kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-15 15:15:48 +02:00
parent 0228014d34
commit 022800425d
271 changed files with 1098 additions and 916 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
roles/web-app-matrix/tasks/01_docker.yml Normal file
View File

@@ -0,0 +1,120 @@
- name: "load docker and db for {{ application_id }}"
include_role:
name: cmp-db-docker
vars:
docker_compose_flush_handlers: false
- name: include 02_create-and-seed-database.yml for multiple bridges
include_tasks: 02_create-and-seed-database.yml
vars:
database_password: "{{ item.database_password }}"
database_username: "{{ item.database_username }}"
database_name: "{{ item.database_name }}"
loop: "{{ MATRIX_BRIDGES }}"
# The following taks are necessary because a clean setup is necessary
- name: shut down docker compose project
command:
cmd: docker-compose -p "{{ MATRIX_PROJECT }}" down
chdir: "{{ docker_compose.directories.instance }}"
- name: "cleanup project folder"
file:
path: "{{ docker_compose.directories.instance }}mautrix/"
state: absent
- name: "create bridge folders"
file:
path: "{{ docker_compose.directories.instance }}mautrix/{{ item.bridge_name }}"
state: directory
mode: "0755"
loop: "{{ MATRIX_BRIDGES }}"
- name: add multiple mautrix bridge configuration
template:
src: "mautrix/{{ item.bridge_name }}.config.yml.j2"
dest: "{{ docker_compose.directories.instance }}mautrix/{{ item.bridge_name }}/config.yaml"
loop: "{{ MATRIX_BRIDGES }}"
notify: docker compose up
- name: add element configuration
template:
src: "element.config.json.j2"
dest: "{{ MATRIX_ELEMENT_CONFIG_PATH_HOST }}"
notify: docker compose up
- name: add synapse homeserver configuration
template:
src: "synapse/homeserver.yaml.j2"
dest: "{{ MATRIX_SYNAPSE_CONFIG_PATH_HOST }}"
notify: docker compose up
- name: add synapse log configuration
template:
src: "synapse/log.config.j2"
dest: "{{ MATRIX_SYNAPSE_LOG_PATH_HOST }}"
notify: docker compose up
# https://github.com/matrix-org/synapse/issues/6303
- name: set correct folder permissions
command:
cmd: "docker run --rm --mount type=volume,src={{ MATRIX_SYNAPSE_VOLUME }},dst=/data -e SYNAPSE_SERVER_NAME={{ MATRIX_SYNAPSE_DOMAIN }} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{ docker_compose.directories.instance }}docker-compose.yml"
notify: docker compose up
# Pull image when update is wished.
# @todo This should be moved to update-docker
- name: docker compose pull
command:
cmd: docker-compose -p "{{ MATRIX_PROJECT }}" pull
chdir: "{{ docker_compose.directories.instance }}"
when: MODE_UPDATE | bool
- name: docker compose up
command:
cmd: "docker-compose -p {{ MATRIX_PROJECT }} up -d --remove-orphans"
chdir: "{{ docker_compose.directories.instance }}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
register: result
until: result is succeeded
retries: 12
delay: 30
- name: wait for registration files
wait_for:
path: "{{ docker_compose.directories.instance }}mautrix/{{ item.bridge_name }}/registration.yaml"
state: present
timeout: 120
loop: "{{ MATRIX_BRIDGES }}"
- name: "change file permissions"
file:
path: "{{ docker_compose.directories.instance }}mautrix/{{ item.bridge_name }}/registration.yaml"
mode: "0755"
loop: "{{ MATRIX_BRIDGES }}"
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
- name: create admin account
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications | get_app_conf(application_id, 'setup', True) | bool
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
- name: create chatgpt bot
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications | get_app_conf(application_id, 'setup', True) | bool
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"

2
roles/web-app-matrix/tasks/create-and-seed-database.yml → roles/web-app-matrix/tasks/02_create-and-seed-database.yml
View File

