Newer
Older
include_role:
name: certificate
vars:
domains: ["{{ matrix_domain }}"]
when: 'matrix_domain is defined'
- name: Install packages
- coturn
- freetype2
- gcc
- git
- jemalloc
- libffi
- libjpeg-turbo
- libtiff
- libwebp
- libxslt
- libzip
- make
- npm
- openssl
- pkgconf
- postgresql-libs
- python
- name: Add synapse group
group: name=synapse system=yes gid=198
- name: Add synapse user
user: name=synapse system=yes uid=198 group=synapse home=/var/lib/synapse shell=/bin/false createhome=no
- name: Create synapse home
file: path={{ item }} state=directory owner=synapse group=synapse mode=0700
with_items:
- /var/lib/synapse
- /var/lib/synapse/media_store
- /var/lib/synapse/draupnir-data
- /var/lib/synapse/pantalaimon-data
- name: Make virtualenvs
command: 'python -m venv {{ item }}'
args:
creates: '{{ item }}/bin/python'
become: true
become_user: synapse
become_method: ansible.builtin.sudo
with_items:
- /var/lib/synapse/venv
- /var/lib/synapse/venv-pantalaimon
- name: Update virtualenvs
pip:
name:
- pip
- wheel
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: '{{ item }}'
become_user: synapse
become_method: ansible.builtin.sudo
with_items:
- /var/lib/synapse/venv
- /var/lib/synapse/venv-pantalaimon
- name: Install synapse
pip:
name:
- 'matrix-synapse[postgres,oidc,systemd,url-preview,redis,user-search]==1.111.0'
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: /var/lib/synapse/venv
become_user: synapse
become_method: ansible.builtin.sudo
- name: Install pantalaimon
pip:
name:
Jan Alexander Steffens (heftig)
committed
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
- 'aiofiles==23.2.1'
- 'aiohttp==3.9.5'
- 'aiohttp-socks==0.7.1'
- 'aiosignal==1.3.1'
- 'appdirs==1.4.4'
- 'async-timeout==4.0.3'
- 'atomicwrites==1.4.1'
- 'attrs==23.2.0'
- 'cachetools==4.2.4'
- 'cffi==1.16.0'
- 'click==8.1.7'
- 'cryptography==42.0.7'
- 'frozenlist==1.4.1'
- 'future==0.18.3'
- 'h11==0.14.0'
- 'h2==4.1.0'
- 'hpack==4.0.0'
- 'hyperframe==6.0.1'
- 'idna==3.7'
- 'janus==1.0.0'
- 'jaraco.classes==3.4.0'
- 'jaraco.context==5.3.0'
- 'jaraco.functools==4.0.1'
- 'jeepney==0.8.0'
- 'jsonschema==4.22.0'
- 'jsonschema-specifications==2023.12.1'
- 'keyring==25.2.1'
- 'Logbook==1.7.0.post0'
- 'matrix-nio==0.22.0'
- 'more-itertools==10.2.0'
- 'multidict==6.0.5'
- 'pantalaimon==0.10.5'
Jan Alexander Steffens (heftig)
committed
- 'peewee==3.17.5'
- 'prompt-toolkit==3.0.43'
- 'pycparser==2.22'
- 'pycryptodome==3.20.0'
- 'python-olm==3.2.16'
- 'python-socks==2.4.4'
- 'referencing==0.35.1'
- 'rpds-py==0.18.1'
- 'SecretStorage==3.3.3'
- 'typing_extensions==4.11.0'
- 'unpaddedbase64==2.1.0'
- 'wcwidth==0.2.13'
- 'wheel==0.43.0'
- 'yarl==1.9.4'
state: latest
Jan Alexander Steffens (heftig)
committed
extra_args: '--upgrade-strategy=eager --no-deps'
virtualenv: /var/lib/synapse/venv-pantalaimon
become_user: synapse
become_method: ansible.builtin.sudo
- Restart pantalaimon
- name: Download draupnir
repo: https://github.com/the-draupnir-project/Draupnir
dest: /var/lib/synapse/draupnir
version: v1.87.0
become_user: synapse
become_method: ansible.builtin.sudo
register: draupnir_git
- Restart draupnir
- name: Install draupnir
community.general.yarn:
path: /var/lib/synapse/draupnir
become_user: synapse
become_method: ansible.builtin.sudo
when: draupnir_git.changed
- name: Build draupnir # noqa no-changed-when
command: yarn build
args:
chdir: /var/lib/synapse/draupnir
become: true
become_user: synapse
become_method: ansible.builtin.sudo
when: draupnir_git.changed
- name: Install draupnir antispam module
pip:
name:
- /var/lib/synapse/draupnir/synapse_antispam
Jan Alexander Steffens (heftig)
committed
state: latest
virtualenv: /var/lib/synapse/venv
become_user: synapse
become_method: ansible.builtin.sudo
when: synapse_pip.changed or draupnir_git.changed
notify:
- Restart synapse
- name: Download matrix-appservice-irc
repo: https://github.com/matrix-org/matrix-appservice-irc
dest: /var/lib/synapse/matrix-appservice-irc
become_user: synapse
become_method: ansible.builtin.sudo
register: irc_git
- Restart matrix-appservice-irc
- name: Install matrix-appservice-irc
community.general.yarn:
path: /var/lib/synapse/matrix-appservice-irc
become: true
