Renamed to matrix ansible

roles/web-app-matrix-ansible/.gitignore

@@ -0,0 +1 @@
+matrix-docker-ansible-deploy/

roles/web-app-matrix-ansible/Administration.md

@@ -0,0 +1,9 @@
+# Administration
+
+## DANGER: Manuell deativation and deletion
+Be carefull what you do. This code you can execute:
+```
+systemctl list-units --type=service | grep 'matrix' | awk '{print $1}' | xargs -I {} systemctl disable {} &&
+systemctl list-units --type=service | grep 'matrix' | awk '{print $1}' | xargs -I {} systemctl stop {} &&
+rm -rv /matrix/
+```

roles/web-app-matrix-ansible/README.md

@@ -0,0 +1,36 @@
+# Matrix (via Ansible Install)
+
+## Warning
+This role is experimental and may not be actively maintained. Use it with caution in production environments. For a more stable deployment, please consider using the Matrix Compose role or another alternative solution.
+
+## Description
+
+Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. This role deploys a Matrix homeserver using Ansible automation. Benefit from a federated architecture, end-to-end encryption, and versatile bridging support that connects you globally—all while safeguarding your data.
+
+## Overview
+
+This role automates the deployment and configuration of a Matrix homeserver with Ansible. It sets up the Synapse server along with essential components such as bridges and the Element web client. Designed for high performance, scalability, and secure communication, this role streamlines the installation of Matrix in your environment.
+
+For detailed configuration and operational instructions, please refer to the included documentation:
+- [Administration.md](./Administration.md)
+
+## Features
+
+- **Decentralized and Federated:** Connect with a global network of Matrix homeservers, ensuring there is no single point of failure.
+- **End-to-End Encryption:** Protect your communications with robust encryption methods.
+- **Interoperability:** Bridge communications with external platforms, enabling seamless messaging across diverse systems.
+- **Scalable Architecture:** Handle increasing user loads and message volumes with high performance.
+- **Ansible Automation:** Enjoy a fully automated, reproducible deployment using Ansible.
+
+## Further Resources
+
+- [Matrix Official Website](https://matrix.org/)
+- [Matrix Documentation](https://matrix.org/docs/)
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://www.veen.world).
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+Licensed under [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/web-app-matrix-ansible/Todo.md

@@ -0,0 +1,2 @@
+# Todos
+- If you plan to reactivate this role put it in adocker container

roles/web-app-matrix-ansible/meta/main.yml

@@ -0,0 +1,27 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: >
+    This role deploys and configures a Matrix homeserver using Ansible automation.
+    Benefit from a secure, federated, and scalable communication platform with integrated support
+    for bridges and modern web clients.
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - matrix
+    - ansible
+    - federated
+    - decentralized
+    - real-time
+    - encrypted
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+  logo:
+    class: "fa-solid fa-satellite-dish"
+dependencies: 
+- srv-proxy-7-4-core

roles/web-app-matrix-ansible/tasks/main.yml

@@ -0,0 +1,144 @@
+---
+- name: "include role srv-proxy-6-6-domain for {{application_id}}"
+  include_role: 
+    name: srv-proxy-6-6-domain
+  loop:
+    - "{{domains.matrix.element}}"
+    - "{{domains.matrix.synapse}}"
+  loop_control:
+    loop_var: domain
+
+- name: Clone the git repository
+  git:
+    repo: https://github.com/spantaleev/matrix-web-app-ansible-deploy.git
+    dest: "{{ local_repository_directory }}"
+    update: yes
+  delegate_to: localhost
+  become: false
+
+- name: create temporary inventory directory
+  tempfile:
+    state: directory
+  register: matrix_inventory_tmp_dir
+  delegate_to: localhost
+  become: false
+
+- name: protect inventory directory
+  file:
+    path: "{{ matrix_inventory_tmp_dir.path }}"
+    mode: '0700'
+  delegate_to: localhost
+  become: false
+
+# Host file
+
+- name: set the hosts files path
+  set_fact:
+    hosts_path: "{{ matrix_inventory_tmp_dir.path }}/hosts.yml"
+
+- name: create hosts.yml
+  template: 
+    src:  "hosts.yml.j2" 
+    dest: "{{hosts_path}}"
+  become: false
+  delegate_to: localhost
+
+# Vars file
+
+- name: set the vars folder path
+  set_fact:
+    vars_folder_path: "{{ matrix_inventory_tmp_dir.path }}/host_vars/{{inventory_hostname}}/"
+
+- name: create vars directory
+  file:
+    path: "{{vars_folder_path}}"
+    state: directory
+    recurse: yes
+  delegate_to: localhost
+  become: false
+
+- name: set the vars path
+  set_fact:
+    vars_file_path: "{{ vars_folder_path }}vars.yml"
+
+- name: create vars.yml
+  template: 
+    src:  "vars.yml.j2" 
+    dest: "{{vars_file_path}}"
+  become: false
+  delegate_to: localhost
+
+- name: show variable information
+  debug:
+    msg: "hosts_path: {{hosts_path}}\nmatrix_inventory_tmp_dir:{{ matrix_inventory_tmp_dir }}"
+  when: enable_debug | bool
+
+- name: install requirements
+  local_action: command just roles
+  args:
+    chdir: "{{ local_repository_directory }}"
+  become: false
+
+- name: play matrix-web-app-ansible-deploy
+  local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{applications.matrix.playbook_tags}}"
+  become: false
+
+
+  
+#- name: delete inventory directory
+#  file:
+#    path: "{{ matrix_inventory_tmp_dir.path }}"
+#    state: absent
+#  delegate_to: localhost
+#  become: false
+#
+
+
+
+
+#- name: "create {{docker_compose.directories.instance}}"
+#  file:
+#    path: "{{docker_compose.directories.instance}}"
+#    state: directory
+#    mode: 0755
+#
+#- name: "create {{docker_compose.directories.instance}}mautrix_whatsapp"
+#  file:
+#    path: "{{docker_compose.directories.instance}}mautrix_whatsapp"
+#    state: directory
+#    mode: 0755
+#
+#- name: add whatsapp-bridge-config.yml
+#  template: 
+#    src:  "whatsapp-bridge-config.yml.j2" 
+#    dest: "{{docker_compose.directories.instance}}mautrix_whatsapp/config.yml"
+#  notify: recreate matrix
+#
+#- name: add element-config.json
+#  template: 
+#    src:  "element-config.json.j2" 
+#    dest: "{{docker_compose.directories.instance}}element-config.json"
+#  notify: recreate matrix
+#
+#- name: add homeserver.yaml
+#  template: 
+#    src:  "homeserver.yaml.j2" 
+#    dest: "{{docker_compose.directories.instance}}homeserver.yaml"
+#  notify: recreate matrix
+#
+#- name: add log.config
+#  template: 
+#    src:  "log.config.j2" 
+#    dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config"
+#  notify: recreate matrix
+#
+## https://github.com/matrix-org/synapse/issues/6303
+#- name: set correct folder permissions
+#  command:
+#    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
+#
+#- name: add docker-compose.yml
+#  template: 
+#    src:  "docker-compose.yml.j2" 
+#    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+#  notify: recreate matrix

roles/web-app-matrix-ansible/templates/hosts.yml.j2

@@ -0,0 +1,8 @@
+matrix_servers:
+  hosts:
+    {{inventory_hostname}}:
+      ansible_host: "{{networks.internet.ip4}}"
+      ansible_ssh_user: administrator
+      become: true
+      become_user: root
+      ansible_become_password: "{{ansible_become_password}}"

roles/web-app-matrix-ansible/templates/vars.yml.j2

@@ -0,0 +1,71 @@
+# The bare domain name which represents your Matrix identity.
+# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
+#
+# Note: this playbook does not touch the server referenced here.
+# Installation happens on another server ("matrix.<matrix-domain>").
+#
+# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
+# because you can't change the Domain after deployment.
+#
+# Example value: example.com
+matrix_domain: "{{domains.matrix.synapse}}"
+
+# The Matrix homeserver software to install.
+# See:
+#  - `roles/custom/matrix-base/defaults/main.yml` for valid options
+# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
+matrix_homeserver_implementation: synapse
+
+# A secret used as a base, for generating various other secrets.
+# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
+matrix_homeserver_generic_secret_key: "{{applications | get_app_conf(application_id, 'credentials.generic_secret_key', True)}}"
+
+# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
+# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
+# For alternatives, see `docs/configuring-playbook-own-webserver.md`.
+matrix_playbook_reverse_proxy_type: playbook-managed-traefik
+
+# Ensure that public urls use https
+matrix_playbook_ssl_enabled: true
+
+# Disable the web-app-secure (port 443) endpoint, which also disables SSL certificate retrieval
+devture_traefik_config_entrypoint_web_secure_enabled: false
+
+# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
+devture_traefik_container_web_host_bind_port: "127.0.0.1:{{ports.localhost.http[application_id]}}"
+
+# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
+# a reverse-proxy running on the local machine is safe enough.
+devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
+
+# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
+#
+# In case SSL renewal fails at some point, you'll also get an email notification there.
+#
+# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
+# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
+#
+# Example value: someone@example.com
+devture_traefik_config_certificatesResolvers_acme_email: "{{ users.administrator.email }}"
+
+# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
+#
+# The playbook creates additional Postgres users and databases (one for each enabled service)
+# using this superuser account.
+devture_postgres_connection_password: "{{database_password}}"
+
+# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
+# If this value is an external IP address, you can skip this section.
+#
+# If `ansible_host` is not the server's external IP address, you have 2 choices:
+# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
+# 2. Uncomment and adjust the line below to specify an IP address manually
+#
+# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
+# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role
+# (see `roles/custom/matrix-coturn/defaults/main.yml`).
+#
+# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
+# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
+#
+# matrix_coturn_turn_external_ip_address: ''

roles/web-app-matrix-ansible/vars/main.yml

@@ -0,0 +1,3 @@
+---
+local_repository_directory: "{{role_path}}/matrix-web-app-ansible-deploy"
+application_id:             "web-app-matrix-ansible"  # Just added to catch integration test exceptions. This role is anyhow deprecated.