ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit a6cb4650145202621b7779c7aa233c51dbb9a52e
parent 89f3faa1d1c2e2a8a5c5a5fa894d82c3d60c9344
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Tue,  5 Nov 2019 23:40:09 +0200

synapse: Add Synapse templates, ferm and variables

Diffstat:
ansible/inventory/group_vars/synapse/apt_install.yml | 4++++
ansible/inventory/group_vars/synapse/ferm.yml | 11+++++++++++
ansible/playbooks/synapse.yml | 4+++-
ansible/roles/synapse/defaults/main.yml | 23+++++++++++++++++++++--
ansible/roles/synapse/tasks/main.yml | 10++++++++++
ansible/roles/synapse/templates/homeserver.yaml.j2 | 68++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ansible/roles/synapse/templates/server_name.yaml.j2 | 2++
7 files changed, 119 insertions(+), 3 deletions(-)

diff --git a/ansible/inventory/group_vars/synapse/apt_install.yml b/ansible/inventory/group_vars/synapse/apt_install.yml @@ -0,0 +1,3 @@ +--- + +apt_install__group_packages: ['matrix-synapse-py3']+ \ No newline at end of file diff --git a/ansible/inventory/group_vars/synapse/ferm.yml b/ansible/inventory/group_vars/synapse/ferm.yml @@ -0,0 +1,11 @@ +--- + +ferm__group_rules: + - type: 'accept' + filename: 'Synapse' + name: 'synapse' + table: 'filter' + chain: 'INPUT' + dport: ['{{ synapse__port }}', '{{ synapse__metrics_port }}'] + protocol: 'tcp' + domain: 'ip' diff --git a/ansible/playbooks/synapse.yml b/ansible/playbooks/synapse.yml @@ -1,7 +1,7 @@ --- - name: Manage Synapse server (Matrix) - hosts: [ 'matrix' ] + hosts: [ 'synapse' ] become: True environment: '{{ inventory__environment | d({}) @@ -10,6 +10,8 @@ roles: + - role: debops.secret + - role: debops.keyring tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ] keyring__dependent_apt_keys: diff --git a/ansible/roles/synapse/defaults/main.yml b/ansible/roles/synapse/defaults/main.yml @@ -4,4 +4,24 @@ synapse__keyring__dependent_apt_keys: - id: AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058 url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg' repo: 'deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main' - state: 'present'- \ No newline at end of file + state: 'present' + +synapse__port: 8008 + +synapse__bind_addresses: ['127.0.0.1'] + +synapse__metrics_port: 9666 + +synapse__metrics_bind_addresses: ['127.0.0.1'] + +synapse__user_ips_max_age: '1d' + +synapse__max_upload_size: '10M' + +synapse__database: 'synapse' +synapse__database_user: 'synapse' +synapse__database_password: '' +synapse__database_host: '127.0.0.1' + +synapse__enable_registration: 'false' +synapse__enable_3pid_lookup: 'false' diff --git a/ansible/roles/synapse/tasks/main.yml b/ansible/roles/synapse/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- name: Setup Synapse configuration files + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "homeserver.yaml.j2", dest: "/etc/matrix-synapse/homeserver.yaml" } + - { src: "server_name.yaml.j2", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" } + tags: ["synapse::configure"] diff --git a/ansible/roles/synapse/templates/homeserver.yaml.j2 b/ansible/roles/synapse/templates/homeserver.yaml.j2 @@ -0,0 +1,68 @@ +pid_file: "/var/run/matrix-synapse.pid" + +allow_public_rooms_without_auth: false + +allow_public_rooms_over_federation: false + +federation_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + +listeners: + - port: {{ synapse__port }} + tls: false + type: http + x_forwarded: true + bind_addresses: [{{"'" + (synapse__bind_addresses)|join("', ") + "'"}}] + resources: + - names: [client, federation] + compress: true + + - port: {{ synapse__metrics_port }} + type: metrics + bind_addresses: [{{"'" + (synapse__metrics_bind_addresses)|join("', '") + "'"}}] + +user_ips_max_age: "{{ synapse__user_ips_max_age }}" + +database: + name: "psycopg2" + args: + user: "{{ synapse__database_user }}" + database: "{{ synapse__database }}" + password: "{{ synapse__database_password }}" + host: "{{ synapse__database_host }}" + cp_min: 5 + cp_max: 10 + +log_config: "/etc/matrix-synapse/log.yaml" + +media_store_path: "/var/lib/matrix-synapse/media" + +uploads_path: "/var/lib/matrix-synapse/uploads" + +max_upload_size: "{{ synapse__max_upload_size }}" + +dynamic_thumbnails: false + +enable_registration: "{{ synapse__enable_registration }}" + +enable_3pid_lookup: "{{ synapse__enable_3pid_lookup }}" + +allow_guest_access: false + +enable_metrics: true + +signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" + +trusted_key_servers: + - server_name: "matrix.org" + +password_config: + enabled: true diff --git a/ansible/roles/synapse/templates/server_name.yaml.j2 b/ansible/roles/synapse/templates/server_name.yaml.j2 @@ -0,0 +1 @@ +server_name: "{{ synapse__server_name }}"+ \ No newline at end of file