As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
69 lines
2.4 KiB
YAML
69 lines
2.4 KiB
YAML
---
|
|
|
|
#
|
|
# Tasks related to setting up matrix-corporal
|
|
#
|
|
|
|
- name: Fail if Shared Secret Auth extension not enabled
|
|
fail:
|
|
msg: "To use matrix-corporal, you need to enable the Shared Secret Auth module for Synapse (see matrix_synapse_ext_password_provider_shared_secret_auth_enabled)"
|
|
when: "matrix_corporal_enabled and not matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
|
|
|
- name: Fail if HTTP API enabled, but no token set
|
|
fail:
|
|
msg: "The Matrix Corporal HTTP API is enabled, but no auth token has been set in matrix_corporal_http_api_auth_token"
|
|
when: "matrix_corporal_enabled and matrix_corporal_http_api_enabled and matrix_corporal_http_api_auth_token == ''"
|
|
|
|
- name: Fail if policy provider configuration not set
|
|
fail:
|
|
msg: "The Matrix Corporal policy provider configuration has not been set in matrix_corporal_policy_provider_config"
|
|
when: "matrix_corporal_enabled and matrix_corporal_policy_provider_config == ''"
|
|
|
|
# There are some additional initialization tasks in setup_corporal_overrides.yml,
|
|
# which need to always run, no matter what tag the playbook is running with.
|
|
|
|
- name: Ensure Matrix Corporal paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
with_items:
|
|
- "{{ matrix_corporal_config_dir_path }}"
|
|
- "{{ matrix_corporal_cache_dir_path }}"
|
|
- "{{ matrix_corporal_var_dir_path }}"
|
|
when: "matrix_corporal_enabled"
|
|
|
|
- name: Ensure Matrix Corporal Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_corporal_docker_image }}"
|
|
when: "matrix_corporal_enabled"
|
|
|
|
- name: Ensure Matrix Corporal config installed
|
|
template:
|
|
src: "{{ role_path }}/templates/config.json.j2"
|
|
dest: "{{ matrix_corporal_config_dir_path }}/config.json"
|
|
mode: 0644
|
|
when: "matrix_corporal_enabled"
|
|
|
|
- name: Ensure matrix-corporal.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2"
|
|
dest: "/etc/systemd/system/matrix-corporal.service"
|
|
mode: 0644
|
|
when: "matrix_corporal_enabled"
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-corporal (if it was previously enabled)
|
|
#
|
|
|
|
- name: Ensure matrix-corporal files don't exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
when: "not matrix_corporal_enabled"
|
|
with_items:
|
|
- /etc/systemd/system/matrix-corporal.service
|
|
- "{{ matrix_corporal_config_dir_path }}/config.json"
|