- name: Create ssl cert include_role: name: certificate vars: domains: ["{{ matrix_domain }}"] when: 'matrix_domain is defined' - name: Install packages pacman: name: - coturn - freetype2 - gcc - git - jemalloc - libffi - libjpeg-turbo - libolm - libtiff - libwebp - libxslt - libzip - make - npm - openssl - pkgconf - postgresql-libs - python - redis - tcl - tk - yarn - zlib - name: Add synapse group group: name=synapse system=yes gid=198 - name: Add synapse user user: name=synapse system=yes uid=198 group=synapse home=/var/lib/synapse shell=/bin/false createhome=no - name: Create synapse home file: path={{ item }} state=directory owner=synapse group=synapse mode=0700 with_items: - /var/lib/synapse - /var/lib/synapse/media_store - /var/lib/synapse/mjolnir-data - /var/lib/synapse/pantalaimon-data - name: Make virtualenvs command: 'python -m venv {{ item }}' args: creates: '{{ item }}/bin/python' become: true become_user: synapse become_method: sudo with_items: - /var/lib/synapse/venv - /var/lib/synapse/venv-pantalaimon - name: Update virtualenvs pip: name: - pip - wheel state: latest extra_args: '--upgrade-strategy=eager' virtualenv: '{{ item }}' become: true become_user: synapse become_method: sudo with_items: - /var/lib/synapse/venv - /var/lib/synapse/venv-pantalaimon - name: Install synapse pip: name: - 'matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.66.0' state: latest extra_args: '--upgrade-strategy=eager' virtualenv: /var/lib/synapse/venv become: true become_user: synapse become_method: sudo register: synapse_pip notify: - Restart synapse - name: Install pantalaimon pip: name: - 'pantalaimon==0.10.4' state: latest extra_args: '--upgrade-strategy=eager' virtualenv: /var/lib/synapse/venv-pantalaimon become: true become_user: synapse become_method: sudo notify: - Restart pantalaimon - name: Download mjolnir git: repo: https://github.com/matrix-org/mjolnir dest: /var/lib/synapse/mjolnir version: v1.5.0 force: true become: true become_user: synapse become_method: sudo register: mjolnir_git notify: - Restart mjolnir - name: Install mjolnir community.general.yarn: path: /var/lib/synapse/mjolnir become: true become_user: synapse become_method: sudo when: mjolnir_git.changed - name: Build mjolnir command: yarn build args: chdir: /var/lib/synapse/mjolnir become: true become_user: synapse become_method: sudo when: mjolnir_git.changed - name: Install mjolnir antispam module pip: name: - /var/lib/synapse/mjolnir/synapse_antispam state: latest virtualenv: /var/lib/synapse/venv become: true become_user: synapse become_method: sudo when: synapse_pip.changed or mjolnir_git.changed notify: - Restart synapse - name: Download matrix-appservice-irc git: repo: https://github.com/matrix-org/matrix-appservice-irc dest: /var/lib/synapse/matrix-appservice-irc version: 0.34.0 force: true become: true become_user: synapse become_method: sudo register: irc_git notify: - Restart matrix-appservice-irc - name: Install matrix-appservice-irc community.general.npm: path: /var/lib/synapse/matrix-appservice-irc ci: true become: true become_user: synapse become_method: sudo when: irc_git.changed - name: Install pg_hba.conf copy: src=pg_hba.conf dest=/var/lib/postgres/data/pg_hba.conf owner=postgres group=postgres mode=0600 notify: - Restart postgres - name: Add synapse postgres db postgresql_db: db=synapse lc_collate=C lc_ctype=C template=template0 become: true become_user: postgres become_method: su - name: Add synapse postgres user postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }} become: true become_user: postgres become_method: su - name: Add irc postgres db postgresql_db: db=irc become: true become_user: postgres become_method: su - name: Create synapse config dir file: path={{ item }} state=directory owner=root group=synapse mode=0750 with_items: - /etc/synapse - /etc/synapse/mjolnir - name: Install homeserver config template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640 notify: - Restart synapse - name: Install static config copy: src={{ item }} dest=/etc/synapse/{{ item }} owner=root group=root mode=0644 with_items: - log_config.yaml - worker-appservice.yaml - worker-federation_reader.yaml - worker-federation_sender.yaml - worker-media_repository.yaml notify: - Restart synapse - name: Install pantalaimon config template: src=pantalaimon.conf.j2 dest=/etc/synapse/pantalaimon.conf owner=root group=synapse mode=0644 notify: - Restart pantalaimon - name: Install mjolnir config template: src=mjolnir.yaml.j2 dest=/etc/synapse/mjolnir/production.yaml owner=root group=synapse mode=0640 notify: - Restart mjolnir - name: Install irc-bridge config template: src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640 notify: - Restart matrix-appservice-irc - name: Install irc-bridge registration template: src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640 notify: - Restart synapse - name: Install signing key copy: content: '{{ vault_matrix_secrets.signing_key }}' dest: /etc/synapse/{{ matrix_server_name }}.signing.key owner: root group: synapse mode: 0640 - name: Install ircpass key copy: content: '{{ vault_matrix_secrets.ircpass_key }}' dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key owner: root group: synapse mode: 0640 - name: Make nginx log dir file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755 - name: Set up nginx template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/matrix.conf owner=root group=root mode=0640 notify: - Reload nginx when: 'matrix_domain is defined' tags: ['nginx'] - name: Install turnserver.conf template: src=turnserver.conf.j2 dest=/etc/turnserver/turnserver.conf owner=turnserver group=turnserver mode=0600 notify: - Restart turnserver - name: Install turnserver cert renewal hook copy: src=letsencrypt.hook.d dest=/etc/letsencrypt/hook.d/turnserver owner=root group=root mode=0755 - name: Install synapse units copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - synapse.service - synapse-worker@.service notify: - Restart synapse - name: Install pantalaimon units copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - pantalaimon.service notify: - Restart pantalaimon - name: Install mjolnir units copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - mjolnir.service notify: - Restart mjolnir - name: Install matrix-appservice-irc units copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - matrix-appservice-irc.service notify: - Restart matrix-appservice-irc - name: Enable synapse units service: name={{ item }} enabled=yes with_items: - synapse.service - synapse-worker@appservice.service - synapse-worker@federation_reader.service - synapse-worker@federation_sender.service - synapse-worker@media_repository.service notify: - Restart synapse - name: Enable pantalaimon units service: name={{ item }} enabled=yes with_items: - pantalaimon.service notify: - Restart pantalaimon - name: Enable mjolnir units service: name={{ item }} enabled=yes with_items: - mjolnir.service notify: - Restart mjolnir - name: Enable matrix-appservice-irc units service: name={{ item }} enabled=yes with_items: - matrix-appservice-irc.service notify: - Restart matrix-appservice-irc - name: Enable turnserver units service: name={{ item }} enabled=yes with_items: - turnserver.service notify: - Restart turnserver - name: Open firewall holes ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes with_items: # synapse's identd - 113/tcp # turnserver - 2410-2411/tcp - 2410-2411/udp - 2420-2421/tcp - 2420-2421/udp - 33000-33999/udp when: configure_firewall tags: - firewall