Newer
Older
- name: create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ matrix_domain }}"]
when: 'matrix_domain is defined'
- name: install packages
- coturn
- freetype2
- gcc
- git
- jemalloc
- libffi
- libjpeg-turbo
- libtiff
- libwebp
- libxslt
- libzip
- make
- npm
- openssl
- pkgconf
- postgresql-libs
- python
- python2
- name: add synapse group
group: name=synapse system=yes gid=198
- name: add synapse user
user: name=synapse system=yes uid=198 group=synapse home=/var/lib/synapse shell=/bin/false createhome=no
- name: create synapse home
file: path={{ item }} state=directory owner=synapse group=synapse mode=0700
with_items:
- /var/lib/synapse
- /var/lib/synapse/media_store
- /var/lib/synapse/mjolnir-data
- /var/lib/synapse/pantalaimon-data
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
- name: make virtualenvs
command: 'python -m venv {{ item }}'
args:
creates: '{{ item }}/bin/python'
become: true
become_user: synapse
become_method: sudo
with_items:
- /var/lib/synapse/venv
- /var/lib/synapse/venv-pantalaimon
- name: update virtualenvs
pip:
name:
- pip
- wheel
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: '{{ item }}'
become: yes
become_user: synapse
become_method: sudo
with_items:
- /var/lib/synapse/venv
- /var/lib/synapse/venv-pantalaimon
- name: install synapse
pip:
name:
- 'matrix-synapse[postgres,systemd,url_preview,redis]==1.26.0'
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: /var/lib/synapse/venv
become: yes
become_user: synapse
become_method: sudo
notify:
- restart synapse
- name: install pantalaimon
pip:
name:
- 'pantalaimon==0.9.1'
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: /var/lib/synapse/venv-pantalaimon
become: yes
become_user: synapse
become_method: sudo
notify:
- restart pantalaimon
- name: download mjolnir
git:
repo: https://github.com/matrix-org/mjolnir
dest: /var/lib/synapse/mjolnir
version: v0.1.16
become: yes
become_user: synapse
become_method: sudo
register: mjolnir_git
notify:
- restart mjolnir
- name: install mjolnir
community.general.yarn:
path: /var/lib/synapse/mjolnir
become: yes
become_user: synapse
become_method: sudo
when: mjolnir_git.changed
- name: build mjolnir
command: yarn build
args:
chdir: /var/lib/synapse/mjolnir
become: true
become_user: synapse
become_method: sudo
when: mjolnir_git.changed
- name: install mjolnir antispam module
pip:
name:
- /var/lib/synapse/mjolnir/synapse_antispam
Jan Alexander Steffens (heftig)
committed
state: latest
virtualenv: /var/lib/synapse/venv
become: yes
become_user: synapse
become_method: sudo
when: mjolnir_git.changed
notify:
- restart synapse
- name: download matrix-appservice-irc
repo: https://github.com/matrix-org/matrix-appservice-irc
dest: /var/lib/synapse/matrix-appservice-irc
version: 0.23.0
become: yes
become_user: synapse
become_method: sudo
register: irc_git
notify:
- restart matrix-appservice-irc
- name: install matrix-appservice-irc
npm:
path: /var/lib/synapse/matrix-appservice-irc
become: yes
become_user: synapse
become_method: sudo
when: irc_git.changed
- name: install pg_hba.conf
copy: src=pg_hba.conf dest=/var/lib/postgres/data/pg_hba.conf owner=postgres group=postgres mode=0600
notify:
- restart postgres
- name: add synapse postgres db
postgresql_db: db=synapse
become: yes
become_user: postgres
become_method: su
- name: add synapse postgres user
postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
become: yes
become_user: postgres
become_method: su
- name: add irc postgres db
postgresql_db: db=irc
become: yes
become_user: postgres
become_method: su
- name: create synapse config dir
file: path={{ item }} state=directory owner=root group=synapse mode=0750
with_items:
- /etc/synapse
- /etc/synapse/mjolnir
- name: install homeserver config
template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
notify:
- restart synapse
- name: install static config
copy: src={{ item }} dest=/etc/synapse/{{ item }} owner=root group=root mode=0644
with_items:
- log_config.yaml
- worker-appservice.yaml
- worker-federation_reader.yaml
- worker-federation_sender.yaml
- worker-media_repository.yaml
notify:
- restart synapse
- name: install pantalaimon config
template: src=pantalaimon.conf.j2 dest=/etc/synapse/pantalaimon.conf owner=root group=synapse mode=0644
notify:
- restart pantalaimon
- name: install mjolnir config
template: src=mjolnir.yaml.j2 dest=/etc/synapse/mjolnir/production.yaml owner=root group=synapse mode=0640
notify:
- restart mjolnir
- name: install irc-bridge config
template: src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640
notify:
- restart matrix-appservice-irc
- name: install irc-bridge registration
template: src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640
notify:
- restart synapse
- name: install signing key
copy:
content: '{{ vault_matrix_secrets.signing_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.signing.key
owner: root
group: synapse
mode: 0640
- name: install ircpass key
copy:
content: '{{ vault_matrix_secrets.ircpass_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
owner: root
group: synapse
mode: 0640
- name: make nginx log dir
file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/matrix.conf owner=root group=root mode=0644
notify:
- reload nginx
when: 'matrix_domain is defined'
- name: install turnserver.conf
template: src=turnserver.conf.j2 dest=/etc/turnserver/turnserver.conf owner=turnserver group=turnserver mode=0600
notify:
- restart turnserver
- name: install turnserver cert renewal hook
copy: src=letsencrypt.hook.d dest=/etc/letsencrypt/hook.d/turnserver owner=root group=root mode=0755
- name: install synapse units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- synapse.service
- synapse-worker@.service
notify:
- restart synapse
- name: install pantalaimon units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- pantalaimon.service
notify:
- restart pantalaimon
- name: install mjolnir units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- mjolnir.service
notify:
- restart mjolnir
- name: install matrix-appservice-irc units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- matrix-appservice-irc.service
notify:
- restart matrix-appservice-irc
- name: install turnserver units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- turnserver.service
notify:
- restart turnserver
- name: enable synapse units
service: name={{ item }} enabled=yes
with_items:
- synapse.service
- synapse-worker@appservice.service
- synapse-worker@federation_reader.service
- synapse-worker@federation_sender.service
- synapse-worker@media_repository.service
- name: enable pantalaimon units
service: name={{ item }} enabled=yes
with_items:
- pantalaimon.service
- name: enable mjolnir units
service: name={{ item }} enabled=yes
with_items:
- mjolnir.service
- name: enable matrix-appservice-irc units
service: name={{ item }} enabled=yes
with_items:
- matrix-appservice-irc.service
- name: enable turnserver units
service: name={{ item }} enabled=yes
with_items:
- turnserver.service
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
# synapse's identd
# turnserver
- 3478-3479/tcp
- 3478-3479/udp
- 5349-5350/tcp
- 5349-5350/udp
- 33000-33999/udp
when: configure_firewall
tags: