pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup_synapse.yml
Slavi Pantaleev 839b401b28 Set up Synapse configuration using a template (not line/regexp replacements) 
Until now, we were starting from a fresh configuration, as generated
by Synapse and manipulating it with regex and line replacements,
until we made it work.

This is more fragile and less predictable, so we're moving to a static
configuration file generated from a Jinja template.

The upside is that configuration will be stable and predictable.

The downside of this new approach is that any manual configuration changes
after the playbook is done, will be thrown away on future playbook
invocations.

There are 2 ways to work around the need for manual configuration
changes though:
- making them part of this playbook and its default template
configuration files (which benefits everyone)
- going your own way for a given host and overriding the template files
that gets used (that is, the
`matrix_synapse_template_synapse_homeserver` or
`matrix_synapse_template_synapse_log` variables)
2018-06-26 21:05:59 +03:00

100 lines
3.3 KiB
YAML
Raw Blame History

---
- name: Fail if Macaroon key is missing
fail:
msg: "You need to set a secret in the matrix_synapse_macaroon_secret_key variable"
when: "matrix_synapse_macaroon_secret_key == ''"
- name: Ensure Matrix Synapse paths exists
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_synapse_config_dir_path }}"
- "{{ matrix_synapse_run_path }}"
- "{{ matrix_synapse_storage_path }}"
# We handle matrix_synapse_media_store_path below, not here,
# because if it's using S3fs and it's already mounted (from before),
# trying to chown/chmod it here will cause trouble.
# This will throw a Permission Denied error if already mounted using fuse
- name: Check Matrix Synapse media store path
stat: path="{{ matrix_synapse_media_store_path }}"
register: local_path_media_store_stat
ignore_errors: yes
# This is separate and conditional, to ensure we don't execute it
# if the path already exists or we failed to check, because it's mounted using fuse.
- name: Ensure Matrix media store path exists
file:
path: "{{ matrix_synapse_media_store_path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
- name: Ensure Matrix Docker image is pulled
docker_image:
name: "{{ docker_matrix_image }}"
- name: Check if a Matrix Synapse configuration exists
stat:
path: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
register: matrix_synapse_config_stat
# We do this mostly so that the keys would get generated.
# We'll replace the rest of the configuration with our own templates below.
- name: Generate initial Matrix config
docker_container:
name: matrix-config
image: "{{ docker_matrix_image }}"
detach: no
cleanup: yes
command: generate
env:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
SYNAPSE_SERVER_NAME: "{{ hostname_matrix }}"
SYNAPSE_REPORT_STATS: "no"
user: "{{ matrix_user_uid }}:{{ matrix_user_gid }}"
volumes:
- "{{ matrix_synapse_config_dir_path }}:/data"
when: "not matrix_synapse_config_stat.stat.exists"
- name: Ensure Matrix homeserver config installed
template:
src: "{{ matrix_synapse_template_synapse_homeserver }}"
dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
mode: 0644
- name: Ensure Matrix log config installed
template:
src: "{{ matrix_synapse_template_synapse_log }}"
dest: "{{ matrix_synapse_config_dir_path }}/{{ hostname_matrix }}.log.config"
mode: 0644
- name: Ensure matrix-synapse.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-synapse.service.j2"
dest: "/etc/systemd/system/matrix-synapse.service"
mode: 0644
- name: Ensure matrix-synapse-register-user script created
template:
src: "{{ role_path }}/templates/usr-local-bin/matrix-synapse-register-user.j2"
dest: "/usr/local/bin/matrix-synapse-register-user"
mode: 0750
- name: Allow access to Matrix ports in firewalld
firewalld:
port: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
with_items:
- '8448/tcp' # Matrix federation
when: ansible_os_family == 'RedHat'
Reference in a new issue View git blame Copy permalink