diff --git a/README.md b/README.md index 620c4e1f..f323e9bd 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,8 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM - this one **can be re-ran many times** without causing trouble +- works on both **CentOS** (7.0+) and Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+) + - this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable - this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you @@ -50,7 +52,7 @@ Special thanks goes to: ## Prerequisites -- **CentOS server** with no services running on port 80/443 (making this run on non-CentOS servers should be possible in the future) +- **CentOS** (7.0+), **Debian** (9/Stretch+) or **Ubuntu** (16.04+) server with no services running on port 80/443 - the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you diff --git a/roles/matrix-server/tasks/setup_base.yml b/roles/matrix-server/tasks/setup_base.yml index 1caa89e5..99065a37 100644 --- a/roles/matrix-server/tasks/setup_base.yml +++ b/roles/matrix-server/tasks/setup_base.yml @@ -17,7 +17,7 @@ key: https://download.docker.com/linux/centos/gpg when: ansible_distribution == 'CentOS' -- name: Ensure yum packages are installed (base) +- name: Ensure yum packages are installed (CentOS) yum: name="{{ item }}" state=latest update_cache=yes with_items: - bash-completion @@ -27,14 +27,54 @@ - ntp when: ansible_distribution == 'CentOS' +- name: Ensure APT usage dependencies are installed (Debian) + apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: + - apt-transport-https + - ca-certificates + when: ansible_os_family == 'Debian' + +- name: Ensure Docker's APT key is trusted (Debian) + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + state: present + register: add_repository_key + ignore_errors: true + when: ansible_os_family == 'Debian' + +- name: Ensure Docker repository is enabled (Debian) + apt_repository: + repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" + state: present + update_cache: yes + when: ansible_os_family == 'Debian' + +- name: Ensure APT packages are installed (Debian) + apt: name="{{ item }}" state=latest update_cache=yes + with_items: + - bash-completion + - docker-ce + - python-docker + - ntp + when: ansible_os_family == 'Debian' + - name: Ensure firewalld is started and autoruns service: name=firewalld state=started enabled=yes + when: ansible_os_family == 'RedHat' - name: Ensure Docker is started and autoruns service: name=docker state=started enabled=yes - name: Ensure ntpd is started and autoruns - service: name=ntpd state=started enabled=yes + service: + name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}" + state: started + enabled: yes - name: Ensure SELinux disabled selinux: state=disabled + when: ansible_os_family == 'RedHat' \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup_nginx_proxy.yml b/roles/matrix-server/tasks/setup_nginx_proxy.yml index 307d8a24..1839684d 100644 --- a/roles/matrix-server/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-server/tasks/setup_nginx_proxy.yml @@ -33,6 +33,7 @@ with_items: - "http" - "https" + when: ansible_os_family == 'RedHat' - name: Ensure matrix-nginx-proxy.service installed template: diff --git a/roles/matrix-server/tasks/setup_ssl.yml b/roles/matrix-server/tasks/setup_ssl.yml index 1b4bf043..c9b7afe0 100644 --- a/roles/matrix-server/tasks/setup_ssl.yml +++ b/roles/matrix-server/tasks/setup_ssl.yml @@ -9,6 +9,7 @@ with_items: - http - https + when: ansible_os_family == 'RedHat' - name: Ensure acmetool Docker image is pulled docker_image: diff --git a/roles/matrix-server/tasks/setup_synapse.yml b/roles/matrix-server/tasks/setup_synapse.yml index 64cae5fb..bd5ddc7b 100644 --- a/roles/matrix-server/tasks/setup_synapse.yml +++ b/roles/matrix-server/tasks/setup_synapse.yml @@ -136,6 +136,7 @@ - '3478/tcp' # STUN - '3478/udp' # STUN - "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN + when: ansible_os_family == 'RedHat' - name: Ensure matrix-synapse.service installed template: diff --git a/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 b/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 index 6690a1fe..fd755d36 100644 --- a/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 @@ -15,7 +15,7 @@ Requires=matrix-s3fs.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-synapse ExecStartPre=-/usr/bin/docker rm matrix-synapse -ExecStartPre=-/usr/bin/chown {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R +ExecStartPre=-{{ '/usr/bin/chown' if ansible_os_family == 'RedHat' else '/bin/chown' }} {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ {% if not matrix_postgres_use_external %} --link matrix-postgres:{{ matrix_postgres_connection_hostname }} \