become_user: synapse
become_method: ansible.builtin.sudo
when: irc_git.changed
- name: Build matrix-appservice-irc # noqa no-changed-when
command: yarn build
args:
chdir: /var/lib/synapse/matrix-appservice-irc
become_user: synapse
become_method: ansible.builtin.sudo
when: irc_git.changed
- name: Install pg_hba.conf
copy: src=pg_hba.conf dest=/var/lib/postgres/data/pg_hba.conf owner=postgres group=postgres mode=0600
notify:
- Restart postgres
- name: Add synapse postgres db
postgresql_db: db=synapse lc_collate=C lc_ctype=C template=template0
become_user: postgres
become_method: ansible.builtin.su
- name: Add synapse postgres user
postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
become_user: postgres
become_method: ansible.builtin.su
- name: Add irc postgres db
postgresql_db: db=irc
become_user: postgres
become_method: ansible.builtin.su
- name: Create synapse config dir
file: path={{ item }} state=directory owner=root group=synapse mode=0750
with_items:
- /etc/synapse
- name: Install homeserver config
template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
notify:
- Restart synapse
- name: Install static config
copy: src={{ item }} dest=/etc/synapse/{{ item }} owner=root group=root mode=0644
with_items:
- log_config.yaml
- worker-appservice.yaml
- worker-federation_reader.yaml
- worker-federation_sender.yaml
- worker-media_repository.yaml
notify:
- Restart synapse
- name: Install pantalaimon config
template: src=pantalaimon.conf.j2 dest=/etc/synapse/pantalaimon.conf owner=root group=synapse mode=0644
notify:
- Restart pantalaimon
- name: Install draupnir config
template: src=draupnir.yaml.j2 dest=/etc/synapse/draupnir.yaml owner=root group=synapse mode=0640
- Restart draupnir
- name: Install irc-bridge config
template: src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640
notify:
- Restart matrix-appservice-irc
- name: Install irc-bridge registration
template: src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640
notify:
- Restart synapse
- name: Install signing key # noqa template-instead-of-copy
content: '{{ vault_matrix_secrets.signing_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.signing.key
owner: root
group: synapse
- name: Install ircpass key # noqa template-instead-of-copy
content: '{{ vault_matrix_secrets.ircpass_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
owner: root
group: synapse
- name: Make nginx log dir
file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/matrix.conf owner=root group=root mode=0640
notify:
when: 'matrix_domain is defined'
- name: Install turnserver.conf
template: src=turnserver.conf.j2 dest=/etc/turnserver/turnserver.conf owner=turnserver group=turnserver mode=0600
notify:
- Restart turnserver
- name: Install turnserver cert renewal hook
copy: src=letsencrypt.hook.d dest=/etc/letsencrypt/hook.d/turnserver owner=root group=root mode=0755
- name: Install synapse units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- synapse.service
- synapse-worker@.service
notify:
- Restart synapse
- name: Install pantalaimon units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- pantalaimon.service
notify:
- Restart pantalaimon
- name: Install draupnir units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- draupnir.service
- Restart draupnir
- name: Install matrix-appservice-irc units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- matrix-appservice-irc.service
- Restart matrix-appservice-irc
- name: Install turnserver unit snippet
copy: src=turnserver.service.d dest=/etc/systemd/system/turnserver.service.d/override.conf owner=root group=root mode=0644
notify:
- Restart turnserver
- name: Enable units
service: name={{ item }} enabled=yes
with_items:
- synapse.service
- synapse-worker@appservice.service
- synapse-worker@federation_reader.service
- synapse-worker@federation_sender.service
- synapse-worker@media_repository.service
- pantalaimon.service
- draupnir.service
- matrix-appservice-irc.service
- turnserver.service
- name: Open firewall holes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
# synapse's identd
# turnserver
- 2410-2411/tcp
- 2410-2411/udp
- 2420-2421/tcp
- 2420-2421/udp
- 33000-33999/udp
when: configure_firewall
tags: