main.yml 8.56 KB
Newer Older
1
2
---

3
- name: create ssl cert
4
5
6
7
  include_role:
    name: certificate
  vars:
    domains: ["{{ matrix_domain }}"]
8
  when: 'matrix_domain is defined'
9
10

- name: install packages
11
12
  pacman:
    name:
13
      - coturn
14
15
16
17
18
      - freetype2
      - gcc
      - git
      - jemalloc
      - libffi
19
      - libjpeg-turbo
20
      - libolm
21
22
23
24
25
26
27
28
29
30
31
      - libtiff
      - libwebp
      - libxslt
      - libzip
      - make
      - npm
      - openssl
      - pkgconf
      - postgresql-libs
      - python
      - python2
32
      - redis
33
34
      - tcl
      - tk
35
      - yarn
36
      - zlib
37
38
39
40
41
42
43
44

- name: add synapse group
  group: name=synapse system=yes gid=198

- name: add synapse user
  user: name=synapse system=yes uid=198 group=synapse home=/var/lib/synapse shell=/bin/false createhome=no

- name: create synapse home
45
  file: path={{ item }} state=directory owner=synapse group=synapse mode=0700
46
47
48
  with_items:
    - /var/lib/synapse
    - /var/lib/synapse/media_store
49
50
51
    - /var/lib/synapse/mjolnir-data
    - /var/lib/synapse/pantalaimon-data

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
- name: make virtualenvs
  command: 'python -m venv {{ item }}'
  args:
    creates: '{{ item }}/bin/python'
  become: true
  become_user: synapse
  become_method: sudo
  with_items:
    - /var/lib/synapse/venv
    - /var/lib/synapse/venv-pantalaimon

- name: update virtualenvs
  pip:
    name:
      - pip
      - wheel
    state: latest
    extra_args: '--upgrade-strategy=eager'
    virtualenv: '{{ item }}'
  become: yes
  become_user: synapse
  become_method: sudo
  with_items:
    - /var/lib/synapse/venv
    - /var/lib/synapse/venv-pantalaimon

- name: install synapse
  pip:
    name:
      - 'matrix-synapse[postgres,systemd,url_preview,redis]==1.26.0'
    state: latest
    extra_args: '--upgrade-strategy=eager'
    virtualenv: /var/lib/synapse/venv
  become: yes
  become_user: synapse
  become_method: sudo
88
  register: synapse_pip
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
  notify:
    - restart synapse

- name: install pantalaimon
  pip:
    name:
      - 'pantalaimon==0.9.1'
    state: latest
    extra_args: '--upgrade-strategy=eager'
    virtualenv: /var/lib/synapse/venv-pantalaimon
  become: yes
  become_user: synapse
  become_method: sudo
  notify:
    - restart pantalaimon

105
106
107
108
- name: download mjolnir
  git:
    repo: https://github.com/matrix-org/mjolnir
    dest: /var/lib/synapse/mjolnir
109
    version: v0.1.17
110
111
112
  become: yes
  become_user: synapse
  become_method: sudo
113
  register: mjolnir_git
114
115
116
117
118
119
120
121
122
  notify:
    - restart mjolnir

- name: install mjolnir
  community.general.yarn:
    path: /var/lib/synapse/mjolnir
  become: yes
  become_user: synapse
  become_method: sudo
123
  when: mjolnir_git.changed
124
125
126
127
128
129
130
131

- name: build mjolnir
  command: yarn build
  args:
    chdir: /var/lib/synapse/mjolnir
  become: true
  become_user: synapse
  become_method: sudo
132
  when: mjolnir_git.changed
133

134
- name: install mjolnir antispam module
135
136
  pip:
    name:
137
      - /var/lib/synapse/mjolnir/synapse_antispam
138
    state: latest
139
    virtualenv: /var/lib/synapse/venv
140
141
142
  become: yes
  become_user: synapse
  become_method: sudo
143
  when: synapse_pip.changed or mjolnir_git.changed
144
145
  notify:
    - restart synapse
146

147
- name: download matrix-appservice-irc
148
  git:
149
    repo: https://github.com/matrix-org/matrix-appservice-irc
150
    dest: /var/lib/synapse/matrix-appservice-irc
151
    version: 0.23.0
152
153
154
  become: yes
  become_user: synapse
  become_method: sudo
155
  register: irc_git
156
157
  notify:
    - restart matrix-appservice-irc
158
159

- name: install matrix-appservice-irc
160
161
  npm:
    path: /var/lib/synapse/matrix-appservice-irc
162
163
164
  become: yes
  become_user: synapse
  become_method: sudo
165
  when: irc_git.changed
166

167
168
169
170
171
- name: install pg_hba.conf
  copy: src=pg_hba.conf dest=/var/lib/postgres/data/pg_hba.conf owner=postgres group=postgres mode=0600
  notify:
    - restart postgres

