commit a6cb4650145202621b7779c7aa233c51dbb9a52e
parent 89f3faa1d1c2e2a8a5c5a5fa894d82c3d60c9344
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date: Tue, 5 Nov 2019 23:40:09 +0200
synapse: Add Synapse templates, ferm and variables
Diffstat:
7 files changed, 119 insertions(+), 3 deletions(-)
diff --git a/ansible/inventory/group_vars/synapse/apt_install.yml b/ansible/inventory/group_vars/synapse/apt_install.yml
@@ -0,0 +1,3 @@
+---
+
+apt_install__group_packages: ['matrix-synapse-py3']+
\ No newline at end of file
diff --git a/ansible/inventory/group_vars/synapse/ferm.yml b/ansible/inventory/group_vars/synapse/ferm.yml
@@ -0,0 +1,11 @@
+---
+
+ferm__group_rules:
+ - type: 'accept'
+ filename: 'Synapse'
+ name: 'synapse'
+ table: 'filter'
+ chain: 'INPUT'
+ dport: ['{{ synapse__port }}', '{{ synapse__metrics_port }}']
+ protocol: 'tcp'
+ domain: 'ip'
diff --git a/ansible/playbooks/synapse.yml b/ansible/playbooks/synapse.yml
@@ -1,7 +1,7 @@
---
- name: Manage Synapse server (Matrix)
- hosts: [ 'matrix' ]
+ hosts: [ 'synapse' ]
become: True
environment: '{{ inventory__environment | d({})
@@ -10,6 +10,8 @@
roles:
+ - role: debops.secret
+
- role: debops.keyring
tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
keyring__dependent_apt_keys:
diff --git a/ansible/roles/synapse/defaults/main.yml b/ansible/roles/synapse/defaults/main.yml
@@ -4,4 +4,24 @@ synapse__keyring__dependent_apt_keys:
- id: AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058
url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg'
repo: 'deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main'
- state: 'present'-
\ No newline at end of file
+ state: 'present'
+
+synapse__port: 8008
+
+synapse__bind_addresses: ['127.0.0.1']
+
+synapse__metrics_port: 9666
+
+synapse__metrics_bind_addresses: ['127.0.0.1']
+
+synapse__user_ips_max_age: '1d'
+
+synapse__max_upload_size: '10M'
+
+synapse__database: 'synapse'
+synapse__database_user: 'synapse'
+synapse__database_password: ''
+synapse__database_host: '127.0.0.1'
+
+synapse__enable_registration: 'false'
+synapse__enable_3pid_lookup: 'false'
diff --git a/ansible/roles/synapse/tasks/main.yml b/ansible/roles/synapse/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Setup Synapse configuration files
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ with_items:
+ - { src: "homeserver.yaml.j2", dest: "/etc/matrix-synapse/homeserver.yaml" }
+ - { src: "server_name.yaml.j2", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" }
+ tags: ["synapse::configure"]
diff --git a/ansible/roles/synapse/templates/homeserver.yaml.j2 b/ansible/roles/synapse/templates/homeserver.yaml.j2
@@ -0,0 +1,68 @@
+pid_file: "/var/run/matrix-synapse.pid"
+
+allow_public_rooms_without_auth: false
+
+allow_public_rooms_over_federation: false
+
+federation_ip_range_blacklist:
+ - '127.0.0.0/8'
+ - '10.0.0.0/8'
+ - '172.16.0.0/12'
+ - '192.168.0.0/16'
+ - '100.64.0.0/10'
+ - '169.254.0.0/16'
+ - '::1/128'
+ - 'fe80::/64'
+ - 'fc00::/7'
+
+listeners:
+ - port: {{ synapse__port }}
+ tls: false
+ type: http
+ x_forwarded: true
+ bind_addresses: [{{"'" + (synapse__bind_addresses)|join("', ") + "'"}}]
+ resources:
+ - names: [client, federation]
+ compress: true
+
+ - port: {{ synapse__metrics_port }}
+ type: metrics
+ bind_addresses: [{{"'" + (synapse__metrics_bind_addresses)|join("', '") + "'"}}]
+
+user_ips_max_age: "{{ synapse__user_ips_max_age }}"
+
+database:
+ name: "psycopg2"
+ args:
+ user: "{{ synapse__database_user }}"
+ database: "{{ synapse__database }}"
+ password: "{{ synapse__database_password }}"
+ host: "{{ synapse__database_host }}"
+ cp_min: 5
+ cp_max: 10
+
+log_config: "/etc/matrix-synapse/log.yaml"
+
+media_store_path: "/var/lib/matrix-synapse/media"
+
+uploads_path: "/var/lib/matrix-synapse/uploads"
+
+max_upload_size: "{{ synapse__max_upload_size }}"
+
+dynamic_thumbnails: false
+
+enable_registration: "{{ synapse__enable_registration }}"
+
+enable_3pid_lookup: "{{ synapse__enable_3pid_lookup }}"
+
+allow_guest_access: false
+
+enable_metrics: true
+
+signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
+
+trusted_key_servers:
+ - server_name: "matrix.org"
+
+password_config:
+ enabled: true
diff --git a/ansible/roles/synapse/templates/server_name.yaml.j2 b/ansible/roles/synapse/templates/server_name.yaml.j2
@@ -0,0 +1 @@
+server_name: "{{ synapse__server_name }}"+
\ No newline at end of file