Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint

playbooks/roles/synapse/vars/main.yml

@@ -0,0 +1,122 @@
+---
+synapse_svc:
+  domain: matrix.serguzim.me
+  docker_host: synapse-admin
+  port: 80
+  caddy_extra: |
+    handle /_matrix/* {
+        reverse_proxy synapse:8008
+    }
+    handle /_synapse/* {
+        reverse_proxy synapse:8008
+    }
+  extra_svcs:
+    - domain: matrix.serguzim.me:8448
+      additional_domains:
+        - serguzim.me:8448
+      docker_host: synapse
+      port: 8008
+  db:
+    host: "{{ postgres.host }}"
+    user: "{{ opentofu.postgresql_data.synapse.user }}"
+    pass: "{{ opentofu.postgresql_data.synapse.pass }}"
+    database: "{{ opentofu.postgresql_data.synapse.database }}"
+  config_path: config
+
+synapse_env:
+  SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
+  REACT_APP_SERVER: https://matrix.serguzim.me
+
+synapse_yml:
+  server_name: msrg.cc
+  pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
+  public_baseurl: https://matrix.serguzim.me/
+  allow_public_rooms_without_auth: true
+  allow_public_rooms_over_federation: true
+
+  listeners:
+    - port: 8008
+      tls: false
+      type: http
+      x_forwarded: true
+      resources:
+        - names:
+            - client
+            - federation
+            - metrics
+          compress: false
+
+  admin_contact: mailto:{{ admin_email }}
+
+  acme:
+    enabled: false
+
+  database:
+    name: psycopg2
+    args:
+      user: "{{ svc.db.user }}"
+      password: "{{ svc.db.pass }}"
+      database: "{{ svc.db.database }}"
+      host: "{{ svc.db.host }}"
+      cp_min: 5
+      cp_max: 10
+
+  log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
+  media_store_path: /media_store
+  max_upload_size: 500M
+  enable_registration: false
+  enable_metrics: true
+  report_stats: true
+
+  macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"
+  form_secret: "{{ vault_synapse.form_secret }}"
+  signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"
+
+  trusted_key_servers:
+    - server_name: matrix.org
+  suppress_key_server_warning: true
+
+  oidc_providers:
+    - idp_id: auth_serguzim_me
+      idp_name: auth.serguzim.me
+      issuer: "{{ opentofu.authentik_data.synapse.base_url }}"
+      client_id: "{{ opentofu.authentik_data.synapse.client_id }}"
+      client_secret: "{{ opentofu.authentik_data.synapse.client_secret }}"
+      scopes:
+        - openid
+        - profile
+        - email
+      user_mapping_provider:
+        config:
+          localpart_template: "{{ '{{ user.preferred_username }}' }}"
+          display_name_template: "{{ '{{ user.name }}' }}"
+
+  email:
+    smtp_host: mail.serguzim.me
+    smtp_port: 587
+    smtp_user: matrix@serguzim.me
+    smtp_pass: "{{ vault_synapse.mail.pass }}"
+    require_transport_security: true
+    notif_from: Matrix <matrix@serguzim.me>
+
+synapse_compose:
+  watchtower: true
+  image: ghcr.io/element-hq/synapse:latest
+  volumes:
+    - ./config:/config
+    - media_store:/media_store
+  file:
+    services:
+      synapse-admin:
+        image: awesometechnologies/synapse-admin
+        restart: always
+        labels:
+          com.centurylinklabs.watchtower.enable: true
+        env_file:
+          - service.env
+        networks:
+          apps:
+            aliases:
+              - synapse-admin
+    volumes:
+      media_store: