services/roles/synapse/vars/main.yml

---
synapse_svc:
  name: synapse
  domain: matrix.msrg.cc
  docker_host: synapse-admin
  port: 80
  caddy_extra: |
    handle /_matrix/* {
        reverse_proxy synapse:8008
    }
    handle /_synapse/* {
        reverse_proxy synapse:8008
    }
  extra_svcs:
    - domain: msrg.cc:8008
      additional_domains:
        - matrix.msrg.cc:8448
        - matrix.msrg.cc:8008
        - msrg.cc:8448
      docker_host: synapse
      port: 8008
  db:
    host: "{{ postgres.host }}"
    database: synapse
    user: "{{ vault_synapse.db.user }}"
    pass: "{{ vault_synapse.db.pass }}"
  config_path: config

synapse_env:
  SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
  REACT_APP_SERVER: https://matrix.msrg.cc

synapse_yml:
  server_name: msrg.cc
  pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
  public_baseurl: https://matrix.msrg.cc/
  allow_public_rooms_without_auth: true
  allow_public_rooms_over_federation: true

  listeners:
    - port: 8008
      tls: false
      type: http
      x_forwarded: true
      resources:
        - names:
            - client
            - federation
            - metrics
          compress: false

  admin_contact: mailto:{{ admin_email }}

  acme:
    enabled: false

  database:
    name: psycopg2
    args:
      user: "{{ svc.db.user }}"
      password: "{{ svc.db.pass }}"
      database: "{{ svc.db.database }}"
      host: "{{ svc.db.host }}"
      cp_min: 5
      cp_max: 10

  log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
  media_store_path: /media_store
  max_upload_size: 500M
  enable_registration: false
  enable_metrics: true
  report_stats: true

  macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"
  form_secret: "{{ vault_synapse.form_secret }}"
  signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"

  trusted_key_servers:
    - server_name: matrix.org
  suppress_key_server_warning: true

  oidc_providers:
    - idp_id: auth_serguzim_me
      idp_name: auth.serguzim.me
      issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/
      client_id: "{{ vault_synapse.oidc_client.id }}"
      client_secret: "{{ vault_synapse.oidc_client.secret }}"
      scopes:
        - openid
        - profile
        - email
      user_mapping_provider:
        config:
          localpart_template: "{{ '{{ user.preferred_username }}' }}"
          display_name_template: "{{ '{{ user.name }}' }}"

  email:
    smtp_host: mail.serguzim.me
    smtp_port: 587
    smtp_user: matrix@serguzim.me
    smtp_pass: "{{ vault_synapse.mail.pass }}"
    require_transport_security: true
    notif_from: Matrix <matrix@serguzim.me>

synapse_compose:
  watchtower: true
  image: ghcr.io/element-hq/synapse:latest
  volumes:
    - ./config:/config
    - media_store:/media_store
  file:
    services:
      synapse-admin:
        image: awesometechnologies/synapse-admin
        restart: always
        labels:
          com.centurylinklabs.watchtower.enable: true
        env_file:
          - service.env
        networks:
          apps:
            aliases:
              - synapse-admin
    volumes:
      media_store:
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`---`
Refactor everything 2023-12-14 01:20:13 +00:00			`synapse_svc:`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`name: synapse`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`domain: matrix.msrg.cc`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`docker_host: synapse-admin`
			`port: 80`
			`caddy_extra: \|`
			`handle /_matrix/* {`
			`reverse_proxy synapse:8008`
			`}`
			`handle /_synapse/* {`
			`reverse_proxy synapse:8008`
			`}`
			`extra_svcs:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`- domain: msrg.cc:8008`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`additional_domains:`
			`- matrix.msrg.cc:8448`
			`- matrix.msrg.cc:8008`
			`- msrg.cc:8448`
			`docker_host: synapse`
			`port: 8008`
			`db:`
			`host: "{{ postgres.host }}"`
			`database: synapse`
			`user: "{{ vault_synapse.db.user }}"`
			`pass: "{{ vault_synapse.db.pass }}"`
			`config_path: config`

Refactor everything 2023-12-14 01:20:13 +00:00			`synapse_env:`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) \| path_join }}"`
			`REACT_APP_SERVER: https://matrix.msrg.cc`

Refactor everything 2023-12-14 01:20:13 +00:00			`synapse_yml:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`server_name: msrg.cc`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`pid_file: "{{ (svc.config_path, 'homeserver.pid') \| path_join }}"`
			`public_baseurl: https://matrix.msrg.cc/`
			`allow_public_rooms_without_auth: true`
			`allow_public_rooms_over_federation: true`

			`listeners:`
			`- port: 8008`
			`tls: false`
			`type: http`
			`x_forwarded: true`
			`resources:`
			`- names:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`- client`
			`- federation`
			`- metrics`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`compress: false`

Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`admin_contact: mailto:{{ admin_email }}`
Add synapse to ansible 2023-12-11 16:17:15 +00:00
			`acme:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`enabled: false`
Add synapse to ansible 2023-12-11 16:17:15 +00:00
			`database:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`name: psycopg2`
			`args:`
			`user: "{{ svc.db.user }}"`
			`password: "{{ svc.db.pass }}"`
			`database: "{{ svc.db.database }}"`
			`host: "{{ svc.db.host }}"`
			`cp_min: 5`
			`cp_max: 10`
Add synapse to ansible 2023-12-11 16:17:15 +00:00
			`log_config: "{{ (svc.config_path, 'msrg.cc.log.config') \| path_join }}"`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`media_store_path: /media_store`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`max_upload_size: 500M`
			`enable_registration: false`
			`enable_metrics: true`
			`report_stats: true`

			`macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"`
			`form_secret: "{{ vault_synapse.form_secret }}"`
			`signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') \| path_join }}"`

			`trusted_key_servers:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`- server_name: matrix.org`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`suppress_key_server_warning: true`

			`oidc_providers:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`- idp_id: auth_serguzim_me`
			`idp_name: auth.serguzim.me`
			`issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`client_id: "{{ vault_synapse.oidc_client.id }}"`
			`client_secret: "{{ vault_synapse.oidc_client.secret }}"`
			`scopes:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`- openid`
			`- profile`
			`- email`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`user_mapping_provider:`
			`config:`
			`localpart_template: "{{ '{{ user.preferred_username }}' }}"`
			`display_name_template: "{{ '{{ user.name }}' }}"`

			`email:`
			`smtp_host: mail.serguzim.me`
			`smtp_port: 587`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`smtp_user: matrix@serguzim.me`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`smtp_pass: "{{ vault_synapse.mail.pass }}"`
			`require_transport_security: true`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`notif_from: Matrix <matrix@serguzim.me>`
Add synapse to ansible 2023-12-11 16:17:15 +00:00
Refactor everything 2023-12-14 01:20:13 +00:00			`synapse_compose:`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`watchtower: true`
Add some of caddy to ansible 2023-12-14 19:30:34 +00:00			`image: ghcr.io/element-hq/synapse:latest`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`volumes:`
			`- ./config:/config`
			`- media_store:/media_store`
			`file:`
			`services:`
			`synapse-admin:`
Fix issues reported by ansible-lint 2023-12-13 01:43:15 +00:00			`image: awesometechnologies/synapse-admin`
			`restart: always`
			`labels:`
			`com.centurylinklabs.watchtower.enable: true`
			`env_file:`
			`- service.env`
			`networks:`
			`apps:`
			`aliases:`
			`- synapse-admin`
Add synapse to ansible 2023-12-11 16:17:15 +00:00			`volumes:`
			`media_store:`