@@ -6,7 +6,7 @@
# - database_password
- name: "create {{database_name}} database"
include_role:
name: svc-db-postgres
name: "svc-db-{{ database_type }}"
when: applications | get_app_conf(application_id, 'features.central_database', False)
- name: "include 04_seed-database-to-backup.yml"

33
roles/web-app-matrix/tasks/03_webserver.yml Normal file
View File

@@ -0,0 +1,33 @@
- name: create {{ MATRIX_WELL_KNOWN_DIRECTORY }}
file:
path: "{{ MATRIX_WELL_KNOWN_DIRECTORY }}"
state: directory
mode: '0755'
- name: create {{ MATRIX_WELL_KNOWN_FILE }}
template:
src: "well-known.j2"
dest: "{{ MATRIX_WELL_KNOWN_FILE }}"
- name: "include role srv-proxy-6-6-domain for {{ MATRIX_ELEMENT_DOMAIN }}"
include_role:
name: srv-proxy-6-6-domain
vars:
domain: "{{ MATRIX_ELEMENT_DOMAIN }}"
http_port: "{{ MATRIX_ELEMENT_PORT }}"
- name: "include role for {{ application_id }} to receive certs & do modification routines for {{ MATRIX_SYNAPSE_DOMAIN }}"
include_role:
name: srv-web-7-6-composer
vars:
domain: "{{ MATRIX_SYNAPSE_DOMAIN }}"
http_port: "{{ MATRIX_SYNAPSE_PORT }}"
- name: create {{ MATRIX_SYNAPSE_DOMAIN }}.conf
template:
src: "templates/nginx.conf.j2"
dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ MATRIX_SYNAPSE_DOMAIN }}.conf"
vars:
domain: "{{ MATRIX_SYNAPSE_DOMAIN }}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
http_port: "{{ MATRIX_SYNAPSE_PORT }}"
notify: restart openresty

153
roles/web-app-matrix/tasks/main.yml
View File

@@ -5,154 +5,13 @@
- name: Filter enabled bridges and register as fact
set_fact:
bridges: "{{ bridges_configuration | filter_enabled_bridges(applications | get_app_conf(application_id, 'plugins', True)) }}"
MATRIX_BRIDGES: "{{ bridges_configuration | filter_enabled_bridges(applications | get_app_conf(application_id, 'plugins', True)) }}"
changed_when: false
- name: "include role for {{application_id}} to receive certs & do modification routines"
include_role:
name: srv-web-7-6-composer
vars:
domain: "{{domains[application_id].synapse}}"
http_port: "{{ports.localhost.http['web-app-matrix_synapse']}}"
# Order of the following tasks is important otherwise handlers are flushed wrongly
- name: "load docker and db for {{application_id}}"
include_role:
name: cmp-db-docker
vars:
docker_compose_flush_handlers: false
- name: "Include Docker Tasks for '{{ application_id }}'"
include_tasks: 01_docker.yml
- name: create {{well_known_directory}}
file:
path: "{{well_known_directory}}"
state: directory
mode: '0755'
- name: create {{well_known_directory}}server
template:
src: "well-known.j2"
dest: "{{well_known_directory}}server"
- name: create {{domains[application_id].synapse}}.conf
template:
src: "templates/nginx.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains[application_id].synapse}}.conf"
vars:
domain: "{{domains[application_id].synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
http_port: "{{ports.localhost.http['web-app-matrix_synapse']}}"
notify: restart openresty
- name: "include role srv-proxy-6-6-domain for {{application_id}}"
include_role:
name: srv-proxy-6-6-domain
vars:
domain: "{{domains[application_id].element}}"
http_port: "{{ports.localhost.http['web-app-matrix_element']}}"
- name: include create-and-seed-database.yml for multiple bridges
include_tasks: create-and-seed-database.yml
vars:
database_password: "{{ item.database_password }}"
database_username: "{{ item.database_username }}"
database_name: "{{ item.database_name }}"
loop: "{{ bridges }}"
# The following taks are necessary because a clean setup is necessary
- name: shut down docker compose project
command:
cmd: docker-compose -p "{{ matrix_project }}" down
chdir: "{{ docker_compose.directories.instance }}"
- name: "cleanup project folder"
file:
path: "{{docker_compose.directories.instance}}mautrix/"
state: absent
- name: "create bridge folders"
file:
path: "{{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}"
state: directory
mode: "0755"
loop: "{{ bridges }}"
- name: add multiple mautrix bridge configuration
template:
src: "mautrix/{{item.bridge_name}}.config.yml.j2"
dest: "{{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/config.yaml"
loop: "{{ bridges }}"
notify: docker compose up
- name: add element configuration
template:
src: "element.config.json.j2"
dest: "{{docker_compose.directories.instance}}element-config.json"
notify: docker compose up
- name: add synapse homeserver configuration
template:
src: "synapse/homeserver.yaml.j2"
dest: "{{docker_compose.directories.instance}}homeserver.yaml"
notify: docker compose up
- name: add synapse log configuration
template:
src: "synapse/log.config.j2"
dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config"
notify: docker compose up
# https://github.com/matrix-org/synapse/issues/6303
- name: set correct folder permissions
command:
cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
notify: docker compose up
# Pull image when update is wished.
# @todo This should be moved to update-docker
- name: docker compose pull
command:
cmd: docker-compose -p "{{ matrix_project }}" pull
chdir: "{{docker_compose.directories.instance}}"
when: MODE_UPDATE | bool
- name: docker compose up
command:
cmd: "docker-compose -p {{ matrix_project }} up -d --remove-orphans"
chdir: "{{docker_compose.directories.instance}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
register: result
until: result is succeeded
retries: 12
delay: 30
- name: wait for registration files
wait_for:
path: "{{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml"
state: present
timeout: 120
loop: "{{ bridges }}"
- name: "change file permissions"
file:
path: "{{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml"
mode: "0755"
loop: "{{ bridges }}"
- name: create admin account
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications | get_app_conf(application_id, 'setup', True) | bool
- name: create chatgpt bot
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications | get_app_conf(application_id, 'setup', True) | bool
- name: "Include Webserver Tasks for '{{ application_id }}'"
include_tasks: 03_webserver.yml

52
roles/web-app-matrix/templates/docker-compose.yml.j2
View File

@@ -1,27 +1,27 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
synapse:
{% set container_port = 8008 %}
image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}"
container_name: {{ matrix_synapse_name }}
restart: {{DOCKER_RESTART_POLICY}}
image: "{{ MATRIX_SYNAPSE_IMAGE }}:{{ MATRIX_SYNAPSE_VERSION }}"
container_name: {{ MATRIX_SYNAPSE_NAME }}
restart: {{ DOCKER_RESTART_POLICY }}
logging:
driver: journald
volumes:
- synapse_data:/data
- ./homeserver.yaml:/data/homeserver.yaml:ro
- ./{{domains[application_id].synapse}}.log.config:/data/{{domains[application_id].synapse}}.log.config:ro
{% for item in bridges %}
- {{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro
- {{ MATRIX_SYNAPSE_CONFIG_PATH_HOST }}:{{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }}:ro
- {{ MATRIX_SYNAPSE_LOG_PATH_HOST }}:{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}:ro
{% for item in MATRIX_BRIDGES %}
- {{ docker_compose.directories.instance }}mautrix/{{ item.bridge_name }}/registration.yaml:{{ MATRIX_REGISTRATION_FILE_FOLDER }}{{ item.bridge_name }}.registration.yaml:ro
{% endfor %}
environment:
- SYNAPSE_SERVER_NAME={{domains[application_id].synapse}}
- SYNAPSE_SERVER_NAME={{ MATRIX_SYNAPSE_DOMAIN }}
- SYNAPSE_REPORT_STATS=no
ports:
- "127.0.0.1:{{ports.localhost.http['web-app-matrix_synapse']}}:{{ container_port }}"
{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
{% if bridges | length > 0 %}
{% for item in bridges %}
mautrix-{{item.bridge_name}}:
{% if MATRIX_BRIDGES | length > 0 %}
{% for item in MATRIX_BRIDGES %}
mautrix-{{ item.bridge_name }}:
condition: service_healthy
{% endfor %}
{% else %}
@@ -30,25 +30,25 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
element:
{% set container_port = 80 %}
image: "{{ matrix_element_image }}:{{ matrix_element_version }}"
container_name: {{ matrix_element_name }}
restart: {{DOCKER_RESTART_POLICY}}
image: "{{ MATRIX_ELEMENT_IMAGE }}:{{ MATRIX_ELEMENT_VERSION }}"
container_name: {{ MATRIX_ELEMENT_NAME }}
restart: {{ DOCKER_RESTART_POLICY }}
volumes:
- ./element-config.json:/app/config.json
- {{ MATRIX_ELEMENT_CONFIG_PATH_HOST }}:/app/config.json
ports:
- "127.0.0.1:{{ports.localhost.http['web-app-matrix_element']}}:{{ container_port }}"
- "127.0.0.1:{{ MATRIX_ELEMENT_PORT }}:{{ container_port }}"
{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
{% for item in bridges %}
mautrix-{{item.bridge_name}}:
container_name: matrix-{{item.bridge_name}}
{% for item in MATRIX_BRIDGES %}
mautrix-{{ item.bridge_name }}:
container_name: matrix-{{ item.bridge_name }}
image: dock.mau.dev/mautrix/{{ item.bridge_name }}:latest
restart: {{DOCKER_RESTART_POLICY}}
restart: {{ DOCKER_RESTART_POLICY }}
volumes:
- ./mautrix/{{item.bridge_name}}:/data
- ./mautrix/{{ item.bridge_name }}:/data
healthcheck:
test: ["CMD-SHELL", "test -f {{registration_file_folder}}registration.yaml || exit 1"]
test: ["CMD-SHELL", "test -f {{ MATRIX_REGISTRATION_FILE_FOLDER }}registration.yaml || exit 1"]
interval: 1m
timeout: 10s
retries: 3
@@ -56,7 +56,7 @@
{% endfor %}
{% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
matrix-chatgpt-bot:
restart: {{DOCKER_RESTART_POLICY}}
restart: {{ DOCKER_RESTART_POLICY }}
container_name: matrix-chatgpt
image: ghcr.io/matrixgpt/matrix-chatgpt-bot:latest
volumes:
@@ -81,10 +81,10 @@
KEYV_URL: ''
KEYV_BOT_ENCRYPTION: 'false'
KEYV_BOT_STORAGE: 'true'
MATRIX_HOMESERVER_URL: '{{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}'
MATRIX_HOMESERVER_URL: '{{ MATRIX_SYNAPSE_URL }}'
MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}'
MATRIX_BOT_PASSWORD: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True) }}'
MATRIX_DEFAULT_PREFIX: '!chatgpt'
MATRIX_DEFAULT_PREFIX_REPLY: 'false'
#MATRIX_BLACKLIST: ''
@@ -98,7 +98,7 @@
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
synapse_data:
name: {{ matrix_synapse_data }}
name: {{ MATRIX_SYNAPSE_VOLUME }}
{% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
chatgpt_data:
{% endif %}

4
roles/web-app-matrix/templates/element.config.json.j2
View File

@@ -1,8 +1,8 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": "{{ WEB_PROTOCOL }}://{{domains[application_id].synapse}}",
"server_name": "{{domains[application_id].synapse}}"
"base_url": "{{ MATRIX_SYNAPSE_URL }}",
"server_name": "{{ MATRIX_SYNAPSE_DOMAIN }}"
},
"m.identity_server": {
"base_url": "{{ WEB_PROTOCOL }}://{{ PRIMARY_DOMAIN }}"

2
roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
View File

@@ -143,7 +143,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains[application_id].synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_DOMAIN }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

2
roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
View File

@@ -134,7 +134,7 @@ bridge:
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users

2
roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
View File

@@ -141,7 +141,7 @@ bridge:
federate_rooms: true
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

2
roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
View File

@@ -118,7 +118,7 @@ bridge:
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

2
roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
View File

@@ -198,7 +198,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

2
roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
View File

@@ -236,7 +236,7 @@ bridge:
force_active_delivery_receipts: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

12
roles/web-app-matrix/templates/nginx.conf.j2
View File

@@ -1,16 +1,16 @@
server {
{# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
{# Could be that this is related to the set_fact use #}
{% set domain = domains[application_id].synapse %}
{% set http_port = ports.localhost.http['web-app-matrix_synapse'] %}
{% set federation_port = ports.public.federation['web-app-matrix_synapse'] %}
{% set domain = MATRIX_SYNAPSE_DOMAIN | mandatory("MATRIX_SYNAPSE_DOMAIN is required") %}
{% set http_port = MATRIX_SYNAPSE_PORT | mandatory("MATRIX_PORT is required") %}
{% set FEDERATION_PORT = http_port %}
server_name {{domains[application_id].synapse}};
server_name {{ domain }};
{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
# For the federation port
listen {{ federation_port }} ssl default_server;
listen [::]:{{ federation_port }} ssl default_server;
listen {{ FEDERATION_PORT }} ssl default_server;
listen [::]:{{ FEDERATION_PORT }} ssl default_server;
{% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}

24
roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
View File

@@ -18,15 +18,15 @@ database:
host: "{{database_host}}"
cp_min: 5
cp_max: 10
log_config: "/data/{{domains[application_id].synapse}}.log.config"
log_config: "{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}"
media_store_path: "/data/media_store"
registration_shared_secret: "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}"
report_stats: true
macaroon_secret_key: "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
form_secret: "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"
signing_key_path: "/data/{{domains[application_id].synapse}}.signing.key"
signing_key_path: "/data/{{ MATRIX_SYNAPSE_DOMAIN }}.signing.key"
web_client_location: "{{ WEB_PROTOCOL }}://{{domains[application_id].element}}"
public_baseurl: "{{ WEB_PROTOCOL }}://{{domains[application_id].synapse}}"
public_baseurl: "{{ MATRIX_SYNAPSE_URL }}"
trusted_key_servers:
- server_name: "matrix.org"
admin_contact: 'mailto:{{ users.administrator.email }}'
@@ -40,20 +40,20 @@ email:
#require_transport_security: true
enable_tls: "{{ system_email.tls | upper }}"
notif_from: "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
app_name: "Matrix on {{domains[application_id].synapse}}"
app_name: "Matrix on {{ MATRIX_SYNAPSE_DOMAIN }}"
enable_notifs: true
notif_for_new_users: false
client_base_url: "{{domains[application_id].synapse}}"
client_base_url: "{{ MATRIX_SYNAPSE_DOMAIN }}"
validation_token_lifetime: 15m
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
# @See https://matrix-org.github.io/synapse/latest/openid.html
oidc_providers:
- idp_id: keycloak
idp_name: "{{oidc.button_text}}"
issuer: "{{oidc.client.issuer_url}}"
client_id: "{{oidc.client.id}}"
client_secret: "{{oidc.client.secret}}"
idp_name: "{{ oidc.button_text }}"
issuer: "{{ oidc.client.issuer_url }}"
client_id: "{{ oidc.client.id }}"
client_secret: "{{ oidc.client.secret }}"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
@@ -62,9 +62,9 @@ oidc_providers:
backchannel_logout_enabled: true
{% endif %}
{% if bridges | bool %}
{% if MATRIX_BRIDGES | bool %}
app_service_config_files:
{% for item in bridges %}
- {{registration_file_folder}}{{item.bridge_name}}.registration.yaml
{% for item in MATRIX_BRIDGES %}
- {{ MATRIX_REGISTRATION_FILE_FOLDER }}{{ item.bridge_name }}.registration.yaml
{% endfor %}
{% endif %}

