers: ["stderr"]
|
||||
|
||||
root:
|
||||
# Specify the handler(s) to send log messages to.
|
||||
handlers: ["stderr"]
|
||||
level: "INFO"
|
||||
|
||||
disable_existing_loggers: false
|
||||
|
||||
|
||||
access:
|
||||
# Specify whether or not to trust the IP address in the `X-Forwarded-For`
|
||||
# header. In general, you want to enable this if and only if you are using a
|
||||
# reverse proxy which is configured to emit it.
|
||||
#
|
||||
x_forwarded_for: true
|
||||
|
||||
## HTTP Server (Matrix Push Gateway API) #
|
||||
#
|
||||
http:
|
||||
# Specify a list of interface addresses to bind to.
|
||||
#
|
||||
# This example listens on the IPv4 loopback device:
|
||||
#bind_addresses: ['127.0.0.1']
|
||||
# This example listens on all IPv4 interfaces:
|
||||
#bind_addresses: ['0.0.0.0']
|
||||
# This example listens on all IPv4 and IPv6 interfaces:
|
||||
#bind_addresses: ['0.0.0.0', '::']
|
||||
bind_addresses: ['::']
|
||||
|
||||
# Specify the port number to listen on.
|
||||
#
|
||||
port: 6000
|
||||
|
||||
## Proxying for outgoing connections #
|
||||
#
|
||||
# Specify the URL of a proxy to use for outgoing traffic
|
||||
# (e.g. to Apple & Google) if desired.
|
||||
# Currently only HTTP proxies with CONNECT capability are supported.
|
||||
#
|
||||
# If you do not specify a value, the `HTTPS_PROXY` environment variable will
|
||||
# be used if present. Otherwise, no proxy will be used.
|
||||
#
|
||||
# Default is unspecified.
|
||||
#
|
||||
#proxy: 'http://user:secret@prox:8080'
|
||||
|
||||
## Metrics #
|
||||
#
|
||||
metrics:
|
||||
## Prometheus #
|
||||
#
|
||||
prometheus:
|
||||
# Specify whether or not to enable Prometheus.
|
||||
#
|
||||
enabled: false
|
||||
|
||||
# Specify an address for the Prometheus HTTP Server to listen on.
|
||||
#
|
||||
address: '0.0.0.0'
|
||||
|
||||
# Specify a port for the Prometheus HTTP Server to listen on.
|
||||
#
|
||||
port: 8000
|
||||
|
||||
## OpenTracing #
|
||||
#
|
||||
opentracing:
|
||||
# Specify whether or not to enable OpenTracing.
|
||||
#
|
||||
enabled: false
|
||||
|
||||
# Specify an implementation of OpenTracing to use. Currently only 'jaeger'
|
||||
# is supported.
|
||||
#
|
||||
implementation: jaeger
|
||||
|
||||
# Specify the service name to be reported to the tracer.
|
||||
#
|
||||
service_name: sygnal
|
||||
|
||||
# Specify configuration values to pass to jaeger_client.
|
||||
#
|
||||
jaeger:
|
||||
sampler:
|
||||
type: 'const'
|
||||
param: 1
|
||||
# local_agent:
|
||||
# reporting_host: '127.0.0.1'
|
||||
# reporting_port:
|
||||
logging: true
|
||||
|
||||
## Sentry #
|
||||
#
|
||||
sentry:
|
||||
# Specify whether or not to enable Sentry.
|
||||
#
|
||||
enabled: false
|
||||
|
||||
# Specify your Sentry DSN if you enable Sentry
|
||||
#
|
||||
#dsn: "https://<key>@sentry.example.org/<project>"
|
||||
|
||||
## Pushkins/Apps #
|
||||
#
|
||||
# Add a section for every push application here.
|
||||
# Specify the pushkey for the application and also the type.
|
||||
# For the type, you may specify a fully-qualified Python classname if desired.
|
||||
#
|
||||
#apps:
|
||||
# This is an example APNs push configuration
|
||||
#
|
||||
#com.example.myapp.ios:
|
||||
# type: apns
|
||||
#
|
||||
# # Authentication
|
||||
# #
|
||||
# # Two methods of authentication to APNs are currently supported.
|
||||
# #
|
||||
# # You can authenticate using a key:
|
||||
# keyfile: my_key.p8
|
||||
# key_id: MY_KEY_ID
|
||||
# team_id: MY_TEAM_ID
|
||||
# topic: MY_TOPIC
|
||||
#
|
||||
# # Or, a certificate can be used instead:
|
||||
# certfile: com.example.myApp_prod_APNS.pem
|
||||
#
|
||||
# # This is the maximum number of in-flight requests *for this pushkin*
|
||||
# # before additional notifications will be failed.
|
||||
# # (This is a robustness measure to prevent one pushkin stacking up with
|
||||
# # queued requests and saturating the inbound connection queue of a load
|
||||
# # balancer or reverse proxy).
|
||||
# # Defaults to 512 if unset.
|
||||
# #
|
||||
# #inflight_request_limit: 512
|
||||
#
|
||||
# # Specifies whether to use the production or sandbox APNs server. Note that
|
||||
# # sandbox tokens should only be used with the sandbox server and vice versa.
|
||||
# #
|
||||
# # Valid options are:
|
||||
# # * production
|
||||
# # * sandbox
|
||||
# #
|
||||
# # The default is 'production'. Uncomment to use the sandbox instance.
|
||||
# #platform: sandbox
|
||||
|
||||
# This is an example GCM/FCM push configuration.
|
||||
#
|
||||
#com.example.myapp.android:
|
||||
# type: gcm
|
||||
# api_key: your_api_key_for_gcm
|
||||
#
|
||||
# # This is the maximum number of connections to GCM servers at any one time
|
||||
# # the default is 20.
|
||||
# #max_connections: 20
|
||||
#
|
||||
# # This is the maximum number of in-flight requests *for this pushkin*
|
||||
# # before additional notifications will be failed.
|
||||
# # (This is a robustness measure to prevent one pushkin stacking up with
|
||||
# # queued requests and saturating the inbound connection queue of a load
|
||||
# # balancer or reverse proxy).
|
||||
# # Defaults to 512 if unset.
|
||||
# #
|
||||
# #inflight_request_limit: 512
|
||||
#
|
||||
# # This allows you to specify additional options to send to Firebase.
|
||||
# #
|
||||
# # Of particular interest, admins who wish to support iOS apps using Firebase
|
||||
# # probably wish to set content_available, and may need to set mutable_content.
|
||||
# # (content_available allows your iOS app to be woken up by data messages,
|
||||
# # and mutable_content allows your notification to be modified by a
|
||||
# # Notification Service app extension).
|
||||
# #
|
||||
# # See https://firebase.google.com/docs/cloud-messaging/http-server-ref
|
||||
# # for the exhaustive list of valid options.
|
||||
# #
|
||||
# # Do not specify `data`, `priority`, `to` or `registration_ids` as they may
|
||||
# # be overwritten or lead to an invalid request.
|
||||
# #
|
||||
# #fcm_options:
|
||||
# # content_available: true
|
||||
# # mutable_content: true
|
||||
apps: {{ matrix_sygnal_apps|to_json }}
|
|
@ -0,0 +1,42 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Sygnal
|
||||
{% for service in matrix_sygnal_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_sygnal_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null'
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null'
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--env=SYGNAL_CONF=/config/sygnal.yaml \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_sygnal_container_http_host_bind_port %}
|
||||
-p {{ matrix_sygnal_container_http_host_bind_port }}:6000 \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_sygnal_config_path }},dst=/config \
|
||||
--mount type=bind,src={{ matrix_sygnal_data_path }},dst=/data \
|
||||
{% for arg in matrix_sygnal_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_sygnal_docker_image }}
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-sygnal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue