synapse: Add Synapse templates, ferm and variables - ansible-debops-infrastructure - DebOps and Ansible scripts to manage my infrastructure

commit a6cb4650145202621b7779c7aa233c51dbb9a52e
parent 89f3faa1d1c2e2a8a5c5a5fa894d82c3d60c9344
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Tue,  5 Nov 2019 23:40:09 +0200

synapse: Add Synapse templates, ferm and variables

Diffstat:
ansible/inventory/group_vars/synapse/apt_install.yml  | 4 ++++
ansible/inventory/group_vars/synapse/ferm.yml  | 11 +++++++++++
ansible/playbooks/synapse.yml  | 4 +++-
ansible/roles/synapse/defaults/main.yml  | 23 +++++++++++++++++++++--
ansible/roles/synapse/tasks/main.yml  | 10 ++++++++++
ansible/roles/synapse/templates/homeserver.yaml.j2  | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ansible/roles/synapse/templates/server_name.yaml.j2  | 2 ++

7 files changed, 119 insertions(+), 3 deletions(-)
diff --git a/ansible/inventory/group_vars/synapse/apt_install.yml b/ansible/inventory/group_vars/synapse/apt_install.yml
@@ -0,0 +1,3 @@
+---
+
+apt_install__group_packages: ['matrix-synapse-py3']+
\ No newline at end of file
diff --git a/ansible/inventory/group_vars/synapse/ferm.yml b/ansible/inventory/group_vars/synapse/ferm.yml
@@ -0,0 +1,11 @@
+---
+
+ferm__group_rules:
+  - type: 'accept'
+    filename: 'Synapse'
+    name: 'synapse'
+    table: 'filter'
+    chain: 'INPUT'
+    dport: ['{{ synapse__port }}', '{{ synapse__metrics_port }}']
+    protocol: 'tcp'
+    domain: 'ip'
diff --git a/ansible/playbooks/synapse.yml b/ansible/playbooks/synapse.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Manage Synapse server (Matrix)
-  hosts: [ 'matrix' ]
+  hosts: [ 'synapse' ]
   become: True
 
   environment: '{{ inventory__environment | d({})
@@ -10,6 +10,8 @@
 
   roles:
 
+    - role: debops.secret
+
     - role: debops.keyring
       tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
       keyring__dependent_apt_keys:
diff --git a/ansible/roles/synapse/defaults/main.yml b/ansible/roles/synapse/defaults/main.yml
@@ -4,4 +4,24 @@ synapse__keyring__dependent_apt_keys:
   - id: AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058
     url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg'
     repo: 'deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main'
-    state: 'present'-
\ No newline at end of file
+    state: 'present'
+
+synapse__port: 8008
+
+synapse__bind_addresses: ['127.0.0.1']
+
+synapse__metrics_port: 9666
+
+synapse__metrics_bind_addresses: ['127.0.0.1']
+
+synapse__user_ips_max_age: '1d'
+
+synapse__max_upload_size: '10M'
+
+synapse__database: 'synapse'
+synapse__database_user: 'synapse'
+synapse__database_password: ''
+synapse__database_host: '127.0.0.1'
+
+synapse__enable_registration: 'false'
+synapse__enable_3pid_lookup: 'false'
diff --git a/ansible/roles/synapse/tasks/main.yml b/ansible/roles/synapse/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Setup Synapse configuration files
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - { src: "homeserver.yaml.j2", dest: "/etc/matrix-synapse/homeserver.yaml" }
+    - { src: "server_name.yaml.j2", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" }
+  tags: ["synapse::configure"]
diff --git a/ansible/roles/synapse/templates/homeserver.yaml.j2 b/ansible/roles/synapse/templates/homeserver.yaml.j2
@@ -0,0 +1,68 @@
+pid_file: "/var/run/matrix-synapse.pid"
+
+allow_public_rooms_without_auth: false
+
+allow_public_rooms_over_federation: false
+
+federation_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'
+
+listeners:
+  - port: {{ synapse__port }}
+    tls: false
+    type: http
+    x_forwarded: true
+    bind_addresses: [{{"'" + (synapse__bind_addresses)|join("', ") + "'"}}]
+    resources:
+      - names: [client, federation]
+        compress: true
+
+  - port: {{ synapse__metrics_port }}
+    type: metrics
+    bind_addresses: [{{"'" + (synapse__metrics_bind_addresses)|join("', '") + "'"}}]
+
+user_ips_max_age: "{{ synapse__user_ips_max_age }}"
+
+database:
+  name: "psycopg2"
+  args:
+    user: "{{ synapse__database_user }}"
+    database: "{{ synapse__database }}"
+    password: "{{ synapse__database_password }}"
+    host: "{{ synapse__database_host }}"
+    cp_min: 5
+    cp_max: 10
+
+log_config: "/etc/matrix-synapse/log.yaml"
+
+media_store_path: "/var/lib/matrix-synapse/media"
+
+uploads_path: "/var/lib/matrix-synapse/uploads"
+
+max_upload_size: "{{ synapse__max_upload_size }}"
+
+dynamic_thumbnails: false
+
+enable_registration: "{{ synapse__enable_registration }}"
+
+enable_3pid_lookup: "{{ synapse__enable_3pid_lookup }}"
+
+allow_guest_access: false
+
+enable_metrics: true
+
+signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
+
+trusted_key_servers:
+  - server_name: "matrix.org"
+
+password_config:
+   enabled: true
diff --git a/ansible/roles/synapse/templates/server_name.yaml.j2 b/ansible/roles/synapse/templates/server_name.yaml.j2
@@ -0,0 +1 @@
+server_name: "{{ synapse__server_name }}"+
\ No newline at end of file

	ansible-debops-infrastructure DebOps and Ansible scripts to manage my infrastructure
	git clone git://git.erethon.com/ansible-debops-infrastructure
	Log \| Files \| Refs

ansible/inventory/group_vars/synapse/apt_install.yml	\|	4	++++
ansible/inventory/group_vars/synapse/ferm.yml	\|	11	+++++++++++
ansible/playbooks/synapse.yml	\|	4	+++-
ansible/roles/synapse/defaults/main.yml	\|	23	+++++++++++++++++++++--
ansible/roles/synapse/tasks/main.yml	\|	10	++++++++++
ansible/roles/synapse/templates/homeserver.yaml.j2	\|	68	++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ansible/roles/synapse/templates/server_name.yaml.j2	\|	2	++