2
roles/web-app-matrix/templates/synapse/log.config.j2
View File

@@ -8,7 +8,7 @@ handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /data/{{domains[application_id].synapse}}.homeserver.log
filename: /data/{{ MATRIX_SYNAPSE_DOMAIN }}.homeserver.log
maxBytes: 10485760
backupCount: 3
console:

2
roles/web-app-matrix/templates/well-known.j2
View File

@@ -1,3 +1,3 @@
{
"m.server": "{{domains[application_id].synapse}}:{{ WEB_PORT }}"
"m.server": "{{ MATRIX_SYNAPSE_DOMAIN }}:{{ WEB_PORT }}"
}

49
roles/web-app-matrix/vars/main.yml
View File

@@ -1,20 +1,37 @@
---
# General
application_id: "web-app-matrix"
database_type: "postgres"
registration_file_folder: "/data/"
# Matrix
matrix_synapse_version: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version', True) }}"
matrix_synapse_image: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.image', True) }}"
matrix_synapse_name: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.name', True) }}"
matrix_synapse_data: "{{ applications | get_app_conf(application_id, 'docker.volumes.synapse', True) }}"
matrix_element_version: "{{ applications | get_app_conf(application_id, 'docker.services.element.version', True) }}"
matrix_element_image: "{{ applications | get_app_conf(application_id, 'docker.services.element.image', True) }}"
matrix_element_name: "{{ applications | get_app_conf(application_id, 'docker.services.element.name', True) }}"
matrix_project: "{{ application_id | get_entity_name }}"
application_id: "web-app-matrix"
database_type: "postgres"
# Webserver
well_known_directory: "{{nginx.directories.data.well_known}}/matrix/"
location_upload: "~ ^/_matrix/media/v3/"
client_max_body_size: "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}"
location_upload: "~ ^/_matrix/media/v3/"
client_max_body_size: "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}"
# Matrix
## General
MATRIX_WELL_KNOWN_DIRECTORY: "{{ NGINX.DIRECTORIES.DATA.WELL_KNOWN }}/matrix/"
MATRIX_WELL_KNOWN_FILE: "{{ MATRIX_WELL_KNOWN_DIRECTORY }}server"
MATRIX_PROJECT: "{{ application_id | get_entity_name }}"
MATRIX_REGISTRATION_FILE_FOLDER: "/data/"
## Synapse
MATRIX_SYNAPSE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version') }}"
MATRIX_SYNAPSE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.image') }}"
MATRIX_SYNAPSE_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.name') }}"
MATRIX_SYNAPSE_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.synapse') }}"
MATRIX_SYNAPSE_DOMAIN: "{{ domains[application_id].synapse }}"
MATRIX_SYNAPSE_PORT: "{{ ports.localhost.http['web-app-matrix_synapse'] }}"
MATRIX_SYNAPSE_CONFIG_PATH_HOST: "{{ docker_compose.directories.config }}homeserver.yaml"
MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER: "/data/homeserver.yaml"
MATRIX_SYNAPSE_LOG_PATH_HOST: "{{ docker_compose.directories.config }}{{ MATRIX_SYNAPSE_DOMAIN }}.log.config"
MATRIX_SYNAPSE_LOG_PATH_CONTAINER: "/data/{{ MATRIX_SYNAPSE_DOMAIN }}.log.config"
MATRIX_SYNAPSE_URL: "{{ WEB_PROTOCOL }}://{{ MATRIX_SYNAPSE_DOMAIN }}"
## Element
MATRIX_ELEMENT_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.element.version') }}"
MATRIX_ELEMENT_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.element.image') }}"
MATRIX_ELEMENT_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.element.name') }}"
MATRIX_ELEMENT_DOMAIN: "{{ domains[application_id].element }}"
MATRIX_ELEMENT_PORT: "{{ ports.localhost.http['web-app-matrix_element'] }}"
MATRIX_ELEMENT_CONFIG_PATH_HOST: "{{ docker_compose.directories.config }}element-config.json"