Add synapse to ansible

.gitignore

@@ -14,6 +14,7 @@
 /influxdb/
 /jellyfin/
 /minio/
+/synapse/
 /tandoor/
 /telegraf/
 /tinytinyrss/
@@ -31,6 +32,7 @@
 /caddy/config/conf.002.d/faas.serguzim.me.conf
 /caddy/config/conf.002.d/git.serguzim.me.conf
 /caddy/config/conf.002.d/inventory.serguzim.me.conf
+/caddy/config/conf.002.d/matrix.msrg.cc.conf
 /caddy/config/conf.002.d/media.serguzim.me.conf
 /caddy/config/conf.002.d/recipes.serguzim.me.conf
 /caddy/config/conf.002.d/rss.serguzim.me.conf

_ansible/node002.yml

@@ -11,6 +11,7 @@
     - homebox
     - influxdb
     - jellyfin
+    - synapse
     - tandoor
     - telegraf
     - tinytinyrss

_ansible/roles/synapse/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - synapse
+    - matrix
+  block:
+    - import_tasks: prepare-common-service.yml
+
+    - name: Set synapse config path
+      ansible.builtin.set_fact:
+        config_path: "{{ (service_path, svc.config_path) | path_join }}"
+    - name: Create config directory
+      ansible.builtin.file:
+        path: "{{ config_path }}"
+        state: directory
+        mode: "0755"
+
+    - name: Template config
+      ansible.builtin.template:
+        src: service.yml.j2
+        dest: "{{ (config_path, 'homeserver.yaml') | path_join }}"
+        mode: "0644"
+    
+    - name: Copy the log config
+      ansible.builtin.copy:
+        src: msrg.cc.log.config
+        dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}"
+        mode: '0644'
+
+    - name: Copy the signing key
+      ansible.builtin.copy:
+        content: "{{ vault_synapse.signing_key }}"
+        dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}"
+        mode: '0644'
+
+    - import_tasks: start-common-service.yml

_ansible/roles/synapse/vars/main.yml

@@ -0,0 +1,125 @@
+svc:
+  name: synapse
+  domain: "matrix.msrg.cc"
+  docker_host: synapse-admin
+  port: 80
+  caddy_extra: |
+    handle /_matrix/* {
+        reverse_proxy synapse:8008
+    }
+    handle /_synapse/* {
+        reverse_proxy synapse:8008
+    }
+  extra_svcs:
+    - domain: "msrg.cc:8008"
+      additional_domains:
+        - matrix.msrg.cc:8448
+        - matrix.msrg.cc:8008
+        - msrg.cc:8448
+      docker_host: synapse
+      port: 8008
+  db:
+    host: "{{ postgres.host }}"
+    database: synapse
+    user: "{{ vault_synapse.db.user }}"
+    pass: "{{ vault_synapse.db.pass }}"
+  config_path: config
+
+svc_env:
+  SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
+  REACT_APP_SERVER: https://matrix.msrg.cc
+
+svc_yml:
+  server_name: "msrg.cc"
+  pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
+  public_baseurl: https://matrix.msrg.cc/
+  allow_public_rooms_without_auth: true
+  allow_public_rooms_over_federation: true
+
+  listeners:
+    - port: 8008
+      tls: false
+      type: http
+      x_forwarded: true
+      resources:
+        - names:
+          - client
+          - federation
+          - metrics
+          compress: false
+
+  admin_contact: "mailto:{{ admin_email }}"
+
+  acme:
+      enabled: false
+
+  database:
+   name: "psycopg2"
+   args:
+     user: "{{ svc.db.user }}"
+     password: "{{ svc.db.pass }}"
+     database: "{{ svc.db.database }}"
+     host: "{{ svc.db.host }}"
+     cp_min: 5
+     cp_max: 10
+
+  log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
+  media_store_path: "/media_store"
+  max_upload_size: 500M
+  enable_registration: false
+  enable_metrics: true
+  report_stats: true
+
+  macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"
+  form_secret: "{{ vault_synapse.form_secret }}"
+  signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"
+
+  trusted_key_servers:
+    - server_name: "matrix.org"
+  suppress_key_server_warning: true
+
+  oidc_providers:
+    - idp_id: "auth_serguzim_me"
+      idp_name: "auth.serguzim.me"
+      issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
+      client_id: "{{ vault_synapse.oidc_client.id }}"
+      client_secret: "{{ vault_synapse.oidc_client.secret }}"
+      scopes:
+        - "openid"
+        - "profile"
+        - "email"
+      user_mapping_provider:
+        config:
+          localpart_template: "{{ '{{ user.preferred_username }}' }}"
+          display_name_template: "{{ '{{ user.name }}' }}"
+
+  email:
+    smtp_host: mail.serguzim.me
+    smtp_port: 587
+    smtp_user: "matrix@serguzim.me"
+    smtp_pass: "{{ vault_synapse.mail.pass }}"
+    require_transport_security: true
+    notif_from: "Matrix <matrix@serguzim.me>"
+
+compose:
+  watchtower: true
+  env: true
+  image: ghcr.io/matrix-org/synapse
+  volumes:
+    - ./config:/config
+    - media_store:/media_store
+  file:
+    services:
+      synapse-admin:
+         image: awesometechnologies/synapse-admin
+         restart: always
+         labels:
+           com.centurylinklabs.watchtower.enable: true
+         env_file:
+           - service.env
+         networks:
+           apps:
+             aliases:
+               - synapse-admin
+    volumes:
+      media_store:

