Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/ also fixed issues reported by ansible-lint
2024-10-14 18:30:24 +02:00 · 2024-10-14 18:30:24 +02:00 · 4104057771
commit 4104057771
parent dc398ddb6e
123 changed files with 91 additions and 39 deletions
--- a/playbooks/roles/synapse/files/msrg.cc.log.config
+++ b/playbooks/roles/synapse/files/msrg.cc.log.config
@ -0,0 +1,22 @@
+version: 1
+
+formatters:
+  precise:
+   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+
+root:
+    level: INFO
+    handlers: [console]
+
+disable_existing_loggers: false
--- a/playbooks/roles/synapse/tasks/main.yml
+++ b/playbooks/roles/synapse/tasks/main.yml
@ -0,0 +1,44 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    svc: "{{ synapse_svc }}"
+    env: "{{ synapse_env }}"
+    compose: "{{ synapse_compose }}"
+    yml: "{{ synapse_yml }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Set synapse config path
+      ansible.builtin.set_fact:
+        config_path: "{{ (service_path, svc.config_path) | path_join }}"
+
+    - name: Create config directory
+      ansible.builtin.file:
+        path: "{{ config_path }}"
+        state: directory
+        mode: "0755"
+
+    - name: Template config
+      ansible.builtin.template:
+        src: yml.j2
+        dest: "{{ (config_path, 'homeserver.yaml') | path_join }}"
+        mode: "0644"
+
+    - name: Copy the log config
+      ansible.builtin.copy:
+        src: msrg.cc.log.config
+        dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}"
+        mode: "0644"
+
+    - name: Copy the signing key
+      ansible.builtin.copy:
+        content: "{{ vault_synapse.signing_key }}"
+        dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}"
+        mode: "0644"
+
+    - name: Import start tasks for common service
+      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/playbooks/roles/synapse/vars/main.yml
+++ b/playbooks/roles/synapse/vars/main.yml
@ -0,0 +1,122 @@
+---
+synapse_svc:
+  domain: matrix.serguzim.me
+  docker_host: synapse-admin
+  port: 80
+  caddy_extra: |
+    handle /_matrix/* {
+        reverse_proxy synapse:8008
+    }
+    handle /_synapse/* {
+        reverse_proxy synapse:8008
+    }
+  extra_svcs:
+    - domain: matrix.serguzim.me:8448
+      additional_domains:
+        - serguzim.me:8448
+      docker_host: synapse
+      port: 8008
+  db:
+    host: "{{ postgres.host }}"
+    user: "{{ opentofu.postgresql_data.synapse.user }}"
+    pass: "{{ opentofu.postgresql_data.synapse.pass }}"
+    database: "{{ opentofu.postgresql_data.synapse.database }}"
+  config_path: config
+
+synapse_env:
+  SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
+  REACT_APP_SERVER: https://matrix.serguzim.me
+
+synapse_yml:
+  server_name: msrg.cc
+  pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
+  public_baseurl: https://matrix.serguzim.me/
+  allow_public_rooms_without_auth: true
+  allow_public_rooms_over_federation: true
+
+  listeners:
+    - port: 8008
+      tls: false
+      type: http
+      x_forwarded: true
+      resources:
+        - names:
+            - client
+            - federation
+            - metrics
+          compress: false
+
+  admin_contact: mailto:{{ admin_email }}
+
+  acme:
+    enabled: false
+
+  database:
+    name: psycopg2
+    args:
+      user: "{{ svc.db.user }}"
+      password: "{{ svc.db.pass }}"
+      database: "{{ svc.db.database }}"
+      host: "{{ svc.db.host }}"
+      cp_min: 5
+      cp_max: 10
+
+  log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
+  media_store_path: /media_store
+  max_upload_size: 500M
+  enable_registration: false
+  enable_metrics: true
+  report_stats: true
+
+  macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"
+  form_secret: "{{ vault_synapse.form_secret }}"
+  signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"
+
+  trusted_key_servers:
+    - server_name: matrix.org
+  suppress_key_server_warning: true
+
+  oidc_providers:
+    - idp_id: auth_serguzim_me
+      idp_name: auth.serguzim.me
+      issuer: "{{ opentofu.authentik_data.synapse.base_url }}"
+      client_id: "{{ opentofu.authentik_data.synapse.client_id }}"
+      client_secret: "{{ opentofu.authentik_data.synapse.client_secret }}"
+      scopes:
+        - openid
+        - profile
+        - email
+      user_mapping_provider:
+        config:
+          localpart_template: "{{ '{{ user.preferred_username }}' }}"
+          display_name_template: "{{ '{{ user.name }}' }}"
+
+  email:
+    smtp_host: mail.serguzim.me
+    smtp_port: 587
+    smtp_user: matrix@serguzim.me
+    smtp_pass: "{{ vault_synapse.mail.pass }}"
+    require_transport_security: true
+    notif_from: Matrix <matrix@serguzim.me>
+
+synapse_compose:
+  watchtower: true
+  image: ghcr.io/element-hq/synapse:latest
+  volumes:
+    - ./config:/config
+    - media_store:/media_store
+  file:
+    services:
+      synapse-admin:
+        image: awesometechnologies/synapse-admin
+        restart: always
+        labels:
+          com.centurylinklabs.watchtower.enable: true
+        env_file:
+          - service.env
+        networks:
+          apps:
+            aliases:
+              - synapse-admin
+    volumes:
+      media_store: