serguzim/services
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add synapse to ansible

Browse source
This commit is contained in:
Tobias Reisinger 2023-12-11 17:17:15 +01:00
parent e006f44dd6
commit 67d0c8d875
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
9 changed files with 164 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -14,6 +14,7 @@
/influxdb/ /influxdb/
/jellyfin/ /jellyfin/
/minio/ /minio/
/synapse/
/tandoor/ /tandoor/
/telegraf/ /telegraf/
/tinytinyrss/ /tinytinyrss/
@ -31,6 +32,7 @@
/caddy/config/conf.002.d/faas.serguzim.me.conf /caddy/config/conf.002.d/faas.serguzim.me.conf
/caddy/config/conf.002.d/git.serguzim.me.conf /caddy/config/conf.002.d/git.serguzim.me.conf
/caddy/config/conf.002.d/inventory.serguzim.me.conf /caddy/config/conf.002.d/inventory.serguzim.me.conf
/caddy/config/conf.002.d/matrix.msrg.cc.conf
/caddy/config/conf.002.d/media.serguzim.me.conf /caddy/config/conf.002.d/media.serguzim.me.conf
/caddy/config/conf.002.d/recipes.serguzim.me.conf /caddy/config/conf.002.d/recipes.serguzim.me.conf
/caddy/config/conf.002.d/rss.serguzim.me.conf /caddy/config/conf.002.d/rss.serguzim.me.conf

1
_ansible/node002.yml
View file

@ -11,6 +11,7 @@
- homebox - homebox
- influxdb - influxdb
- jellyfin - jellyfin
- synapse
- tandoor - tandoor
- telegraf - telegraf
- tinytinyrss - tinytinyrss

0
synapse/data/msrg.cc.log.config → _ansible/roles/synapse/files/msrg.cc.log.config
View file

36
_ansible/roles/synapse/tasks/main.yml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Deploy {{ svc.name }}
tags:
- synapse
- matrix
block:
- import_tasks: prepare-common-service.yml
- name: Set synapse config path
ansible.builtin.set_fact:
config_path: "{{ (service_path, svc.config_path) | path_join }}"
- name: Create config directory
ansible.builtin.file:
path: "{{ config_path }}"
state: directory
mode: "0755"
- name: Template config
ansible.builtin.template:
src: service.yml.j2
dest: "{{ (config_path, 'homeserver.yaml') | path_join }}"
mode: "0644"
- name: Copy the log config
ansible.builtin.copy:
src: msrg.cc.log.config
dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}"
mode: '0644'
- name: Copy the signing key
ansible.builtin.copy:
content: "{{ vault_synapse.signing_key }}"
dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}"
mode: '0644'
- import_tasks: start-common-service.yml

125
_ansible/roles/synapse/vars/main.yml Normal file
View file

@ -0,0 +1,125 @@
svc:
name: synapse
domain: "matrix.msrg.cc"
docker_host: synapse-admin
port: 80
caddy_extra: |
handle /_matrix/* {
reverse_proxy synapse:8008
}
handle /_synapse/* {
reverse_proxy synapse:8008
}
extra_svcs:
- domain: "msrg.cc:8008"
additional_domains:
- matrix.msrg.cc:8448
- matrix.msrg.cc:8008
- msrg.cc:8448
docker_host: synapse
port: 8008
db:
host: "{{ postgres.host }}"
database: synapse
user: "{{ vault_synapse.db.user }}"
pass: "{{ vault_synapse.db.pass }}"
config_path: config
svc_env:
SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
REACT_APP_SERVER: https://matrix.msrg.cc
svc_yml:
server_name: "msrg.cc"
pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
public_baseurl: https://matrix.msrg.cc/
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names:
- client
- federation
- metrics
compress: false
admin_contact: "mailto:{{ admin_email }}"
acme:
enabled: false
database:
name: "psycopg2"
args:
user: "{{ svc.db.user }}"
password: "{{ svc.db.pass }}"
database: "{{ svc.db.database }}"
host: "{{ svc.db.host }}"
cp_min: 5
cp_max: 10
log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
media_store_path: "/media_store"
max_upload_size: 500M
enable_registration: false
enable_metrics: true
report_stats: true
macaroon_secret_key: "{{ vault_synapse.macaroon_secret_key }}"
form_secret: "{{ vault_synapse.form_secret }}"
signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"
trusted_key_servers:
- server_name: "matrix.org"
suppress_key_server_warning: true
oidc_providers:
- idp_id: "auth_serguzim_me"
idp_name: "auth.serguzim.me"
issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
client_id: "{{ vault_synapse.oidc_client.id }}"
client_secret: "{{ vault_synapse.oidc_client.secret }}"
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
localpart_template: "{{ '{{ user.preferred_username }}' }}"
display_name_template: "{{ '{{ user.name }}' }}"
email:
smtp_host: mail.serguzim.me
smtp_port: 587
smtp_user: "matrix@serguzim.me"
smtp_pass: "{{ vault_synapse.mail.pass }}"
require_transport_security: true
notif_from: "Matrix <matrix@serguzim.me>"
compose:
watchtower: true
env: true
image: ghcr.io/matrix-org/synapse
volumes:
- ./config:/config
- media_store:/media_store
file:
services:
synapse-admin:
image: awesometechnologies/synapse-admin
restart: always
labels:
com.centurylinklabs.watchtower.enable: true
env_file:
- service.env
networks:
apps:
aliases:
- synapse-admin
volumes:
media_store:

22
caddy/config/conf.002.d/matrix.msrg.cc.conf
View file

@ -1,22 +0,0 @@
matrix.msrg.cc {
import default
reverse_proxy /_matrix/* synapse:8008
reverse_proxy /_synapse/* synapse:8008
}
admin.matrix.msrg.cc {
import default
reverse_proxy /_matrix/* synapse:8008
reverse_proxy /_synapse/* synapse:8008
reverse_proxy synapse-admin:80
}
msrg.cc:8008,
msrg.cc:8448,
matrix.msrg.cc:8008,
matrix.msrg.cc:8448 {
import default
reverse_proxy synapse:8008
}

2
synapse/data/.gitignore vendored
View file

@ -1,2 +0,0 @@
/secrets.yaml
msrg.cc.signing.key

72
synapse/data/homeserver.yaml
View file

@ -1,72 +0,0 @@
# https://matrix-org.github.io/synapse/latest/usage/configuration/index.html
server_name: "msrg.cc"
pid_file: /data/homeserver.pid
public_baseurl: https://matrix.msrg.cc/
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names:
- client
- federation
- metrics
compress: false
admin_contact: "mailto:tobias@msrg.cc"
acme:
enabled: false
database:
name: "psycopg2"
args:
user: "synapse"
#password: ""
database: "synapse"
host: "node002.serguzim.me"
cp_min: 5
cp_max: 10
log_config: "/data/msrg.cc.log.config"
media_store_path: "/media_store"
max_upload_size: 500M
enable_registration: false
enable_metrics: true
report_stats: true
#macaroon_secret_key: ""
#form_secret: ""
signing_key_path: "/data/msrg.cc.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
suppress_key_server_warning: true
oidc_providers:
- idp_id: "auth_serguzim_me"
idp_name: "auth.serguzim.me"
issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
#client_id: ""
#client_secret: ""
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}"
email:
smtp_host: mail.serguzim.me
smtp_port: 587
smtp_user: "matrix@serguzim.me"
#smtp_pass: ""
require_transport_security: true
notif_from: "Matrix <matrix@serguzim.me>"

35
synapse/docker-compose.yml
View file

@ -1,35 +0,0 @@
version: '3'
services:
synapse:
image: ghcr.io/matrix-org/synapse
restart: always
labels:
com.centurylinklabs.watchtower.enable: true
environment:
- SYNAPSE_CONFIG_PATH=/data/
volumes:
- ./data:/data
- media_store:/media_store
networks:
apps:
aliases:
- synapse
synapse-admin:
image: awesometechnologies/synapse-admin:latest
restart: always
labels:
com.centurylinklabs.watchtower.enable: true
networks:
apps:
aliases:
- synapse-admin
volumes:
media_store:
networks:
apps:
external: true