caddy/config/conf.002.d/matrix.msrg.cc.conf

@@ -1,22 +0,0 @@
-matrix.msrg.cc {
-	import default
-
-	reverse_proxy /_matrix/* synapse:8008
-	reverse_proxy /_synapse/* synapse:8008
-}
-
-admin.matrix.msrg.cc {
-	import default
-
-	reverse_proxy /_matrix/* synapse:8008
-	reverse_proxy /_synapse/* synapse:8008
-	reverse_proxy synapse-admin:80
-}
-
-msrg.cc:8008,
-msrg.cc:8448,
-matrix.msrg.cc:8008,
-matrix.msrg.cc:8448 {
-	import default
-	reverse_proxy synapse:8008
-}

synapse/data/.gitignore

@@ -1,2 +0,0 @@
-/secrets.yaml
-msrg.cc.signing.key

synapse/data/homeserver.yaml

@@ -1,72 +0,0 @@
-# https://matrix-org.github.io/synapse/latest/usage/configuration/index.html
-
-server_name: "msrg.cc"
-pid_file: /data/homeserver.pid
-public_baseurl: https://matrix.msrg.cc/
-allow_public_rooms_without_auth: true
-allow_public_rooms_over_federation: true
-
-listeners:
-  - port: 8008
-    tls: false
-    type: http
-    x_forwarded: true
-    resources:
-      - names:
-        - client
-        - federation
-        - metrics
-        compress: false
-
-admin_contact: "mailto:tobias@msrg.cc"
-
-acme:
-    enabled: false
-
-database:
- name: "psycopg2"
- args:
-   user: "synapse"
-   #password: ""
-   database: "synapse"
-   host: "node002.serguzim.me"
-   cp_min: 5
-   cp_max: 10
-
-log_config: "/data/msrg.cc.log.config"
-media_store_path: "/media_store"
-max_upload_size: 500M
-enable_registration: false
-enable_metrics: true
-report_stats: true
-
-#macaroon_secret_key: ""
-#form_secret: ""
-signing_key_path: "/data/msrg.cc.signing.key"
-
-trusted_key_servers:
-  - server_name: "matrix.org"
-suppress_key_server_warning: true
-
-oidc_providers:
-  - idp_id: "auth_serguzim_me"
-    idp_name: "auth.serguzim.me"
-    issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
-    #client_id: ""
-    #client_secret: ""
-    scopes:
-      - "openid"
-      - "profile"
-      - "email"
-    user_mapping_provider:
-      config:
-        localpart_template: "{{ user.preferred_username }}"
-        display_name_template: "{{ user.name }}"
-
-email:
-  smtp_host: mail.serguzim.me
-  smtp_port: 587
-  smtp_user: "matrix@serguzim.me"
-  #smtp_pass: ""
-  require_transport_security: true
-  notif_from: "Matrix <matrix@serguzim.me>"

synapse/docker-compose.yml

@@ -1,35 +0,0 @@
-version: '3'
-
-services:
-
-  synapse:
-    image: ghcr.io/matrix-org/synapse
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    environment:
-      - SYNAPSE_CONFIG_PATH=/data/
-    volumes:
-      - ./data:/data
-      - media_store:/media_store
-    networks:
-      apps:
-        aliases:
-          - synapse
-
-  synapse-admin:
-    image: awesometechnologies/synapse-admin:latest
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    networks:
-      apps:
-        aliases:
-          - synapse-admin
-
-volumes:
-  media_store:
-
-networks:
-  apps:
-    external: true