172
173
174
175
176
177
178
- name: add synapse postgres db
  postgresql_db: db=synapse
  become: yes
  become_user: postgres
  become_method: su

- name: add synapse postgres user
179
180
181
182
183
184
185
  postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
  become: yes
  become_user: postgres
  become_method: su

- name: add irc postgres db
  postgresql_db: db=irc
186
187
188
189
  become: yes
  become_user: postgres
  become_method: su

190
- name: create synapse config dir
191
192
193
194
  file: path={{ item }} state=directory owner=root group=synapse mode=0750
  with_items:
    - /etc/synapse
    - /etc/synapse/mjolnir
195
196
197

- name: install homeserver config
  template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
198
199
  notify:
    - restart synapse
200

201
202
203
204
205
- name: install static config
  copy: src={{ item }} dest=/etc/synapse/{{ item }} owner=root group=root mode=0644
  with_items:
    - log_config.yaml
    - worker-appservice.yaml
206
    - worker-federation_reader.yaml
207
    - worker-federation_sender.yaml
208
    - worker-media_repository.yaml
209
210
  notify:
    - restart synapse
211

212
213
214
215
216
217
218
219
220
221
- name: install pantalaimon config
  template: src=pantalaimon.conf.j2 dest=/etc/synapse/pantalaimon.conf owner=root group=synapse mode=0644
  notify:
    - restart pantalaimon

- name: install mjolnir config
  template: src=mjolnir.yaml.j2 dest=/etc/synapse/mjolnir/production.yaml owner=root group=synapse mode=0640
  notify:
    - restart mjolnir

222
223
- name: install irc-bridge config
  template: src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640
224
225
  notify:
    - restart matrix-appservice-irc
226
227
228

- name: install irc-bridge registration
  template: src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640
229
230
  notify:
    - restart synapse
231

232
233
- name: install signing key
  copy:
234
    content: '{{ vault_matrix_secrets.signing_key }}'
235
236
237
238
239
    dest: /etc/synapse/{{ matrix_server_name }}.signing.key
    owner: root
    group: synapse
    mode: 0640

240
241
- name: install ircpass key
  copy:
242
    content: '{{ vault_matrix_secrets.ircpass_key }}'
243
244
245
246
    dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
    owner: root
    group: synapse
    mode: 0640
247
248
249
250
251
252
253
254

- name: make nginx log dir
  file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755

- name: set up nginx
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/matrix.conf owner=root group=root mode=0644
  notify:
    - reload nginx
255
  when: 'matrix_domain is defined'
256
  tags: ['nginx']
257

258
- name: install turnserver.conf
259
  template: src=turnserver.conf.j2 dest=/etc/turnserver/turnserver.conf owner=turnserver group=turnserver mode=0600
260
261
262
263
264
265
  notify:
    - restart turnserver

- name: install turnserver cert renewal hook
  copy: src=letsencrypt.hook.d dest=/etc/letsencrypt/hook.d/turnserver owner=root group=root mode=0755

266
- name: install synapse units
267
268
269
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - synapse.service
270
271
272
273
    - synapse-worker@.service
  notify:
    - restart synapse

274
275
276
277
278
279
280
281
282
283
284
285
286
287
- name: install pantalaimon units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - pantalaimon.service
  notify:
    - restart pantalaimon

- name: install mjolnir units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - mjolnir.service
  notify:
    - restart mjolnir

288
289
290
- name: install matrix-appservice-irc units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
291
    - matrix-appservice-irc.service
292
293
294
  notify:
    - restart matrix-appservice-irc

295
296
297
298
299
300
301
- name: install turnserver units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - turnserver.service
  notify:
    - restart turnserver

302
303
304
305
306
- name: enable synapse units
  service: name={{ item }} enabled=yes
  with_items:
    - synapse.service
    - synapse-worker@appservice.service
307
    - synapse-worker@federation_reader.service
308
    - synapse-worker@federation_sender.service
309
    - synapse-worker@media_repository.service
310
  notify:
311
    - restart synapse
312

313
314
315
316
317
318
319
320
321
322
- name: enable pantalaimon units
  service: name={{ item }} enabled=yes
  with_items:
    - pantalaimon.service

- name: enable mjolnir units
  service: name={{ item }} enabled=yes
  with_items:
    - mjolnir.service

323
324
325
326
- name: enable matrix-appservice-irc units
  service: name={{ item }} enabled=yes
  with_items:
    - matrix-appservice-irc.service
327

328
329
330
331
332
- name: enable turnserver units
  service: name={{ item }} enabled=yes
  with_items:
    - turnserver.service

333
- name: open firewall holes
334
  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
335
  with_items:
336
    # synapse's identd
337
    - 113/tcp
338
339
340
341
342
343
    # turnserver
    - 3478-3479/tcp
    - 3478-3479/udp
    - 5349-5350/tcp
    - 5349-5350/udp
    - 33000-33999/udp
344
345
  when: configure_firewall
  tags:
346
    - firewall